The ISO/IEC 27005 Foundation training course provides instruction on the fundamental concepts and principles of information security risk management as defined by the ISO/IEC 27005 standard.
This two-day training course focuses on the information security risk management framework introduced by ISO/IEC 27005 and the structure of the standard itself. It offers an overview of the standard’s guidelines for managing information security risks, encompassing context establishment, risk assessment, risk treatment, communication and consultation, documentation and reporting, as well as monitoring and review.
Upon completing the course, participants may take the certification exam. A passing score qualifies candidates to apply for the “PECB Certificate Holder in ISO/IEC 27005 Foundation” designation, which validates a general understanding of the ISO/IEC 27005 guidelines for information security risk management.
The ISO/IEC 27005 Foundation training course is intended for:
Risk management professionals.
Professionals seeking to familiarize themselves with the ISO/IEC 27005 guidelines for information security risk management.
Personnel responsible for managing information security risks within their domain.
Individuals interested in pursuing a career in information security risk management.
Upon successful completion of this training course, you will be able to:
Describe the core concepts, principles, and definitions of risk management.
Interpret the ISO/IEC 27005 guidelines for managing information security risks.
Identify the approaches, methods, and techniques used to implement and manage an information security risk management program.
The training course employs a participant-centered approach, which includes:
Lecture sessions supported by practical examples and discussions.
Encouragement of participant interaction through questions and collaborative suggestions.
Quizzes designed to reflect the structure of the certification examination.
There are no formal prerequisites to participate in this training course.
The exam fully meets the requirements of the PECB Examination and Certificate Programme. It covers the following competency domains:
Domain 1: Fundamental concepts of information security risk management
Domain 2: Information security risk management approaches and processes
To obtain this credential, a candidate must first complete the PECB ISO/IEC 27005 Foundation training course. Following the training, the candidate must take and successfully pass the corresponding examination. Upon passing, the candidate becomes eligible to apply for the “PECB Certificate Holder in ISO/IEC 27005 Foundation” certificate, which is an entry-level certification.
This certificate program has no prerequisites regarding prior professional experience or involvement in risk management projects. Therefore, the sole requirements for certification are completing the designated training course and passing the examination.
The certificate requirements are:
| Designation | Exam | Professional experience | Risk Management experience | Other requirements |
|---|---|---|---|---|
| PECB Certificate Holder in ISO/IEC 27005 Foundation | Pass the PECB ISO/IEC 27005 Foundation exam | None | None | Signing the PECB Code of Ethics |
The training course fee includes all applicable costs for certification and the final examination.
Participants will receive comprehensive training materials comprising over 200 pages of instructional content and practical examples.
Attendees who complete the training will be awarded a certificate of course completion, accredited for 14 Continuing Professional Development (CPD) credits.
Should a participant not pass the examination on the first attempt, one complimentary retake is available within a 12-month period.
Course agenda
Day 1: Introduction to ISO/IEC 27005 and fundamental concepts of information security risk management
Day 2: Information security risk management and certificate exam
