In 2018:  Zygma completed 25 years of continuous independent operations;   Drafted and edited Kantara's NIST SP 800-63 rev.3 IAL2/AAL2 Service Assessment Criteria; Managed on behalf of a client the first SP 800-63 rev.3 service assessment - the service was the first to receive Kantara's "NIST 800-63 rev.3" Approval;   Performed three Kantara Service Assessments, each resulting in a Grant of Approval;   Transitioned to operating as an S-Corporation.      
   Home      Site map      About Us      Legal       Contact



ISO/IEC 27001

ISO 27001/05 Training

Kantara Support

Standards & Regulations




Curricula Vitae

Course: Certified ISO 27005 Risk Manager (IS27005RISK)
Mastering Information Security Risk Assessment and Risk Management based on ISO 27005's guidance


This two-day intensive course develops the expertise required to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2008 guidance standard as a reference framework. Based on practical exercises and case studies, participants acquire the knowledge and skills necessary to perform an information security risk assessment and manage risks over time with an effective management process. The course content aligns directly with the requirements for the risk assessment method component of an information security management system (ISMS), as required by ISO/IEC 27001:2005.

Back to Top»»

Who should participate?
  • Risk managers
  • Those responsible for information security and/or GRC within an organization
  • Members of an information security team implementing or seeking to conform to ISO 27001 or involved in a risk management program
  • IT Subject Matter Experts & Advisors

Back to Top»»

Learning objectives

Participants will develop the skills for, and therefore an understanding of:

  • the concepts, approaches, methods and techniques to conduct effective risk management, following the guidance in ISO 27005
  • the requirements of ISO 27001 for information security risk management
  • the relationship between an Information Security Management System (including risk management, controls and compliance) and the interests of the various stakeholders associated with the ISMS
  • the expertise necessary to implement, maintain and manage an ongoing information security risk management program, following ISO27005
  • how to effectively advise organizations on best practices in information security risk management

Back to Top»»


Day 1: Introduction, risk management programs, risk identification and assessment, following ISO27005

  • Concepts and definitions related to risk management
  • Standards, frameworks and methodologies in risk management
  • Implementation of an information security risk management program
  • Risk identification
  • Risk assessment

Day 2: Risk evaluation, treatment, acceptance, communication and surveillance, following ISO 27005

  • Risk evaluation
  • Risk treatment
  • Acceptance of information security risks and management of residual risks
  • Information security risk communication Information security risk monitoring and review
  • Examination

Back to Top»»



Back to Top»»

Tutoring Approach

The course consists of presentation of the source material with examples based on real cases interspersed with practical exercises based on case studies including role plays and narrative presentation .  The use of these exercises helps prepare participants for the examination, taken on the second day. 

Given the number of practical exercises, the number of training participants may be limited.

Back to Top»»

Examination and Certification

The “ISO/IEC 27005 Risk Manager” examination lasts 2 (two) hours and fully meets the requirements of the PECB Examination Certification Programme (ECP).  The exam covers the following competence domains:

Domain 1: Fundamental concepts, approaches, methods and techniques of risk management

Domain 2: Implementation of a risk management program

Domain 3: Information security risk assessment based on ISO 27005

Back to Top»»

Certification Experience Requirements

Certification requirements for this course and qualification are under development and agreement with ANSI.

Back to Top»»

General Information

Each participant will receive:

  • a student manual containing over 150 pages of information and practical examples
  • a 14 CPE (Continuing Professional Education) participation certificate

Note that the ISO/IEC 27005:2008 is an informative standard, in that it provides Guidance on information security risk management; it is not, therefore, a standard against which an organization can be certified.

Back to Top»»

© 1993 - 2018   Zygma Incorporated     Telephone: +1 714 797 99 42      Email: Enquiries @    
All Zygma services are provided in accordance with its Ethics Policy.
Note - if you are submitting an enquiry or expect to receive email from us, please ensure that your spam filtering will accept mail from the domain ''