Introduction
This course is available to be delivered in a classroom and Live-Training model.
Live Training brings you the dynamic environment of the classroom, to your desk. Using your computer, you interact with the trainer and the trainees as if you were with them in the classroom.

On this course, the students will acquire the expertise to establish and operate an Information Security Risk Management (ISRM) program based on ISO/IEC 27005 and supported by well-known information risk management methodologies.
Besides the fundamental concepts related with information security and risk management and an overview clause-by-clause of the ISO/IEC 27005 standard and related guidance, the course leads the students through a step-by-step BEHAVIOUR customized methodology to implement an Information Security Risk Management (ISRM) program based on the ISO/IEC 27005 international standard in an organization, either as part of an new or existing isolated ISRM program, or, in support to the implementation of an Information Security Management System (ISMS) based on the ISO/IEC 27001.
The information security risk management implementation process covered on this course is supported by the ISO/IEC 27005, and related ISO/IEC 27000 family standards (ISO/IEC 27001, ISO/IEC 27002, among others), and additional recognized international guidance such as ISO 31000 standards, NIST information security risk standards (including NIST 800-30r1), among others.
The second part of the course includes the presentation and implementation of several well-known information security methodologies on the market considering the case-study provided. Through the course the students are presented with a more in depth or more high-level details to implement each one of these methods (note that the in-depth details presented will depend on method to method). The presented methodologies include, the NIST-800-30r1, MSRMG, OCTAVE, MAGERIT, EBIOS and a high-level presentation of the MEHARI, FAIR and M_o_R methods.
Based on a real-world adapted case-study organization, and supported by several approaches, templates, and other tools, including discussions and practical exercises, the students will team-up with their peers during this course and will be challenged to demonstrate their Manager skills to implement an ISRM program for this organization. This training methodology train and prepare students for successfully implement the ISO/IEC 27005 standard in a real-world environment with the support of well-known risk management methodologies.
Training Methodology
This course is based on theorical, and practical sessions supported by a real-world adapted case-study.
The course includes hands-on practical and theorical exercises to:
- better prepare the students for the real-world challenges, and
- to prepare and increase the likelihood of success on the certification exam, and
- train and prepare professionals for participating in an ISRM implementation program based on ISO/IEC 27005 or as part of an ISMS implementation based on ISO/IEC 27001.
- prepare participants to select and implement the most suitable information security risk method in response to the need of their organization
This course is available to be delivered in a Classroom and Live-Training model.
Live Training brings you the dynamic environment of the classroom, to your desk. Using your computer, you interact with the trainer and the trainees as if you were with them in the classroom.
Audience
This course is intended to:
- Information Security and/or IT Consultants, Auditors, Managers or Risk Professionals
- CISO, CIO, CSO or any Executive or Senior Manager responsible to ensure the alignment and delivery of value from Information Security Risk Management to the organization
- Professionals responsible for the Information Security/IT Governance on the organization
- Any professional, either, IT, information security, risk manager, business or any other, involved on the establishment, implementation, operations and/or continual improvement of an Information Security Risk Management program, isolated or, as part of an Information Security Management System (ISMS) based on ISO/IEC 27001
- Anyone who wants to learn the fundamentals of ISO/IEC 27005 and acquire the expertise to implement an ISRM program based on this standard
Prerequisites
Students should understand English as the course documentation is in this language. Please consult BEHAVIOUR to verify the availability of the course on other languages.
Duration (days)
5 days
Exam
The “Certified Risk Management 27005 Manager” exam covers the following competence domains:
- Domain 1: Information security risk management fundamentals and ISO/IEC 27005 guidelines
- Domain 2: Information security risk management program based on ISO/IEC 27005
- Domain 3: Information security risk assessment based on ISO/IEC 27005
- Domain 4: Information security risk treatment and acceptance based on ISO/IEC 27005
- Domain 5: Information security risk communication, monitoring and improvement based on ISO/IEC 27005
Language(s): English and Portuguese (please consult BEHAVIOUR for availability on additional languages).
Duration: 2 hours.
Exam details: One part exam.
Results: “Pass or Fail” qualitative score. In the case of a failure, the result will be accompanied with the list of domains in which you had a mark lower than the passing grade. If the candidate fails the exam, he is entitled to one free retake within a 1-year period from the initial exam date.
Passing score: 700/1000 marks.
Exam type: Scenarios-based open questions.
Certification
After successfully completing the certification exam, participants may apply for one of the two available credentials for this personnel certification scheme, depending on their level of experience.
- Certified Risk Management 27005 Associate Manager: no previous experience required.
- Certified Risk Management 27005 Manager: 2 years of experience on information security risk management
A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential. Candidates also receive the digital badge of the certification achieved.
The “Certified Risk Management 27005 Manager” personnel certification program is drafted and maintained according to the ISO/IEC 17024 standard.
Dates and Price
Guaranteed Dates Program
(*) All dates of this course are guaranteed only for the events that take place in Lisbon. In other locations the events are subject to a minimum number of participants.
On Behaviour all courses at Lisbon occur regardless of the number of trainees in room. The concept of setting up classes does not exist in our educational model, which is why all public dates, presented on the website, are guaranteed. So if you're in Portugal or anywhere else in the world, you can prepare your week and your trip, as long as you ensure your registration in the course.
Volume Discounts
For companies, Behaviour offer discounts, starting from the registration of the 2nd participant, in the same course and on the same date.
Simulate the prices for the number of participants you want to register to
training@behaviour-group.com or contact us via chat.
Hotels and Useful Information
Know where you can stay in Lisbon, near Behaviour.
For more information please see >> Booking <<