ISO/IEC 27005 Foundation – Information Security Risk Management

ISO/IEC 27005 Foundation training course provides information on the fundamental concepts and principles of information security risk management based on ISO/IEC 27005. 

Why Should You Attend?

ISO/IEC 27005 Foundation is a two-day training course that focuses on the information security risk management process introduced by ISO/IEC 27005 and the structure of the standard. It provides an overview of the guidelines of ISO/IEC 27005 for managing information security risks, including context establishment, risk assessment, risk treatment, communication and consultation, recording and reporting, and monitoring and review. 

After attending the training course, you can sit for the exam. If you successfully pass the exam, you can apply for the “PECB Certificate Holder in ISO/IEC 27005 Foundation” designation. This certificate demonstrates that you have a general knowledge of ISO/IEC 27005 guidelines for information security risk management.

Who Can Attend?

The ISO/IEC 27005 Foundation training course is intended for:

• Risk management professionals
• Professionals wishing to get acquainted with the guidelines of ISO/IEC 27005 for information security risk management
• Personnel tasked with managing information security risks in their area of responsibility
• Individuals interested in pursuing a career in information security risk management

Learning Objectives

Upon successful completion of this training course, you will be able to:

• Describe the main risk management concepts, principles, and definitions 
• Interpret the guidelines of ISO/IEC 27005 for managing information security risks
• Identify approaches, methods, and techniques used for the implementation and management of an information security risk management program

Educational Approach

The training course is participant centered and:

• Contains lecture sessions illustrated with examples and discussions
• Encourages interaction between participants by means of questions and suggestions
• Includes quizzes with similar structure to the exam 

Prerequisites 

There are no prerequisites to participate in this training course.

Course Agenda

• Day 1: Introduction to ISO/IEC 27005 and fundamental concepts of information security risk management.
• Day 2: Information security risk management and certificate exam.

Examination

The exam fully meets the requirements of the PECB Examination and Certificate Programme. It covers the following competency domains:

• Domain 1: Fundamental concepts of information security risk management
• Domain 2: Information security risk management approaches and processes

For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certificate Requirements

First, a candidate needs to complete the PECB ISO/IEC 27005 Foundation training course. Then, they need to take the exam and after successfully passing the exam, candidates will be able to apply for the “PECB Certificate Holder in ISO/IEC 27005 Foundation” certificate. This is an entry-level credential.

There are no prerequisites on professional or risk management project experience required. Thus, following the training course, passing the exam and applying for the certificate are the only certificate program requisites that certificate holders shall meet before obtaining the certificate.

For more information, please refer to the Certification Rules and Policies.

The certificate requirements are:

General Information

• Certificate and examination fees are included in the price of the training course.
• Training material containing over 200 pages of information and practical examples will be distributed.
• An attestation of course completion worth 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course. 
• In case of exam failure, you can retake the exam within 12 months for free. 

View the brochure for this training course.