0345 4506120

ISO 27005 Certified ISMS Risk Management

ISO/IEC 27005:2011 is the international standard that provides guidelines for effective information security risk management. ISO27005 supports the risk management approach as specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Effective risk management is widely accepted as being the key to achieving certification and maintaining compliance with ISO 27001.

ISO27005 defines an information security risk management process that consists of context establishment, risk assessment, risk treatment, risk acceptance and risk review. This process is aligned and closely related to the guidelines defined in the ISO31000:2009 Risk Management Standard.

The three day ISO 27005 Certified ISMS Risk Management classroom course is designed to provide delegates with the knowledge and skills required to fully implement an effective ISO27001-compliant risk management programme.


Learning Objectives

  • The role and importance of Risk Management in an organisation.
  • Why Risk Management is the core competence of information security management.
  • How to use risk management to achieve certification and maintain compliance with the ISO27001 Information Security Management Standard.
  • Full details of the ISO/IEC 27005:2011 Information Risk Management Standard and an understanding of key risk management terminology.
  • ‘Hands-on’ experience in carrying out an effective Risk Management programme as defined by ISO/IEC 27005:2011.
  • Understand the key information security risk management processes which include Context Establishment, Risk Assessment, Risk Treatment and Monitoring/Review.
  • The competence to advise 3rd Party organisations on information security risk management.


While there are no formal entry requirements, we assume that all delegates have knowledge of the specification and best practice as defined in ISO27002 and ISO27005 standards. This could be acquired by purchasing and reading these standards or by attending our ISO27001 Certified ISMS Foundation and/or Lead Implementer training course.

Course Content

  1. Introduction to risk management
  2. Risk assessment methodologies
  3. The ISO27005 information security risk management framework and process model
  4. Classification and identification of information assets
  5. Definition of threats to information assets
  6. Identification of the vulnerabilities these threats might exploit
  7. Risk analysis: risk scoring using scales and simple calculations
  8. An introduction to risk analysis tools
  9. Risk evaluation and acceptance strategies
  10. Risk treatment and the selection of mitigating control measures
  11. Review and continual improvement of risk assessment and management
  12. Risk communications and consultation
  13. Integrating the ISO 27005 information security risk management framework into an ISO27001 ISMS

Exams & Certification

ISO27005 Certified ISMS Risk Manager Management (CIS RM) examination

Delegates sit the ISO27005 Certified ISMS Risk Management (CIS RM) examination at the end of the course – a 90-minute, multiple-choice, ISO 17024-certificated exam set by IBITGQ.

There is no extra charge for taking the exam at the end of the course.


Exam results and certificates

  • Where exams are taken online (either remotely or by computer in the classroom), provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within 10 working days from the date of the exam.
  • Where exams are done in paper form, we aim to make confirmed exam results available within 10 working days from the date of the exam.
  • For both online and paper exams, certificates for those who have achieved a passing grade will be issued within 10 working days from the date of the exam.
  • Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued.

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


Our Customers Include