ISO/IEC 27005 Introduction

Learning the best practices in risk management based on ISO/IEC 27005

Duration: 1 day
Prerequisites: None

Who Should Attend:

  • IT professionals wishing to obtain a comprehensive understanding of risk management within an organization
  • Staff implementing or seeking to comply with ISO 27001 or involved in a risk management program
  • Member of the information security team
  • To understand the basics of the implementation, management and maintenance of an ongoing risk management program
  • To introduce the concepts, approaches, standards, methods and techniques allowing an effective management of risk
  • To interpret the requirements of ISO 27001 on information security risk management
  • To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization


This one day course allows the participants to familiarize themselves with the fundamentals of risk management related to information security using the standard ISO/IEC 27005:2011 as a reference framework. Participants will see different parts of a risk management program and the implementation stages of an optimal risk assessment. It should be noted that this course fits perfectly into the framework of a process of implementation of ISO 27001.

General Information

  • A student manual containing over 100 pages of information and practical examples are given to the participants
  • A participation certificate of 7 CPD (Continuing Professional Development) credits is awarded to the participants
  • Concepts and definitions related to risk management
  • Standards, frameworks and methodologies in risk management
  • Implement a risk management program
  • Risk identification and risk analysis
  • Risk evaluation and risk treatment
  • Acceptance of risk and management of residual risks
  • Communicating, monitoring and controlling risk

Not applicable