ISO/IEC 27005 Lead Risk Manager - 生产力学院
ISO/IEC 27005 Lead Risk Manager
利小姐,电话:+852 2788 5704
1-3 & 10 August 2023 ClassApply Now
16-20 October 2023 ClassApply Now
1-2 & 6-7 February 2024 ClassApply Now


ISO/IEC 27005 Lead Risk Manager training enables you to acquire the necessary expertise to support an organization in the risk management process related to all assets of relevance for Information Security using the ISO/IEC 27005 standard as a reference framework. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an Information Security Risk Management program. The training will also contain a thorough understanding of best practices of risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA. This training course supports the implementation process of the ISMS framework presented in the ISO/IEC 27001 standard.

What is ISO/IEC 27005 ?

ISO/IEC 27005 provides guidelines for the establishment of a systematic approach to Information Security risk management which is necessary to identify organizational needs regarding information security requirements and to create an effective information security management system. Moreover, this international standard supports ISO/IEC 27001 concepts and is designed to assist an efficient implementation of information security based on a risk management approach.

 Day 1  Introduction to ISO/IEC 27005 and risk management 

  • Training course objectives and structure
  • Standards and regulatory frameworks
  • Fundamental concepts and principles of information security risk management
  • Risk management program
  • Context establishment

Day 2  Risk identification, evaluation, and treatment based on ISO/IEC 27005

  • Risk Identification
  • Risk analysis
  • Risk Evaluation
  • Risk Treatment

Day 3  Information security risk acceptance, communication, consultation, monitoring and review

  • Information security risk acceptance
  • Information security risk communication and consultation
  • Information security risk monitoring and review

Day 4 Risk assessment methods

  • OCTAVE Method and MEHARI Methodologies
  • EBIOS Method
  • NIST framework
  • CRAMM and TRA methods
  • Closing of the training course

Certification Examination

  • Examination Duration: 3 Hours
  • Online examination to be booked after completion of the training course

Target Participants

Individuals who are interested in master the fundamental principles and concepts of Risk Assessment and Optimal Risk Management in Information Security based on ISO/IEC 27005

  • Managers or consultants involved in or responsible for information security in an organization
  • Individuals responsible for managing information security risks
  • Members of information security teams, IT professionals, and privacy officers
  • Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organization
  • Project managers, consultants, or expert advisers seeking to master the management of information security risks


Participants who have attained at least 75% attendance of lecture will be awarded a Training Attendance Certificate


Poon Wai Tung, Keith

Mr. Poon Wai Tung, Keith is the Principal Consultant of an IT security consultancy company. Mr. Poon has been instrumental in developing professional consulting solutions, auditing and training courses in the increasingly vital areas of business risk assessment, business continuity management, information security and IT service management with a particular focus on services companies and manufacturing

 Download Full Course Detail ▼

This course is subject to approval under the Reindustrialisation and Technology Training Programme (RTTP) with up to 2/3 course fee reimbursement upon successful applications. For details:

RTTP Training Grant Application Companies should submit their RTTP training grant application for their employee(s) via least two weeks before course commencement. Alternatively, application form could be submitted by email to with supporting documents.