Risk Management — Training and Certification

Training and Certification Area

Risk Management — Training and Certification

Risk Management is a cross-functional decision-making capability. It is not only about analysis; it is about integration with strategy, prioritisation, control and continuous monitoring.

At BEHAVIOUR, this area develops competencies to structure risk frameworks, apply consistent methodologies, integrate risk and resilience, and support decision-making based on evidence and real impact.

The purpose of this page is to frame the area, clarify its scope and help identify the most suitable training according to profile, responsibilities and risk context.

Who it is for

  • Risk managers and GRC professionals
  • Information security leaders
  • Continuity and resilience managers
  • IT, operations and business leaders
  • Risk auditors and consultants
  • Professionals involved in decision-making and control

Typical outcomes

  • More informed and consistent decision-making
  • Clear prioritisation of risks and actions
  • Integration between risk, security and resilience
  • Reduced exposure and uncertainty
  • Greater organisational maturity

Why Risk Management is critical

Well-managed risk supports strategy. Ignored risk amplifies losses.

Maturity in this area is measured by the ability to identify, analyse, treat and monitor risks in a way that is integrated with the organisation’s objectives. In this area, BEHAVIOUR works on method, common language and practical application to turn risk into a management instrument.

Structure and Process

Models, principles and processes to manage risk consistently.

Analysis and Treatment

Risk identification, assessment, prioritisation and response.

Integration and Decision

The link between risk, strategy, security, resilience and performance.

What Risk Management covers

This area covers the integrated management of uncertainty across different organisational domains. It draws on practices and frameworks such as ISO 31000 — Risk management guidelines, ISO 27005 — Guidance on managing information security risks — and methodologies applied to information security and resilience.

  • Principles and framework of risk management
  • Enterprise risk management
  • Information security risk
  • Risk analysis and assessment methodologies
  • Risk treatment, acceptance and communication
  • Monitoring, reporting and continual improvement
  • Integration between risk, security and continuity

Training courses in Risk Management

Selection of courses available in this area. Each course has its own page with full details.

ISO 31000 Essentials

Fundamentals of risk management according to ISO 31000.

View course

Integrated Risk & Resilience Lead Manager (ISO 31000 / ISO 27005)

Integrated management of risk and resilience based on international standards.

View course

ISO 27005 Risk Methodologies

Risk management methodologies in information security.

View course

CRISC® Preparation Course

Structured preparation for the CRISC® certification, with a focus on information systems risk and control.

View course

Training pathways in Risk Management

This area includes training pathways focused on risk management, resilience and organisational decision-making.

Until dedicated pathways for this area are published, BEHAVIOUR can support the definition of the most suitable training path for professionals, teams and risk leaders.

Request support in choosing the pathway

Frequently asked questions about Risk Management

Brief answers to help choose the most suitable training in this area.

What does this area cover?

It covers models, methodologies and practices to identify, analyse, treat, monitor and communicate risk, integrating risk management with security, continuity, resilience and decision-making.

What is ISO 31000 for?

ISO 31000 provides principles, guidance and a framework to manage risk in a coherent way and integrated with the organisation’s strategy, governance and objectives.

What is ISO 27005 for?

ISO 27005 provides specific guidance for information security risk management, helping to analyse threats, vulnerabilities, impact, controls and treatment options.

What is the difference between ISO 31000, ISO 27005 and CRISC®?

ISO 31000 focuses on the general framework of risk management. ISO 27005 goes deeper into information security risk. CRISC® focuses on information systems risk and control from a professional and practical governance perspective.

Does this area help improve decision-making?

Yes. One of the objectives of this area is to strengthen the ability to decide based on structured analysis, risk prioritisation, clear acceptance criteria, and the link between risk, impact and organisational objectives.

Is the training relevant for security and resilience and not only for enterprise risk?

Yes. This area is designed to connect enterprise risk, information security, continuity and resilience, helping to build an integrated and useful view for different organisational contexts.

Can I request support to define a training pathway for my role or team?

Yes. BEHAVIOUR can support the selection of the most suitable pathway according to profile, responsibilities, risk context and intended level of maturity.

Need help choosing the right course?

We support the decision based on profile, responsibilities and risk context.