ISO/IEC 27005 Specialist Training Course

TRECCERT ISO/IEC 27005 Specialist is an advanced-level course developed to provide trainees with a solid knowledge of the ISO/IEC 27005 guidelines and controls. The training course provides an in-depth explanation of guidelines and controls mandated to establish, implement, manage, improve, and assess an Information Security Risk Management (ISRM)
Three (3) Days
CPC Credits
Training Mode
Classroom and online
Target Audience

The ISO/IEC 27005 Specialist training course is developed for professionals seeking to expand their professional skills in the assessment and management of an information security risk management process, for example:

  • Information Security Risk Manager, Team Leader or Technician
  • Business Owner, COO, CIO, CISO
  • Risk Analyst, Model Risk Specialist, Risk Manager

Learning Objectives

  • Know and understand the purpose of an information security risk management process, including basic concepts, principles, and other risk management frameworks.
  • Know and understand the whole information security risk management process steps and activities.
  • Know, understand, and be able to identify, assess and treat the information security risks and perform other related activities.
  • Know and understand the basic analysis and methods used to establish a risk management context, assess and manage information security risks and implement security controls.
  • Know, understand, and be able to support the information security risk manager perform risk management activities.

Course Material Factsheet

Training Slides: 300
Quiz Questions: 20
Exercises: 2

Course Material

  • Information Security Risk Management
    • Information Security Background
    • Risk Management Background
    • Information Security Risk
    • Information Security Risk Management Process
    • Based on ISO 27005 Standard
    • Statement of Applicability and Risk Management
    • Risk Heat Maps
  • Establishing the Context of the Information Security Risk Management Process
    • Context Establishment
    • Information Security Risk Management
    • Process Basic Criteria
    • Information Security Risk Management
    • Scope and Boundaries
    • Defining the Organization’s Structure
  • Information Security Risk Assessment
    • Information Security Risk Assessment Approaches
    • Identification of Information Security Risks
    • Information Security Risk Analysis
    • Evaluation of Information Security Risks
  • Information Security Risk Treatment
    • Risk Treatment Options and Techniques for
    • Selecting such Options
    • Risk Treatment Plan Development and Residual
    • Risk Evaluation
    • Acceptance of Information Security Risks
    • Risk Recording and Reporting
  • Risk Communication and Consultation
    • Overview of Risk Communication and Consultation
    • Risk Communication and Consultation Phases and Plan
    • Risk Communication and Consultation Techniques
    • Risk Monitoring and Review
    • Overview of the Risk Monitoring and Review Process
    • Monitoring, Reviewing, and Improving the Information
    • Security Risk Management Process

Examination Details

Nr. Of questions: 100
Type of Exam: Multiple Choice
Duration: 120 minutes
Location: Online

How can I enroll this course?

Fill out the form or contact us through email to get enrolled in this course.