United Kingdom

Select your regional store:

Shopping Cart (0)


ISO 27005 Certified ISMS Risk Management

ISO 27005 Certified ISMS Risk Management Training Course

Learn from the experts how to use practical risk management methodologies to assess and mitigate cyber security risks. Ensure your organisation achieves and maintains ISO 27001 best practice and compliance.


Three days/London


Classroom sessions from 09:00 to 17:00.


Build your career in senior management by achieving the ISO27005 Certified ISMS Risk Management (CIS RM) qualification awarded by IBITGQ. Exam included in course.

Read more

Location(s) Price Book
London (See venue details)
Price: £1,495.00 (GBP)

Deliver Effective Risk Management to Ensure Your Compliance with ISO 27001

The ISO/IEC 27005:2011 standard provides guidance and support for the risk management approach specified by ISO 27001. Effective risk management is the key to achieving ISO 27001 certification, and maintaining and improving an information security management system (ISMS).

The three-day ISO27005 Certified ISMS Risk Management classroom course is designed to provide delegates with the knowledge and skills required to fully implement an effective ISO27001-compliant risk management programme.

Delivered by a qualified ISMS risk consultant, this training session is built on the foundations of our extensive practical experience gained advising on the implementation of ISO 27001. It features real-life case studies to ensure delegates gain an in-depth understanding and a practical knowledge of the key activities of the ISO 27005 risk management process. It also includes a demonstration of our unique vsRisk Information Security Risk Assessment software.

Who should attend this course?

“Introduced to the basics of risk management on the previous ISO27001 Lead Implementer course, I needed to further build skills in the ‘nitty-gritty’ of ISMS risk analysis and treatment processes. The CIS RM qualification has also opened a few doors in my company and I am now working toward achieving my ISACA CRISC certification in the future.”

Gavin Tyler, Information Security Director, Winberg Holdings

What will you learn?

  • The role and importance of risk management in an organisation.
  • Why risk management is the core competence of information security management.
  • Full details of the ISO 27005 information risk management standard and an understanding of key risk management terminology.
  • Understand how ISO 27005 is related to the ISO 31000:2009 risk management standard.
  • How to use risk management to achieve certification and maintain compliance with the ISO 27001 information security management standard.
  • ‘Hands-on’ practical experience in carrying out an effective risk management programme as defined by ISO/IEC 27005:2011.
  • Understand the key information security risk management processes, including context establishment, risk assessment, risk treatment and monitoring/review.
  • The competence to advise third-party organisations on information security risk management.

See course contents >>

  1. Introduction to risk management
  2. Risk assessment methodologies
  3. The ISO 27005 information security risk management framework and process model
  4. Classification and identification of information assets
  5. Definition of threats to information assets
  6. Identification of the vulnerabilities these threats might exploit
  7. Risk analysis: risk scoring using scales and simple calculations
  8. An introduction to risk analysis tools
  9. Risk evaluation and acceptance strategies
  10. Risk treatment and the selection of mitigating control measures
  11. Review and continual improvement of risk assessment and management
  12. Risk communications and consultation
  13. Integrating the ISO 27005 information security risk management framework into an ISO 27001 ISMS

ISO27005 Certified ISMS Risk Manager (CIS RM) examination

This course is part of our unique ISO 27001 Learning Pathway.

Delegates sit the ISO27005 Certified ISMS Risk Manager (CIS RM) examination at the end of the course – a 90-minute multiple-choice exam accredited by IBITGQ. There is no extra charge for taking the exam at the end of the course.


Who should attend this course?

  • Information security managers responsible for ISO 27001 implementation and maintenance.
  • Delegates who have attended the ISO27001 Certified ISMS Lead Implementer course and want to further develop their practical risk management skills.
  • Risk managers who need to understand information security risk management processes.
  • ISO 27001 consultants who want to advise clients on implementing information security risk management.

Are there entry requirements?

While there are no formal entry requirements, we assume that all delegates have knowledge of the best practice as defined in ISO 27002 and ISO 27005 standards. This could be acquired by purchasing and reading these standards, or by attending our ISO27001 Certified ISMS Foundation and/or Lead Implementer training courses.

How to book?

Book Online

View available training dates and book online using the form at the top of this page.


Call us

To discuss your learning needs with our training experts.
call us on +44 (0)845 070 1750.

All bookings are subject to our terms and conditions.


You may be interested in:

Customer Reviews
# of Ratings: 2
1. on 02/11/2015, said:
Fantastic training to compile all my old Risk Management know-how, in a very good structured way but also according to the ISO regulations. I am going to advise it to my colleagues and friends
Was this comment helpful? yes no
(0 people found this comment helpful, 0 did not)
2. on 30/10/2015, said:
This was an excellent course with an excellent trainer.
Was this comment helpful? yes no
(0 people found this comment helpful, 0 did not)
Showing comments 1-2 of 2