Deliver Effective Risk Management to Ensure Your Compliance with ISO27001
ISO/IEC 27005:2011 is the international standard that provides guidelines for effective information security risk management. ISO27005 supports the risk management approach as specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Effective risk management is widely accepted as being the key to achieving certification and maintaining compliance with ISO 27001.
ISO27005 defines an information security risk management process that consists of context establishment, risk assessment, risk treatment, risk acceptance and risk review. This process is aligned and closely related to the guidelines defined in the ISO31000:2009 Risk Management Standard.
The three day ISO 27005 Certified ISMS Risk Management classroom course is designed to provide delegates with the knowledge and skills required to fully implement an effective ISO27001-compliant risk management programme.
Book on the ISO 27005 Certified ISMS Risk Management course today.
Our Training Approach
This course is built on the foundations of our extensive practical experience gained as a consultant advising on the implementation of ISO27001 information security management systems. Delivered by a qualified ISMS Risk Consultant, it features the use of real-life case studies to ensure delegates gain both an in-depth understanding and a practical knowledge of the key activities of the ISO 27005 risk management process. This will include the use of our unique vsRisk Information Security Risk Assessment software.
Who should attend this course?
ISO27005 Certified ISMS Risk Management is designed for:
- Information security managers responsible for ISO27001 implementation and maintenance
- ISO27001 Lead Implementers who wish to develop an effective and practical risk management process
- Risk managers who need to understand information security risk management processes
- ISO27001 consultants who wish to advise clients on implementing information security risk management
What will you learn on the ISO27005 Certified ISMS Risk Management training course?
- The role and importance of Risk Management in an organisation.
- Why Risk Management is the core competence of information security management.
- How to use risk management to achieve certification and maintain compliance with the ISO27001 Information Security Management Standard.
- Full details of the ISO/IEC 27005:2011 Information Risk Management Standard and an understanding of key risk management terminology.
- ‘Hands-on’ experience in carrying out an effective Risk Management programme as defined by ISO/IEC 27005:2011.
- Understand the key information security risk management processes which include Context Establishment, Risk Assessment, Risk Treatment and Monitoring/Review.
- The competence to advise 3rd Party organisations on information security risk management.
The content of this course will include the following topics:
- Introduction to risk management
- Risk assessment methodologies
- The ISO27005 information security risk management framework and process model
- Classification and identification of information assets
- Definition of threats to information assets
- Identification of the vulnerabilities these threats might exploit
- Risk analysis: risk scoring using scales and simple calculations
- An introduction to risk analysis tools
- Risk evaluation and acceptance strategies
- Risk treatment and the selection of mitigating control measures
- Review and continual improvement of risk assessment and management
- Risk communications and consultation
- Integrating the ISO 27005 information security risk management framework into an ISO27001 ISMS
The IBITGQ Certificated ISO27001 Training Programme
The ISO27005 Certified ISMS Risk Management training course is the newest addition to the well-respected IT Governance ISO27001 certificated education programme which includes the ISO27001 Certified ISMS Lead Implementer, Internal Auditor and Lead Auditor courses.
This IBITGQ Advanced Level course has been specifically designed for delegates who have previously attended the ISO27001 Certified ISMS Lead Implementer training course. While the Lead Implementer course introduces risk management, the ISO27005 Certified ISMS Risk Management develops the in-depth practical skills required to fully implement an ISO27001 information security management system (ISMS).
ISO27005 Certified ISMS Risk Management (CIS RM)
This course prepares delegates for an examination which is taken on the last day of a three day training programme. Successful candidates will be awarded the ISO27005 Certified ISMS Risk Management (CIS RM) qualification issued by the International Board for IT Governance Qualifications (IBITGQ).
The exam fee of £200 + VAT is included in the package price and the training course is structured and delivered in such a way as to maximise the delegate’s chance of passing the exam.
Are there entry requirements?
While there are no formal entry requirements, we assume that all delegates have knowledge of the specification and best practice as defined in ISO27002
standards. This could be acquired by purchasing and reading these standards or by attending our ISO27001 Certified ISMS Foundation and/or Lead Implementer training course.
This ISO 27005 Certified ISMS Risk Management course includes:
- Lunch and refreshments
- Full course materials (digital copy provided as PDF file)
- The CIS RM examination
- Certificate of attendance
This course is non-residential, but we can help you to find a hotel close to the training venue. To take advantage of this offer, drop us an email after you book your course.
How to book?
Build your ISMS Risk Management expertise and gain an industry-recognised qualification!
View available training dates and book online using the form at the top of this page.
To discuss your learning needs with our training experts.
Call us on +44 (0)845 070 1750.
Or download our booking form, complete it and fax to us on +44 (0) 1353 662667.
We accept purchase orders from local authorities, government departments, and other public sector organisations and will consider account facilities for large corporate customers. See our payment options page for details.
This course is can also be delivered in-house.
You may be interested in …
All bookings are subject to our terms and conditions.