25,000+ Courses Nationwide
0345 4506120

Certified ISO 27005 ISMS Risk Management

Learn how to conduct an information security risk assessment from start to finish in just three days through practical risk management methodologies, including ISO 27005 and other risk management techniques.

This three-day, advanced-level training course develops your competence in the key areas of information risk management; covering risk assessment, analysis, treatment and review.

It provides the skills and knowledge required to implement an information risk management programme based on ISO 27005:2018 and other risk management techniques. The course content is based on recognised good practice and real-world examples of the use of information risk management processes to reduce risk to information assets.

Who should attend this course?

This course is aimed at those who have attended either the CISMP or ISO27001 Certified ISMS Lead Implementer course and want to develop their practical risk management skills.

Job titles:

  • Risk Analyst
  • Risk Assessor
  • Risk Manager
  • IT/ Information Security Manager
  • IT/ Information Security Analyst


What’s included in this course?

  • A professional training venue with lunch and refreshments
  • Full course materials (digital copy provided as a PDF file)
  • The Certified Information Security Risk Management exam
  • A certificate of attendance

Course duration and times

Day 1: 09.00 – 17.00

Day 2: 09.00 – 17.00

Day 3: 09.00 – 17.00

Select specific date to see price, venue and full details.

Learning Objectives

The benefits of the Information Security Risk Management course:

Develop your understanding of information security risk assessments

Get to grips with the key activities of the risk assessment process

Gain experience with hands-on study

Gain practical experience in carrying out an effective risk assessment process through discussion, case studies and role play

Find out how a risk assessment works

Learn how a risk assessment works in action using a combination of formal training, practical exercises and relevant case studies


What equipment should I bring?

The exam is an online exam. You will need to bring a ‘pop-up enabled’ laptop/tablet to the venue. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.

There are no formal entry requirements but it is assumed that you have taken the Certificate in Information Security Management Principles (CISMP) or one of our ISO 27001 training courses or you have a good working knowledge of information security gained through practical experience.

Course Content

What does the Information Security Risk Management course cover?

  • The scope and boundaries of the risk assessment considering the context of the organisation
  • Prioritise the most suitable methods of risk management from several options
  • Defining a Risk Governance structure
  • Establish the impact and likelihood scales relevant to their organisation
  • Demonstrate Risk Identification using several methods and sources
  • Analyse and evaluate risks using the criteria established
  • Explain suitable risk decisions based on the risk acceptance criteria
  • Identify suitable information security controls and calculate the residual risk after treatment
  • Explaining the risk methodology and risk position to stakeholders
  • Demonstrating the methods of monitoring different types of control and the importance of monitoring individual risks

Exams & Certification

Certified Information Security Risk Management exam

Attendees take the Certified Information Security Risk Management (C RM), ISO 17024-certificated at the end of the course. This is a 90-minute multiple-choice online exam, consisting of 40 questions. Candidates need to achieve a minimum of 65% to pass. There is no extra charge for taking the exam.

What qualifications will I receive?

Certified Information Security Risk Management (C RM)

How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued.

Can exams be retaken?

Yes, if you are unsuccessful on the first attempt you can retake the exam for an additional fee. You can email us to schedule the retest for the exam.

Do I need to bring proof of identity?

Delegates must bring a form of photographic ID with them as the invigilator my request to check it prior to the exam.

CPD/CPE points

This course is equivalent to 21 CPD/CPE points.


Is there any recommended reading?

We recommend that you purchase and read the following textbook:

Information Security Risk Management for ISO27001/ISO27002

Related Courses

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the requested service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


We work with the best