ISO/IEC 27005 – Foundation

ISO/IEC 27005 Foundation is both a training course and a certification. 

Candidates will be required to follow the training course in self-study mode or E-learning mode at their convenience, taking into account the 12 months timeframe for training and certification.  

Pre-recorded videos and materials will be made available to the candidate for further training. Candidates will also have access to an examination questionnaire to help them prepare for the exam. Candidates will be allowed two attempts at the exam, but these must be completed within the allotted time.

Certificate and examination fees are included in the price of the training course. 

Training material containing over 200 pages of information and practical examples will be distributed. 

An attestation of course completion worth 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.  

In case of exam failure, you can retake the exam within 12 months for free.

The price online or face-to-face with an approved trainer is variable. Contact us for more details

ISO/IEC 27005 Foundation is a two-day training course that focuses on the information security risk management process introduced by ISO/IEC 27005 and the structure of the standard. It provides an overview of the guidelines of ISO/IEC 27005 for managing information security risks, including context establishment, risk assessment, risk treatment, communication and consultation, recording and reporting, and monitoring and review.  

After attending the training course, you can sit for the exam. If you successfully pass the exam, you can apply for the “PECB Certificate Holder in ISO/IEC 27005 Foundation” designation. This certificate demonstrates that you have a general knowledge of ISO/IEC 27005 guidelines for information security risk management. 

The ISO/IEC 27005 Foundation training course is intended for: 

Risk management professionals 

Professionals wishing to get acquainted with the guidelines of ISO/IEC 27005 for information security risk management 

Personnel tasked with managing information security risks in their area of responsibility 

Individuals interested in pursuing a career in information security risk management

Upon successful completion of this training course, you will be able to: 

Describe the main risk management concepts, principles, and definitions  

Interpret the guidelines of ISO/IEC 27005 for managing information security risks 

Identify approaches, methods, and techniques used for the implementation and management of an information security risk management program 

The training course is participant centered and: 

Contains lecture sessions illustrated with examples and discussions 

Encourages interaction between participants by means of questions and suggestions 

Includes quizzes with similar structure to the exam 

Day 1: Introduction to ISO/IEC 27005 and fundamental concepts of information security risk management  

Day 2: Information security risk management and certificate exam

The exam fully meets the requirements of the PECB Examination and Certificate Programme. It covers the following competency domains: 

Domain 1: Fundamental concepts of information security risk management 

Domain 2: Information security risk management approaches and processes

The “ISO/IEC 27005 Foundation” exam will be 100% online. 

Candidates will be asked to come to 1simple1's premises or take the exam in our accredited exam room, where they will be supervised in real time.