ISO/IEC 27005:2011 Information Security Management System (ISMS) Risk Management Course

Organizations of all types are concerned by threats that could compromise their information security. These threats may take any form from identity theft; risks of doing business on-line all the way to theft of equipment or documents which could have a direct impact on businesses, with possible financial loss or damage, loss of essential network services etc.. This course will help you to understand the information security risks you face while implementing and operating an Information Security Management System.


The objective of this course is to provide delegates with the specific guidance and advice to support the implementation of requirements defined in ISO/IEC 27001 that relate to risk management processes and associated activities. The course will provide delegates with a Risk Management framework for development and operation. 

Who should attend?

  • Staff tasked with the implementation and management of a ISO/IEC 27001 Information security management system
  • Information Security Managers
  • Risk managers
  • Information security consultants

What will I learn?

  • Description of information security risk assessment
  • Information security risk management process overview
  • Information security risk assessment approaches
  • Asset Identification and valuation
  • Impact assessment
  • Risk identification
  • Risk analysis
  • Threats Identification and ranking
  • Vulnerabilities methods for vulnerability assessment
  • Risk estimation
  • Risk evaluation
  • Basic Risk Criteria
  • Risk Evaluation Criteria
  • Risk Impact Criteria
  • Risk Acceptance Criteria
  • Risk treatment
  • Risk reduction
  • Risk retention
  • Risk avoidance
  • Risk transfer
  • Monitoring and review of risk factors
  • Risk management monitoring, reviewing and Improving

What are the benefits?

Both the objective and result of the course will be to assist the implementation of information security based on a risk management approach under the expert tutelage and guidance of a BSI tutor. Take the knowledge and skills imparted during this exercise and use them to improve and protect your business.

Further Information

Participants who successfully complete the course will be issued a certificate by BSI


The course is designed for people who have a good understanding of ISO/IEC 27001 and ISO 17799 (recently renamed ISO 27002) Information security management systems, (attendance of implementation or Lead Implementer  to ISO/IEC 27001 Information Security or the ISO/IEC 27001 lead auditor course is recommended). 

Call our training team now on

+ 971 4 336 4917