ISO 27005 Foundation

By attending this training course, participants will learn more about the structure of the standard including information security risk assessment, treatment, acceptance, communication and consultation, and monitoring and review. They will also gain basic knowledge related to information security risk management based on other standards such as ISO/IEC 27001 and ISO 31000.

After attending the training course, you can sit for the exam and, if you successfully pass it, you can apply for a “PECB Certified ISO/IEC 27005 Foundation” credential. A PECB Foundation certificate shows that you have knowledge on the fundamental concepts, principles, methodologies, processes, and management approaches used in information security risk management.

• Individuals involved in information security risk management
• Individuals seeking to gain knowledge about the main processes of information security risk management 
• Individuals interested in pursuing a career in information security risk management

• Understand the basic concepts of information security risk management
• Acknowledge the correlation between ISO/IEC 27005, ISO 31000, ISO/IEC 27001, and other standards and regulatory frameworks
• Understand the approaches, methods, and techniques used for the management of information security risks

• This training course includes essay-type exercises, multiple-choice quizzes, examples and best practices used in information security risk management.
• The participants are encouraged to intercommunicate and engage in discussion and the completion of quizzes and exercises.
• Quizzes are similar to the certification exam.

Day 1: Introduction to fundamental concepts of information security risk management and ISO/IEC 27005

Day 2: Information security risk management and certification exam

The “PECB Certified ISO/IEC 27005 Foundation” exam complies with the PECB Examination and Certification Programme (ECP) requirements. The exam covers the following competency domains:

Domain 1: Fundamental concepts of information security risk management

Domain 2: Information security risk management approaches and processes

For more detailed information about the PECB examination process, please visit Examination Rules and Policies.

After successfully passing the exam, you can apply for the credential shown on the table below. You will receive the certificate once you comply with all the requirements related to the selected credential. 

For more information about ISO/IEC 27005 certifications and the PECB certification process, please refer to the Certification Rules and Policies.

• Certification fees are included on the exam price.
• Participants will be provided with the training course material containing over 200 pages of explanatory information, examples, best practices, exercises and quizzes.
• An Attendance Record worth 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
• In case candidates fail the exam, they can retake the exam within 12 months following the initial exam for free.