Skip to main content
Back to Training
ISO/IEC 27005 Lead Risk Manager certification badge

Information Security

ISO/IEC 27005

ISO/IEC 27005 Lead Risk Manager

Risk management is the engine of any serious information security program. This course gives risk leaders a structured, ISO/IEC 27005-aligned way to detect, treat, and prevent information security risk — and it goes wide on method, working through OCTAVE, EBIOS, MEHARI, CRAMM, NIST, and the Harmonized TRA so participants can pick the assessment approach that fits their organization. It dovetails with ISO/IEC 27001 and draws on the ISO 31000 risk principles.

Lead5 daysVirtual & On-site31 CPD credits

Learning path options

Self Study

Self-paced online study, at your own pace

Discuss with us →

In-Person Training

On-site delivery across Qatar and the GCC

Discuss with us →

Live Online Training

Instructor-led and delivered live online

Discuss with us →

Why attend

  • Put risk management at the center of your information security program
  • Detect, treat, and prevent information security risk with a repeatable framework
  • Work across recognized methods — OCTAVE, EBIOS, MEHARI, CRAMM, NIST, and the Harmonized TRA
  • Align risk practice with ISO/IEC 27005 and ISO/IEC 27001

Who should attend

  • Managers and consultants involved in information security
  • People responsible for managing information security risk
  • ISMS professionals, risk owners, and privacy officers
  • Project managers and expert advisers in information security risk management

What you'll learn

  • Explain risk management concepts and principles per ISO/IEC 27005 and ISO 31000
  • Establish, maintain, and continually improve an ISRM framework to ISO/IEC 27005
  • Apply the ISRM process based on ISO/IEC 27005
  • Plan and run risk communication and consultation
  • Record, report, monitor, and review the ISRM process and framework

Our approach

  • Grounds the best practices in real-life situations
  • Uses essay-style, case-based exercises
  • Includes scenario-based multiple-choice quizzes
  • Encourages discussion between participants and mirrors the exam format

Prerequisites

A fundamental understanding of ISO/IEC 27005 and comprehensive knowledge of risk management and information security.

Course agenda

Day 1Introduction to ISO/IEC 27005 and information security risk management
Day 2Risk identification, analysis, evaluation, and treatment
Day 3Risk communication, consultation, recording, reporting, monitoring, and review
Day 4Risk assessment methods
Day 5Certification exam

Examination

The exam spans six competency domains, from ISRM principles and program implementation through risk assessment, treatment, monitoring, and assessment methodologies.

Certification

  • Leads to the PECB Certified ISO/IEC 27005 Lead Risk Manager credential
  • Earned by passing the exam, signing the PECB Code of Ethics, and meeting the experience requirement for your tier
  • Includes one free exam retake within 12 months

Credential tiers

Provisional Risk ManagerPass the exam — no experience required
Lead Risk Manager5 years' experience (2 in ISRM) · 300 hours
Senior Lead Risk Manager10 years' experience (7 in ISRM) · 1,000 hours

Build this capability across your teams.

DAI Consultancy delivers ISO/IEC 27005 Lead Risk Manager as a corporate cohort — in-person, virtual, or hybrid — structured around your organization's objectives.