Get in Touch

Course Outline

**Learning Objectives** Upon successful completion of this training program, participants will be able to: * Articulate the risk management concepts and principles defined by ISO/IEC 27005:2022 and ISO 31000. * Develop, maintain, and enhance an information security risk management framework in accordance with ISO/IEC 27005:2022 guidelines. * Implement information security risk management processes aligned with ISO/IEC 27005:2022 standards. * Design and execute strategic risk communication and consultation activities. **Day 1: Introduction to ISO/IEC 27005:2022 and Risk Management** * Program objectives and structural overview * Relevant standards and regulatory frameworks * Core concepts and principles of information security risk management * Establishment of an information security risk management program * Defining the organizational context **Day 2: Risk Assessment, Treatment, and Communication Based on ISO/IEC 27005:2022** * Risk identification methodologies * Risk analysis techniques * Risk evaluation procedures * Risk treatment planning * Information security risk communication and consultation protocols **Day 3: Risk Documentation, Monitoring, Review, and Assessment Methods** * Information security risk documentation and reporting standards * Risk monitoring and review processes * Application of OCTAVE and MEHARI methodologies * Utilization of the EBIOS method and NIST framework * Implementation of CRAMM and TRA methods * Course conclusion and summary **PECB ISO/IEC 27005 Risk Manager Certification Requirements for Government Professionals** To qualify for the PECB ISO/IEC 27005 Risk Manager designation, candidates must successfully pass the PECB Certified ISO/IEC 27005 Risk Manager exam (or an approved equivalent) and adhere to the PECB Code of Ethics. Eligibility is determined by professional background and prior risk assessment experience, allowing applicants to select from two credential levels: **1. Provisional Risk Manager** * **Credential Title:** PECB Certified ISO/IEC 27005 Provisional Risk Manager * **Professional Experience:** None required * **Risk Management Experience:** None required * **Target Audience:** Individuals who have passed the examination but have not yet completed the field work or active hours necessary for full certification. This tier is appropriate for personnel beginning their governance, risk, and compliance (GRC) roles within federal agencies. **2. Risk Manager** * **Credential Title:** PECB Certified ISO/IEC 27005 Risk Manager * **Professional Experience:** Two years of overall professional experience, with at least one year dedicated specifically to Information Security Risk Management. * **Risk Management Experience:** A cumulative total of at least 200 hours of active information security risk management activities. For additional details on certification pathways and eligibility criteria for government personnel, please visit: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005/iso-iec-27005-risk-manager

Requirements

This training curriculum is designed for professionals within the public sector who require specialized instruction in safeguarding sensitive data and systems. The program addresses the needs of agency personnel responsible for implementing robust information security protocols, including managers, consultants, and privacy officers. It is particularly beneficial for those tasked with managing information security risks, leading IT security teams, or ensuring organizational compliance with ISO/IEC 27001 standards. This educational opportunity provides critical guidance for government officials and project leaders seeking to master the management of information security risks for government entities.
 21 Hours

Number of participants


Price per participant

Testimonials (5)

Upcoming Courses

Related Categories