(0 Item)

Certified ISO 27005 Risk Manager

Seminar / Training - Certified ISO 27005 Risk Manager

Seminar / Training

Begin date : 2/8/2016

End date : 2/10/2016

Location : Netherlands / Utrecht

By : International Management Forum

Venue : n/d

Event Subject :

Learn the Best Practices in Information Security Risk Management with ISO 27005 and become Certified ISO 27005 Risk Manager!

Industries : IT Consulting & Services -
Keywords :
Risk Manager, ISO 27005, Management, IT, Information Technology
Event/Product information


Risk Management is critical to good business governance!

The essential international ISO 27005 standard helps organisations with advice on the why, what and how of managing information security risks in support of their governance objectives.

In this intensive 3-day Certified Risk Manager training you develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO 27005 standard as a reference framework. 

What will you learn in the Certified ISO 27005 Risk Manager training?

  • You will acquire the knowledge necessary for the implementation, management and maintenance of an ongoing Risk Management program.
  • You will understand the concepts, approaches, standards, methods and techniques, allowing an effective management of risk according to ISO 27005.
  • You will understand the relationship between the Information Security Management System (ISMS) (including Risk Management), the security controls and how to comply with the requirements of different stakeholders of your organization.
  • How to interpret the requirements of ISO 27001 on Information Security Risk Management.
  • How to acquire the competence to implement, maintain and manage an ongoing Information Security Risk Management program according to ISO 27005.
  • You will acquire the competence to effectively advise organisations / your organization on the best practices in Information Security Risk Management.

Based on practical exercises and case studies, you acquire the necessary knowledge and skills to perform an optimal Information Security Risk Assessment and manage risks in time by being familiar with their lifecycle. You will learn the different methods of risk assessment used on the market e.g.: CRAMM, EBIOS, MEHARI, OCTAVE and Microsoft Security Risk Management Guide.

Risk Management training - educational approach

The 3-day Risk Manager training is based on both theory and practice. Sessions of lectures are illustrated with examples based on real cases. There are lots of review exercises to assist with exam preparation.

Risk Management training - target group

ISO 27005 is an essential standard for those who want to manage their risks effectively and is, in particular, a must for those who want to comply with the popular Information Security Management systems standard ISO 27001. The international standard ISO 27005 is applicable to all types of organisations  (e.g. commercial enterprises, government agencies, non profit organizations) that intend to manage the risks that could compromise their organisation's information security.

Web site :



DAY I Introduction, Risk Management program, risk identification and assessment according to ISO 27005

  • Concepts and definitions related to Risk Management
  • Risk Management standards, frameworks and methodologies
  • Implementation of an Information Security Risk Management program
  • Risk analysis (identification and estimation)

DAY II Risk evaluation, treatment, acceptance, communication and surveillance according to ISO 27005

  • Risk assessment
  • Risk treatment
  • Acceptance of Information Security Risks and Management of residual risks
  • Information Security Risk communication
  • Information Security Risk monitoring and review

DAY III Introduction to methods of risk assessment

  • Introduction to CRAMM (CCTA Risk Analysis and Management Method)
  • Introduction to EBIOS (Expression des Besoins et Identification des Objectifs de Security©)
  • Introduction to MEHARI (MEthode Harmonise d'Analyse de RIsques)
  • Introduction to OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)
  • Introduction to Microsoft Security Risk Management
  • ISO 27005 Certified Risk Manager exam
About the organizer

Organizer : International Management Forum

similar conferences and training available

View all >
SSAE 16 (formally known as SAS70), SOC1 to SOC 3 Reporting Demystified

In this 90-minute training you will learn more about SSAE 16 (formally known as SAS 70), SOC 1, SOC 2 and SOC 3 reporting, how to choose the right report for your organization and how to get ready for the attestation.

By : Compliance Online
Product Type : On Demand Webinar