Information Security

ISO 27005 Risk Manager

This training is designed for professionals who must structure, operate, and defend an information security risk management process aligned with ISO/IEC 27005:2022. Participants work through the full risk lifecycle, from context definition to treatment decisions and executive reporting.

3 daysBestsellerExam includedPhysical classroomOnline classroomSelf-study
2,500+ professionals trained100 % pass rate120+ countries600+ organisations
Confirmed
PECB
8 Jun – 10 Jun
Language
EN
LocationLausanne / Morges & Online
Format
Physical classroomOnline classroom
Physical classroom
  • Instructor-led classroom training course
  • Lifetime access to official PECB training course material (PDF)
  • Official PECB online certification exam
  • Certificate of attendance
  • Official PECB certification
  • One free retake exam
Online classroom
  • Instructor-led online live interactive training course
  • Lifetime access to official PECB training course material (PDF)
  • Official PECB online certification exam
  • Certificate of attendance
  • Official PECB certification
  • One free retake exam
PECB
13 Apr – 15 Apr
Language
ENFR
LocationLausanne / Morges & Online
Format
Physical classroomOnline classroom
Physical classroom
  • Instructor-led classroom training course
  • Lifetime access to official PECB training course material (PDF)
  • Official PECB online certification exam
  • Certificate of attendance
  • Official PECB certification
  • One free retake exam
Online classroom
  • Instructor-led online live interactive training course
  • Lifetime access to official PECB training course material (PDF)
  • Official PECB online certification exam
  • Certificate of attendance
  • Official PECB certification
  • One free retake exam
PECB
11 May – 13 May
Language
ENES
LocationBarcelona & Online
Format
Physical classroomOnline classroom
Physical classroom
  • Instructor-led classroom training course
  • Lifetime access to official PECB training course material (PDF)
  • Official PECB online certification exam
  • Certificate of attendance
  • Official PECB certification
  • One free retake exam
Online classroom
  • Instructor-led online live interactive training course
  • Lifetime access to official PECB training course material (PDF)
  • Official PECB online certification exam
  • Certificate of attendance
  • Official PECB certification
  • One free retake exam
PECB
18 May – 20 May
Language
FR
LocationParis & Online
Format
Physical classroomOnline classroom
Physical classroom
  • Instructor-led classroom training course
  • Lifetime access to official PECB training course material (PDF)
  • Official PECB online certification exam
  • Certificate of attendance
  • Official PECB certification
  • One free retake exam
Online classroom
  • Instructor-led online live interactive training course
  • Lifetime access to official PECB training course material (PDF)
  • Official PECB online certification exam
  • Certificate of attendance
  • Official PECB certification
  • One free retake exam
Confirmed
PECB
Available year-round
Language
ENFRESDE
Format
Self-study
Self-study
  • Lifetime access to official PECB training course material (PDF)
  • Official PECB online certification exam
  • Official PECB certification
  • One free retake exam
No date works for you?
Request a private or flexible session

What you will gain

Structure and operate an ISO 27005 compliant risk management process that stands up to audit and certification scrutiny
Translate abstract risk concepts into documented, defensible treatment decisions
Select and justify appropriate risk assessment methods depending on organizational context
Produce risk registers, reports, and metrics usable by management and auditors
Integrate information security risk management into broader governance processes

Your trainers for this course

Henri HAENNI - Expert in Business Continuity, Risk Management and Information Security Governance
Henri HAENNI

ISO 22301 Lead Implementer · ISO 22301 Lead Auditor · ISO 27001 Lead Implementer · ISO 27005 Risk Manager · EBIOS Risk Manager

30 years of experience in governance and information security. Lecturer at Sorbonne (Paris I Panthéon), EPFL graduate. Led ISO deployments for The Global Fund, central banks, and government organizations across 3 continents.
View profile →
30+Years of experience
SorbonneLecturer
EPFLGraduated
12 PECBCertifications
jean-munyarugerero
Jean MUNYARUGERERO

PECB ISO 27001 Senior Lead Auditor · ISO 27001 Lead Implementer · CISM® Exam Bootcamp · ISO 27005 Risk Manager · CISA® Exam Bootcamp

View profile →
7certifications
5domains
Meet all our trainers →
PECB
ISO 27005 Risk Manager · Titanium Partnerhighest PECB accreditation levelTitanium Partner

Page contents

Course Description

Information security risk management has become a board level concern. In the 2024–2025 regulatory landscape, organizations are expected not only to identify risks but to demonstrate how those risks are evaluated, treated, monitored, and communicated. ISO/IEC 27005:2022 provides the reference framework, yet many organizations struggle to apply it consistently and pragmatically.

This training focuses on how risk management actually works inside organizations. Participants do not simply study the standard. They practice building a risk management framework that aligns with ISO/IEC 27001, supports certification audits, and produces decisions that management can accept or challenge with confidence.

Throughout the course, participants work with a realistic case study reflecting common operational constraints such as incomplete data, competing business priorities, and regulatory pressure. They define context, identify and analyze risks, evaluate acceptability, and select treatment options that are proportionate and documented. Particular attention is given to risk communication, ensuring that technical findings can be understood by non technical stakeholders.

Abilene Academy’s approach reflects consulting reality. Trainers are active practitioners who regularly design and review risk management processes for regulated organizations. The course also positions ISO 27005 in relation to other widely used methods such as EBIOS, OCTAVE, MEHARI, NIST, CRAMM, and harmonized threat and risk analysis, explaining when and why each is used.

Participants leave with a structured, repeatable approach that can be applied immediately within their organization or client environments.

