Skip to Main Content
Strengthen your email security practices with 50% off e-learning | Shop now
Certified ISO 27005 ISMS Risk Management Training Course

Certified ISO 27005 ISMS Risk Management Training Course

SKU: 4209
  • Learn how to conduct an information security risk assessment from start to finish with this IBITGQ accredited three-day course.
  • Train without the travel with our Live Online courses giving you all the benefits of classroom study without the hassle, uncertainty and cost of travel.
  • Introduction to practical risk management methodologies, including ISO 27005 and other risk management techniques.
  • Successful completion of the course and included exam leads to the ISO 27005 Certified ISMS Risk Management (CIS RM) qualification and 21 CPD/CPE points.
Step 1 - Select location
Step 2 - Select date
Price: 1.750,00 €
Step 3 - Select quantity

The ISO 27005 Certified ISMS Risk Management course outline

Building on the implementation guidance delivered by the ISO 27001 Lead Implementer course, this three-day, advanced-level training course develops your competence in the key areas of information risk management; covering risk assessment, analysis, treatment and review.

It provides the skills and knowledge required to implement an information risk management programme based on ISO 27005:2018 and other risk management techniques.  The course content is based on recognised best practice and real-world examples of the use of information risk management processes to reduce risk to information assets.

The ISO 27005 risk management standard

ISO 27005 provides guidelines for information security risk assessments and is designed to assist with the implementation of a risk-based ISMS (information security management system).

This course covers ISO 27005 and will teach you:

  • All about the ISO 27005 information risk management standard and key risk management terminology;
  • How ISO 27005 is related to the ISO 31000:2009 risk management standard; and
  • How to assess, analyse and treat identified information security risks in accordance with ISO 27005 guidance.  

Certified ISO 27005 ISMS Risk Management training course benefits

 Gain experience with hands-on study

Gain practical experience in carrying out an effective risk assessment process as defined by ISO/IEC 27005:2011 through discussion, case studies and role play.

 Find out how a risk assessment works

Learn how a risk assessment works in action using a combination of formal training, practical exercises and relevant case studies.

 Learn from anywhere

Choose whether you attend Live Online or in person at one of our training venues.

 Understand key Standards

Get to grips with the key ISO 27005 and BS 7799-3 risk assessment processes.

Who should attend this course?

This course is aimed at those who have attended the Certified ISO 27001 ISMS Lead Implementer and want to develop their practical risk management skills. For example:

  • Risk Analysts
  • Risk Assessors
  • Risk Managers
  • IT/ Information Security Managers
  • IT/ Information Security Analysts

Your learning path

Find out how the Certified ISO 27005 ISMS Risk Management Training Course will help you start or enhance your knowledge and career.

This course is an essential component of the following learning paths:

Why choose IT Governance for your training needs?

IT Governance is internationally recognised as the authority on ISO 27001 and information security. Our team led the world’s first ISO 27001 certification project, and since then we have trained more than 7,000 professionals on information security management system (ISMS) implementations and audits.

Course details

What does this course cover?

  • The importance of information security risk management in ISO 27001 and its role within an organisation. 
  • A full overview of the ISO 27005 information risk management standard and an understanding of key risk management terminology. 
  • How ISO 27005 is related to the ISO 31000:2009 risk management standard. 
  • The key information security risk assessment processes, including context establishment, risk assessment, risk treatment and monitoring/review. 
  • How to assess, analyse and treat identified information security risks in accordance with ISO 27005 guidance.
  • How to communicate, monitor and review risk management activities.  
  • How to use risk management to achieve certification and maintain compliance with the ISO 27001 information security management standard. 
  • How vsRisk™ information security risk assessment software can help you save time and money. 
  • How to advise third-party organisations on information security risk management. 

What’s included in this course?

  • A professional training venue with lunch and refreshments.
  • Full course materials (digital copy provided as a PDF file).
  • The ISO 27005 Certified ISMS Risk Management exam.
  • A certificate of attendance.

What equipment should I bring?

The exam is an online exam. You will need to bring a ‘pop-up enabled’ laptop/tablet to the venue. Full details on how to access the exam will be provided by email 1–2 days before sitting the exam.

Course duration and times

Day 1: 9:30am – 5:00pm
Day 2: 9:15am – 5:00pm
Day 3: 9:15am – 5:00pm

CPD/CPE points

This course is equivalent to 21 CPD/CPE points.

Exams and qualifications

Certified ISO 27005 ISMS Risk Management exam

Attendees take the ISO 17024-certificated, ISO 27005 Certified ISMS Risk Management (CIS RM) exam set by IBITGQ (International Board for IT Governance Qualifications). There is no extra charge for this exam.

  • Delivery method: Online
  • Duration: 90 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 65%

What qualifications will I receive?

Certified ISO 27005 ISMS Risk Management (CIS RM).


This course holds accreditation from IBITGQ (International Board for IT Governance Qualifications), a renowned authority in personnel certification within the field of IT governance.

As a premier personnel certification body, IBITGQ specialises in certifying individuals who demonstrate exceptional proficiency in IT governance practices.

IBITGQ maintains accreditation to the ISO/IEC 17024:2012 standard, a globally recognised benchmark for conformity assessment. Accreditation by the International Accreditation Service (IAS) further underscores the course's commitment to meeting stringent certification requirements.

ISO 17024 certification is esteemed within the industry and universally acknowledged by employers worldwide. By aligning with this standard, our course ensures that your qualifications are not only recognised but also highly valued by employers across diverse sectors.

Upon successful completion of the course, you have the opportunity to validate your professional expertise by registering your qualification on the esteemed IBITGQ/GASQ successful candidate register. This platform serves as a testament to your commitment to excellence in IT governance, setting you apart as a distinguished professional in the field.

Do I need to bring proof of identity?

Delegates must bring a form of photographic ID with them as the invigilator my request to check it prior to the exam.

How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued.

Can exams be retaken?

Yes, if you are unsuccessful on the first attempt you can retake the exam for an additional fee. You can email us to schedule the retest for the exam.


Are there any prerequisites for this course?

There are no formal entry requirements but it is assumed that you have taken our CISMP or our ISO 27001 Certified ISMS Lead Implementer course or you have a good working knowledge of information security gained through practical experience.

Is there any recommended reading?

We strongly recommend you purchase and read the standard prior to attending the course:

We also recommend that you purchase and read the following textbook:

Customer Reviews