Course Overview
ISO/IEC 27005:2022 Lead Risk Manager training enables you to develop the competence to master the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005:2022 standard as a reference framework. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an Information Security Risk Management program. The training will also contain a thorough understanding of best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA. This training course supports the implementation process of the ISMS framework presented in the ISO/IEC 27001 standard.
Why Choose DQS for This Training?
DQS and PECB jointly deliver this course to help professionals demonstrate that they have the practical knowledge and professional capabilities to support and lead a team in managing Information Security Risks. The course provides comprehensive knowledge of a process model for designing and developing an Information Security Risk Management program, including multiple risk assessment methodologies.
| Feature | The DQS Advantage |
| Multiple Risk Methodologies | Covers OCTAVE, EBIOS, MEHARI, and harmonized TRA risk assessment methodologies. |
| ISO/IEC 27001 Integration | Directly supports the implementation of the ISMS framework presented in ISO/IEC 27001. |
| PECB-Certified Programme | Internationally recognized certification pathway through PECB. |
| Comprehensive Materials | Training material containing over 350 pages of information and practical examples. |
| Free Exam Retake | In case of exam failure, you can retake the exam within 12 months for free. |
Who Should Attend?
This training course is intended for:
· Information Security risk managers
· Information Security team members
· Individuals responsible for Information Security, compliance, and risk within an organization
· Individuals implementing ISO/IEC 27001, seeking to comply with ISO/IEC 27001 or involved in a risk management program
· IT consultants and IT professionals
· Information Security officers and Privacy officers
Learning Objectives
By the end of this training course, participants will be able to:
· Understand the concepts, approaches, methods and techniques that enable an effective risk management process according to ISO/IEC 27005:2022
· Acknowledge the correlation between Information Security risk management and security controls
· Learn how to interpret the requirements of ISO/IEC 27001 in Information Security Risk Management
· Acquire the competence and skills to effectively advise organizations on Information Security Risk Management best practices
· Acquire the knowledge necessary for the implementation, management and maintenance of an ongoing risk management program
Course Agenda
Day 1 – Introduction to ISO/IEC 27005:2022, Concepts and Implementation of a Risk Management Program
· Course objectives and structure
· Standard and regulatory framework
· Concepts and definitions of risk
· Implementing a risk management programme
· Context establishment
Day 2 – Risk Identification, Evaluation, and Treatment as Specified in ISO/IEC 27005:2022
· Risk Identification
· Risk Analysis
· Risk Evaluation
· Risk Assessment with a quantitative method
· Risk Treatment
Day 3 – Information Security Risk Acceptance, Communication, Consultation, Monitoring and Review
· Information security risk acceptance
· Information security risk communication and consultation
· Information security risk monitoring and review
Day 4 – Risk Assessment Methodologies
· OCTAVE Method
· MEHARI Method
· EBIOS Method
· Harmonized Threat and Risk Assessment (TRA) Method
· Applying for certification and closing the training
Day 5 – Certification Exam
· 3-hour written examination covering all competency domains
Examination
Duration: 3 hours
The "PECB Certified ISO/IEC 27005:2022 Lead Risk Manager" exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:
· Domain 1: Fundamental principles and concepts of Information Security Risk Management
· Domain 2: Implementation of an Information Security Risk Management program
· Domain 3: Information security risk assessment
· Domain 4: Information security risk treatment
· Domain 5: Information security risk communication, monitoring and improvement
· Domain 6: Information security risk assessment methodologies
Certification
After passing the exam, you can apply for one of the credentials below. You will receive a certificate once you fulfill all the requirements of the selected credential.
| Credential | Exam | Professional Experience | Project Experience | Other Requirements |
| PECB Certified ISO/IEC 27005:2022 Provisional Lead Risk Manager | PECB Certified ISO/IEC 27005:2022 Lead Risk Manager Exam | None | None | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27005:2022 Lead Risk Manager | PECB Certified ISO/IEC 27005:2022 Lead Risk Manager Exam | 5 years (2 in Information Security Management) | Information Security Risk Management activities: 300 hours | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27005:2022 Senior Lead Risk Manager | PECB Certified ISO/IEC 27005:2022 Lead Risk Manager Exam | 10 years (7 in Information Security Management) | Information Security Risk Management activities: 1,000 hours | Signing the PECB Code of Ethics |
General Information
· Certification and examination fees are included in the price of the training course.
· Training material containing over 350 pages of information and practical examples will be distributed.
· A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued.
· In case of exam failure, you can retake the exam within 12 months for free.
Course Approach
· You register for an account at PECB website, before or after order to DQS HK.
· Registration to DQS HK.
· Follow our instruction later for payment to DQS HK.
· You will have access to the course materials via PECB Kate app, in English unless otherwise specified, normally within a couple of working days.
· The course is designed for a 5-day duration, including an exam, to complete within 4 months.
· You can remotely access or download the training materials within PECB Kate app.
· You can complete the self-study at home at your pace.
Exam
· You can book an online exam at PECB website, for free with the exam code provided by PECB, normally within 4 months after your order to DQS HK.
· Well before the online exam, create exam profile at PECB website, download PECB Exams app and install it at your computer.
· The exam is open-book with duration for 3 hours.
· You can book an online exam retake, if required, at PECB website for free with the exam code provided by PECB, normally within 3 months after your initial exam.
Certificate and Qualification
· After receiving an email from PECB with exam passing result, you can reply by email to PECB with request for a course certificate.
· If you have the required working experience and project experience specified in course brochure, you can further apply to PECB for the associated qualification.
Above Listed Prices Include:
· Access to training materials and exercises in English by PECB during course period
· An examination by PECB normally within 4 months
· A retake by PECB, if required, normally within 3 months after initial exam
· Initial qualification registration fee by PECB, if applicable, within 3 months after passing exam