Certified ISO 27005 ISMS Risk Management Training Course

Provided by

Enquire about this course

SKU: 4209

  • Learn how to conduct an information security risk assessment from start to finish with this specialist led training course.
  • Learn practical risk management methodologies, including ISO 27005 and other risk management techniques.
  • Learn from anywhere – choose whether you attend our courses Live Online or in person. Find out more.
  • Our Classroom / Live Online option allows you to study your way, keeping travel and costs down to a minimum.
  • IBITGQ accredited three-day training course.
  • Successful completion of the course and included exam leads to the ISO 27005 Certified ISMS Risk Management (CIS RM) qualification and 21 CPD/CPE points.

  • Training course outline

    This advanced-level training course develops your competence in the key areas of information risk management; covering risk assessment, analysis, treatment and review.

    It will teach you:

  • All about the ISO 27005 information risk management standard;
  • The key information security risk assessment processes;
  • The skills and knowledge required to implement an information risk management programme based on ISO 27005:2018; and
  • How to communicate, monitor and review risk management activities. 

  • COVID-19: remote delivery options

    We would like to reassure our clients that all training courses will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow you to learn from anywhere. Our Classroom / Live Online delivery option enables you to attend either in person or online. Please also refer to our COVID-19 policy.

    Certified ISO 27005 ISMS Risk Management training course benefits

    Gain experience with hands-on study

    Gain practical experience in carrying out an effective risk assessment process as defined by ISO/IEC 27005:2011 through discussion, case studies and role play.

    Find out how a risk assessment works

    Learn how a risk assessment works in action using a combination of formal training, practical exercises and relevant case studies.

    Learn from anywhere

    Choose whether you attend Live Online or in person at one of our training venues throughout the UK.

    Understand key Standards

    Get to grips with the key ISO 27005 and BS 7799-3 risk assessment processes.

    See what our previous learners think about this course


    of delegates passed first time


    were happy with the pace of the course


    thought adequate course materials were provided


    agreed the course content was relevant.

    “Fantastic training to compile all my old risk management know-how, in a very good structured way but also according to the ISO regulations. I am going to recommend it to my colleagues and friends.”

    - Kirsty

    “Great work with all of us, engaging everyone, I would highly recommend Damian. I would also like to add that the training material was really helpful, the exercises, friendly and easy to navigate through. As mentioned, Damian did a great job especially at engaging everyone.”

    - Anonymous

    “Training and keeping engagement on topics like risk is never easy, but the course trainer gave good examples and experiences which helped to explain the course material. Plenty of opportunities were given for people to ask for help, and that was also outside of the webex if they did not feel comfortable in asking in front of the group which was good. I would be very happy to attend another course delivered by the trainer, as he was very informative and engaging. ”

    - Anonymous

    “Wonderful trainer, great location and great food - would come back and recommend to colleagues!”

    - Emma McMechan, Deputy SIRO/Security Advisor, Land Registry

    “Damian was excellent presenter, very engaging and involving all delegates and providing apt examples and discussion points.”

    - Kamala Bandepalli, GRC consultant

    Who should attend this course?

    This course is aimed at those who have attended the CISMP ,  or Certified ISO 27001 ISMS Lead Implementer  courses and want to develop their practical risk management skills. For example:

  • Risk Analysts
  • Risk Assessors
  • Risk Managers
  • IT/ Information Security Managers
  • IT/ Information Security Analysts

  • Your Learning Path

    Find out how the Certified ISO 27005 ISMS Risk Management Training Course will help you start or enhance your knowledge and career.

    This course is an essential component of the following learning paths:

  • ISO 27001 roles
  • Information Security roles
  • Cyber Security roles

  • ×

    Why choose IT Governance for your training needs?

  • We’re internationally recognised as the authority on ISO 27001 – our team led the world’s first ISO 27001 certification project.
  • We have trained more than 8,000 professionals on ISMS (information security management system) implementations and audits.
  • Trained by industry experts – our trainers are working consultants with years of practical, hands-on experience.
  • Pass first time or train again for free – we have trained more than 17,000 people and we’re confident you’ll pass with us first time. If you don’t, we’ll train you again for free.*
  • Learn from anywhere – as a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow you to learn from anywhere. Our Classroom / Live Online delivery option enables you to attend either in person or online.
  • Access your training anywhere – all our course materials are provided as a digital copy, allowing you to access them anywhere and at any time. Documents will be made available 20 days before your course.
  • Business solutions to suit you – whether you’re a multinational wanting us to manage all your training needs or a small business wishing to boost your workforce skills, we offer a range of training solutions

  • * Terms and conditions apply.

