ISO27005 Certified ISMS Risk Management

Provided by

Enquire about this course

About the course

The ISO 27005 Certified ISMS Risk Management course outline

Building on the implementation guidance delivered by the ISO27001 Lead Implementer course, this course features real-life case studies to ensure attendees gain an in-depth understanding and a practical knowledge of the key activities of the ISO 27005 risk management process.

The benefits of the ISO 27005 Certified ISMS Risk Management course
Develop your understanding of ISO 27005

Get to grips with the key activities of the ISO 27005 risk assessment process.

Find out how a risk assessment works

Learn how a risk assessment works in action using a combination of formal training, practical exercises and relevant case studies.

Gain experience with hands-on study

Gain practical experience in carrying out an effective risk assessment process as defined by ISO/IEC 27005:2011 through discussion, case studies and role play.

Who should attend this course?
This course is aimed at those who have attended the ISO27001 Certified ISMS Lead Implementer course and want to develop their practical risk management skills.

Job titles:

  • Risk Analyst 
  • Risk Assessor 
  • Risk Manager 
  • IT/ Information Security Manager 
  • IT/ Information Security Analyst

Why choose IT Governance for your training needs?
IT Governance is internationally recognised as the authority on ISO 27001. Our team led the world’s first ISO 27001 certification project, and since then we have trained more than 7,000 professionals on information security management system (ISMS) implementations and audits.

What does the ISO 27005 Certified ISMS Risk Management course cover?

  • The importance of information security risk management in ISO 27001 and its role within an organisation. 
  • A full overview of the ISO 27005 information risk management standard and an understanding of key risk management terminology. 
  • How ISO 27005 is related to the ISO 31000:2009 risk management standard. 
  • The key information security risk assessment processes, including context establishment, risk assessment, risk treatment and monitoring/review. 
  • How to assess, analyse and treat identified information security risks in accordance with the guidance of ISO 27005.  
  • How to communicate, monitor and review risk management activities.  
  • How to use risk management to achieve certification and maintain compliance with the ISO 27001 information security management standard. 
  • How vsRisk™ information security risk assessment software can help you save time and money. 
  • How to advise third-party organisations on information security risk managment

Course agenda:

  • Risk Management in ISO 27001 
  • Establishing the context 
  • Scope, boundaries, roles and responsibilities 
  • Information Security Risk Assessment

What’s included in this course?

  • A professional training venue with lunch and refreshments; 
  • Full course materials (digital copy provided as a PDF file); 
  • The ISO 27005 Certified ISMS Risk Management exam; and 
  • A certificate of attendance.

What equipment should I bring?
The exam is an online exam. You will need to bring a ‘pop-up enabled’ laptop/tablet to the venue. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.

Course duration and times
Day 1: 9:30 am – 5:00 pm
Day 2: 9:15 am – 5:00 pm
Day 3: 9:15 am – 3:00 pm

CPD/CPE points
This course is equivalent to 21 CPD/CPE points.

How much does the ISO27005 Certified ISMS Risk Management course cost?
The course costs £1,795 ex VAT.

ISO 27005 Certified ISMS Risk Management exam
Attendees take the ISO27005 Certified ISMS Risk Management (CIS RM), ISO 17024-certificated, exam set by IBITGQ at the end of the course. This is a 90-minute multiple-choice online exam, consisting of 40 questions. Candidates need to achieve a minimum of 65% to pass. There is no extra charge for taking the exam.

What qualifications will I receive?
ISO27005 Certified ISMS Risk Management (CIS RM).

How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued.

Can exams be retaken?
Yes, if you are unsuccessful on the first attempt you can retake the exam for an additional fee. You can email us to schedule the retest for the exam.

Are there any prerequisites for this course?
There are no formal entry requirements but it is assumed that you have taken the ISO27001 Certified ISMS Foundation or ISO27001 Certified ISMS Lead Implementer training course or you have a good working knowledge of ISO 27001 gained through practical experience.

Is there any recommended reading?
We strongly recommend you purchase and read the standard prior to attending the course:

ISO IEC 27001 2013 and ISO IEC 27002 2013

We also recommend that you purchase and read the following textbooks:

  • Information Security Risk Management for ISO27001/ISO27002
  • ISO27001/ISO27002 – A Pocket Guide
  • An Introduction to Information Security and ISO27001:2013 – A Pocket Guide

Do I need to bring proof of identity?
Delegates must bring a form of photographic ID with them as the invigilator my request to check it prior to the exam.



There are currently no new dates advertised for this course

Related article

If you're looking for a career in cloud security, you should be considering one of these four vendor-agnostic certifications.