CONTACT US twitter facebook

ISO 27005 Lead Risk Manager

Course description

Risk management forms the cornerstone of any effective information security initiative. A well-implemented information security risk management programme empowers organizations to identify, tackle, mitigate, and potentially avert information security risks.

The ISO/IEC 27005 Lead Risk Manager training course imparts a structured approach to information security risk management, grounded in ISO/IEC 27005 guidelines, that complements the general principles of ISO/IEC 27001.

Following the training course, participants can take an exam. On passing, they earn the "Certified ISO/IEC 27005 Lead Risk Manager" certification. This certification signifies that the holder has the requisite theoretical and practical insights, along with professional competencies, to guide an information security risk management process founded on ISO 27005 guidelines and prevailing best practices in the domain.

Target audience

This training course is intended for:

  • Senior Analysts or consultants tasked with maintaining information security within an organization
  • Individuals accountable for handling information security risks, including ISMS professionals and risk owners
  • Members of information security teams, IT professionals, and privacy protection officers
  • Individuals in charge of ensuring compliance with ISO/IEC 27001's information security requirements within an organization
  • Project managers, consultants, or expert advisors aiming to master the intricacies of managing information security risks

Learning outcomes

By successfully completing this training course, you will be able to:

  • Describe the risk management concepts and principles as per ISO/IEC 27005 and ISO 31000
  • Develop, sustain, and consistently enhance an information security risk management framework in line with ISO/IEC 27005 guidelines and best practices
  • Implement information security risk management processes following ISO/IEC 27005 guidelines
  • Organize and conduct risk communication and consultation activities
  • Document, report, supervise, and evaluate the information security risk management process and framework

Our approach

  • The training course presents risk management best practices that equip participants to deal with real-world situations.
  • The exam includes essay-type questions based on case studies, with multiple-choice quizzes throughout the course, designed to prepare the delegates.
  • The format of the quizzes mirrors that of the final certification exam.


  • A basic understanding of ISO/IEC 27005 and knowledge of the link between risk management and information security.

Course Overview

  • Module 1 Principles and concepts of information security risk management 
  • Module 2 Implementation of an information security risk management programme 
  • Module 3 Information security risk assessment workflow practices
  • Module 4 Information security risk treatment options 
  • Module 5 Information security risk communication, monitoring, and continuous improvement 
  • Module 6 Information security risk assessment methodologies

Course Agenda

  • Day 1: The link between ISO/IEC 27001 and information security risk management 
  • Day 2: Risk Management processes based on ISO/IEC 27005
  • Day 3: Communication and consultation, recording and reporting, and monitoring and review
  • Day 4: Risk assessment methodologies and the Certification Exam


  • All candidates at official training courses are tested throughout their course with quizzes and exercises, in combination with a final exam held on the last day of the course.  Both elements are a part of the overall score. For this course, the final exam constitutes a 12 question essay type which should be completed within 180 minutes. A passing score is achieved at 70%. Self-study candidates can purchase an exam voucher from our Store.
  • Exam results are returned within 24 hours, with successful candidates receiving both a digital badge and a Certificate of Achievement
download pdf