    Course details

    What does this course cover?

  • The importance of information security risk management in ISO 27001 and its role within an organisation.
  • A full overview of the ISO 27005 information risk management standard and an understanding of key risk management terminology.
  • How ISO 27005 is related to the ISO 31000:2009 risk management standard.
  • The key information security risk assessment processes, including context establishment, risk assessment, risk treatment and monitoring/review.
  • How to assess, analyse and treat identified information security risks in accordance with ISO 27005 guidance.
  • How to communicate, monitor and review risk management activities. 
  • How to use risk management to achieve certification and maintain compliance with the ISO 27001 information security management standard.
  • How vsRisk™ information security risk assessment software can help you save time and money.
  • How to advise third-party organisations on information security risk management.

  • What’s included in this course?

  • A professional training venue with lunch and refreshments;
  • Full course materials (digital copy provided as a PDF file);
  • The ISO 27005 Certified ISMS Risk Management exam; and
  • A certificate of attendance.

  • What equipment do I need?

    You will need a laptop for the duration of your course and exam. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.

    Course duration and times

    Day 1: 9:30am – 5:00pm
    Day 2: 9:15am – 5:00pm
    Day 3: 9:15am – 5:00pm

    Course locations

  • Learn from anywhere with our instructor-led Live Online courses, or Classroom / Live Online delivery options. Learn more.
  • Alternatively you can study in a classroom at one of our venues in London or Ely (Cambridgeshire).

  • Are there any prerequisites for this course?

    There are no formal entry requirements but it is assumed that you have taken the Certified ISO 27001 ISMS Lead Implementer  or CISMP training course or you have a good working knowledge of ISO 27001 gained through practical experience.

    Is there any recommended reading?

    We strongly recommend you purchase and read the standard prior to attending the course:

  • ISO/IEC 27001:2013 and ISO/IEC 27002:2013

  • We also recommend that you purchase and read the following textbooks:

  • Information Security Risk Management for ISO 27001/ISO 27002
  • ISO 27001/ISO 27002 – A Pocket Guide
  • An Introduction to Information Security and ISO 27001:2013 – A Pocket Guide

  • Exams and qualifications

    ISO 27005 Certified ISMS Risk Management exam

    Attendees take the ISO 17024-certificated, ISO 27005 Certified ISMS Risk Management (CIS RM) exam set by IBITGQ ( International Board for IT Governance Qualifications ). There is no extra charge for this exam.

  • Delivery method: Online
  • Duration: 90 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 65%

  • This course is equivalent to:


    CPD points

    What qualifications will I receive?

    ISO 27005 Certified ISMS Risk Management (CIS RM).


    This course is accredited by IBITGQ (International Board for IT Governance Qualifications).

    IBITGQ (International Board for IT Governance Qualifications) is a personnel certification body that certifies individuals in the field of IT governance.

    IBITGQ is accredited to the ISO/IEC 17024:2012 standard ( Conformity assessment – General requirements for bodies operating certification of persons ) by IAS (International Accreditation Service). ISO 17024 is a global, industry-recognised benchmark, and qualifications accredited to this standard are recognised and highly valued by employers throughout the world.

    You can demonstrate your professional and practical knowledge and expertise by registering your qualification on the IBITGQ/ GASQ successful candidate register .

    How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued

  • Do I need proof of identity to take the exam?

    Delegates must bring a form of photographic ID with them as the invigilator my request to check it prior to the exam.

    Can exams be retaken?

    Yes, if you are unsuccessful on the first attempt, you can retake the exam for an additional fee. You can email us to schedule the retest.

    Ways to learn

    Learn from anywhere with our range of instructor-led courses

    Wherever you are in the world, you can now attend an IT Governance online course, and get the full be


    Start date Location / delivery
    19 Oct 2022 United Kingdom Book now

    Related article

    Misinformation is dangerous. It not only leads to wrong decision-making, it can cost you money. (ISC)² certifications are highly regarded