ISO/IEC 27005 Information Security Risk Management Lead Risk Manager (PECB Certified) - Including Exam

This training course is intended for:

- Managers or consultants involved in or responsible for information security in an organization
- Individuals responsible for managing information security risks, such as ISMS professionals and risk owners
- Members of information security teams, IT professionals, and privacy officers
- Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organization
- Project managers, consultants, or expert advisers seeking to master the management of information security risks

By successfully completing this training course, you will be able to:

• Explain the risk management concepts and principles based on ISO/IEC 27005 and ISO 31000
• Establish, maintain, and continually improve an information security risk management framework based on the guidelines of ISO/IEC 27005 and best practices
• Apply information security risk management processes based on the guidelines of ISO/IEC 27005
• Plan and establish risk communication and consultation activities
• Record, report, monitor, and review the information security risk management process and framework

Day 1: Introduction to ISO/IEC 27005 and information security risk management

Day 2: Risk identification, analysis, evaluation, and treatment based on ISO/IEC 27005

Day 3: Information security risk communication and consultation, recording and reporting, and monitoring and review

Day 4: Risk assessment methods

• The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27005 and comprehensive knowledge of risk management and information security.

• ISO27005F - ISO/IEC 27005 Information Security Risk Management Foundation (PECB Certified) - Including Exam

The “PECB Certified ISO/IEC 27005 Lead Risk Manager” exam meets all the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

• Domain 1: Fundamental principles and concepts of information security risk management
• Domain 2: Implementation of an information security risk management program
• Domain 3: Information security risk assessment
• Domain 4: Information security risk treatment
• Domain 5: Information security risk communication, monitoring, and improvement
• Domain 6: Information security risk assessment methodologies

Upon successful completion of the exam, you can apply for the PECB Certified ISO/IEC 27005 Lead Manager credential, depending on your level of experience. The certificate is issued once all relevant educational and professional requirements are fulfilled.

PECB Certified ISO/IEC 27005 Provisional Risk Manager

• Exam: PECB Certified ISO/IEC 27005 Lead Risk Manager exam or equivalent
• Professional experience: None
• Risk Management experience: None
• Other requirements: Signing the PECB Code of Ethics

PECB Certified ISO/IEC 27005 Lead Risk Manager

• Exam: PECB Certified ISO/IEC 27005 Lead Risk Manager exam or equivalent
• Professional experience: Five years, including two years of work experience in Information Security Risk Management
• Risk Management experience: Information Security Risk Management activities totaling 300 hours
• Other requirements: Signing the PECB Code of Ethics

PECB Certified ISO/IEC 27005 Senior Lead Risk Manager

• Exam: PECB Certified ISO/IEC 27005 Lead Risk Manager exam or equivalent
• Professional experience: Ten years, including seven years of work experience in Information Security Risk Management
• Risk Management experience: Information Security Risk Management activities totaling 1,000 hours
• Other requirements: Signing the PECB Code of Ethics

To be considered valid, the information security risk management activities should follow best implementation and management practices and include the following:

• Defining a risk management approach
• Determining the risk management objectives and scope
• Performing risk assessment
• Developing a risk management program
• Defining risk evaluation and risk acceptance criteria
• Evaluating risk treatment options
• Monitoring and reviewing the risk management program

Educational approach

- The training course provides best practices of risk management that will help participants prepare for real-life situations.
- The training course contains essay-type exercises (some of which are based on a case study) and multiple-choice quizzes (some of which are scenario-based).
- Participants are encouraged to communicate and discuss with each other when completing stand-alone and scenario-based quizzes and exercises.
- The structure of the quizzes is similar to the certification exam.

General Information

- Certification fees and examination fees are included in the price of the training course.
- Participants will be provided with training course materials containing over 450 pages of information, practical examples, quizzes, and exercises.
- An attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
- Candidates who have completed the training course but failed the exam are eligible to retake it once for free within a 12-month period from the initial date of the exam.