    • Design an information security risk management framework aligned with ISO/IEC 27005
    • Conduct risk assessments with clear assumptions and documented reasoning
    • Evaluate risks using defined acceptance criteria and business impact
    • Define and justify risk treatment plans linked to ISO/IEC 27001 controls
    • Produce risk registers and reports suitable for audits and management review
    • Integrate continuous monitoring and review into operational processes

Professional Testimonials

J'ai suivi une formation ISO 27005 Risk Manager chez Abilene Academy qui a répondu à toutes mes attentes notamment grâce aux retours d'expérience du formateur.
JP

Julien Pasquier

Deputy CISO

Boiron

Frequently Asked Questions

What is the ISO/IEC 27005 Risk Manager certification and what does it qualify you to do?

The ISO/IEC 27005 Risk Manager certification qualifies professionals to design, operate, and maintain an information security risk management process aligned with ISO/IEC 27005:2022. It validates the ability to identify, analyze, evaluate, treat, and communicate information security risks in support of ISO/IEC 27001 compliance.

“ISO 27005 is less about scoring risks and more about making decisions you can defend six months later in front of an auditor or the board.”

Christophe MAZZOLA

ISO 27001 Lead Implementer • ISO 27001 Lead Auditor

ISO 27005Information Security RiskRisk AssessmentISMS

How does ISO/IEC 27005 support ISO/IEC 27001 compliance?

ISO/IEC 27005 provides detailed guidance on performing information security risk assessments and treatments required by ISO/IEC 27001. It explains how to meet Clause 6.1.2 by defining context, evaluating risks, and selecting controls in a structured, auditable way.

“When auditors ask ‘why did you choose this control,’ ISO 27005 gives you a documented answer instead of a guess.”

Christophe MAZZOLA

ISO 27001 Lead Implementer • ISO 27001 Lead Auditor

ISO 27001 RiskISO 27005 MethodologyISMS ImplementationISMS

What are the prerequisites for the ISO/IEC 27005 Risk Manager certification?

There are no formal prerequisites for the ISO/IEC 27005 Risk Manager certification, but participants are expected to have basic knowledge of information security and familiarity with ISO/IEC 27001 concepts. Prior exposure to risk management activities is strongly recommended.

“If you’ve sat in a risk workshop or defended a risk decision once, you’re ready for this course.”

Marc BOUVIER

ISO 22301 Lead Implementer • ISO 22301 Lead Auditor

ISO 27005Risk AnalysisPrerequisitesISO 27005 Risk Manager

How is ISO/IEC 27005 different from other risk assessment methods like EBIOS or NIST?

ISO/IEC 27005 defines a risk management framework rather than a single assessment method, while EBIOS, NIST, and similar approaches provide specific analysis techniques. ISO 27005 allows organizations to select and justify methods within a standardized lifecycle.

“ISO 27005 doesn’t tell you how to think—it tells you how to prove that you did.”

Christophe MAZZOLA

ISO 27001 Lead Implementer • ISO 27001 Lead Auditor

ISO 27005EBIOSNISTRisk Assessment Methods

Last updated:

Train with practitioners. Pass with confidence.

Abilene Academy is the only PECB Titanium Partner in Switzerland — the highest accreditation tier in the industry — delivering certified training in information security, data protection, AI governance, and GRC compliance. 99% exam pass rate. 2,500+ professionals trained across 120+ countries and trusted by 600+ organizations. Multilingual programmes available.

99%
Exam pass rate
2,500+
Professionals trained
120+
Countries reached
Titanium
The only PECB Titanium Partner in Switzerland
Certification included
Multilingual
EN · FR · ES · DE · IT and more

Trusted by 600+ organisations in 120 countries

  • Airbus logoAirbus
  • Altis logoAltis
  • BCEAO logoBCEAO
  • BCV logoBCV
  • Cargolux logoCargolux
  • Cartier logoCartier
  • Cofco Intl logoCofco Intl
  • Confédération SuisseConfédération Suisse
  • Council of Europe logoCouncil of Europe
  • Dell logoDell
  • Deloitte logoDeloitte
  • Devillard logoDevillard
  • Ebay logoEbay
  • Engie logoEngie
  • Etat de Fribourg logoEtat de Fribourg
  • Etihad Airways logoEtihad Airways
  • Eumetsat logoEumetsat
  • EY logoEY
  • Framatome logoFramatome
  • G42 logoG42
  • Gavi logoGavi
  • Republique et canton de Genève logoRepublique et canton de Genève
  • Groupe Mutuel logoGroupe Mutuel
  • HSBC logoHSBC
  • International atomic energy agency logoIAEA
  • IATA logoIATA
  • IBM logoIBM
  • international Labour organization logoILO
  • IMD logoIMD
  • KPMG logoKPMG
  • Kudelski Security logoKudelski Security
  • Loterie Romande logoLoterie Romande
  • MSC logoMSC
  • Nagra logoNagra
  • nespresso logoNespresso
  • Nestlé logoNestlé
  • Novartis logoNovartis
  • Payot SA logoPayot SA
  • Philips logoPhilips
  • PSA PanamaPSA Panama
  • PWC logoPWC
  • Richemont logoRichemont
  • Roche logoRoche
  • RTS Radio Télévision SuisseRTS
  • Santander logoSantander
  • SAP logoSAP
  • https://www.skyguide.ch/Skyguide
  • Société Générale logoSociete Generale
  • Swisscom logoSwisscom
  • SyzSyz
  • The Global fund logoThe Global fund
  • UNGSC logoUNGSC
  • International computing center logoUNICC

We use cookies to improve your experience

Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.