The exam assesses your ability to design, govern, operate, and improve a cybersecurity program across defined competence domains.
The exam is structured around domains covering cybersecurity fundamentals, governance, roles and responsibilities, risk management, communication and training, incident management, and continual improvement.
It evaluates whether candidates can connect standards and frameworks to practical program management decisions, rather than testing technical skills in isolation.
The exam is delivered online with a stated duration of three hours, emphasizing applied understanding of cybersecurity management concepts.
Strong candidates prepare by mapping each domain to real program decisions: governance choices, risk prioritization, control selection, and performance measurement.
“The exam focuses on management capability, not just technical depth.”
This training prepares senior security and IT professionals to operate effectively as Chief Information Security Officers in today’s regulatory and threat-driven environment. Participants learn how to design, govern, and monitor an enterprise-wide information security program aligned with business.
View courseThis training prepares experienced security professionals to design, operate, and govern a cloud security program aligned with ISO/IEC 27017 and ISO/IEC 27018. It addresses the realities of hybrid and multi cloud environments where accountability, data protection, and shared responsibility models.
View courseThis four-day course develops the skills needed to implement, manage, and improve SOC 2 compliance programs. It explains the SOC 2 framework and Trust Services Criteria, then guides participants through scoping, risk management, policy development, and control implementation.
View courseThe exam is stated as three hours in duration and is available online. It is described as meeting the PECB Examination and Certification Programme requirements.
byRamesh PAVADEPOULLE
ISO 31000 does not certify organisations. It certifies professionals. PECB offers two certifications based on the ISO 31000 framework: the 3-day PECB Certified ISO 31000 Risk Manager for practitioners applying the standard, and the 4-day PECB Certified ISO 31000 Lead Risk Manager for those leading enterprise risk programmes. Both are recognised internationally and validate your ability to plan and improve a risk management process aligned with ISO 31000:2018.
byHenri HAENNI
Yes, exam fees are included. The exam is stated as available online in English and has a duration of three hours.
byJean MUNYARUGERERO
Prioritize cybersecurity investments through risk-based assessments: protect crown jewels, address critical vulnerabilities, meet compliance requirements, and build foundational capabilities before advanced tools. Focus on high-impact, low-cost controls first.
Effective cybersecurity programs integrate governance, risk management, technical controls, incident response, awareness training, and continual improvement. They balance protection with business enablement through risk-proportionate measures.
Cybersecurity programs fail due to insufficient leadership support, security-business misalignment, lack of accountability, inadequate resources, and failure to adapt. Success requires executive sponsorship, business integration, measurable outcomes, and continual improvement.
A Lead Cybersecurity Manager designs, governs, and improves a cybersecurity program to manage risks, protect assets, and strengthen organizational resilience.
Browse all FAQs →
Full knowledge base
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.