Global Lynx - making IT better!

making IT better!

Information Security Risk Management based on ISO/IEC 27005

With a focus on information security, this course addresses risk management according to the international ISO/IEC 27005 standard. It introduces the participant to risk management basic concepts, and helps him/her to get familiarized with the overall information security risk assessment and management process.

By completing the course, the student will be able to identify the main information security risks in his/her organization and define mechanisms to address these risks appropriately.


  • To explain the purpose of Risk Management and the processes to evaluate and manage information security risks.
  • To understand the ISO 27005 standard as the guidelines for information security risk management.
  • To understand the ISO 27005 basic terms and definitions.
  • To provide a supporting guide for the implementation of an Information Security Management System based on ISO/IEC 27005.
  • To understand the risk assessment and analysis processes.
  • To provide guidelines for decision making based on the risk analysis.


This course is aimed to:

  • Professionals who want to implement or are currently implementing an Information Security Management System within their organization.
  • Professionals who want to improve information security risk management.
  • People requiring to learn and understand risk assessment and management techniques in matter of information security.
  • People involved or playing a role in information security management who require a deeper understanding of the international standard for managing risks.


There are no mandatory prerequisites; however, it is recommended that the participant holds the Information Security Foundation certificate based on ISO/IEC 27002 or knowledge on ISO/IEC 27001:2013.


The course has the following characteristics:

  • It is structured in thematic units, with a balance between theory and practice.
  • The courseware material includes theory, practical exercises, study cases and complementary content.
  • A certificate of course completion is delivered.
  • The length is 3 days.
  • Has a minimum requirement of 6 and a maximum of 25 participants.


The course has the following topics:

  1. Information Security Risk Management Introduction
  2. Information Security Risk Management Process
  3. Information Security Risk Management Context Establishment
  4. Information Security Risk Assessment
  5. Information Security Risk Treatment
  6. Information Security Risk Monitoring, Reviewing and Communication
  7. Review and Evaluation

Advantages offered by Global Lynx

Our instructors are certified in different Risk Management, Information Security, ISO/IEC and ITSM disciplines and have extensive experience in:

  • The design and implementation of Information Security Management Systems.
  • The design and development of Business Continuity Plans, Disaster Recovery Plans and Business Impact Analysis in public and/or private organizations.
  • The selection, implementation and configuration of tools and controls which support the Business Continuity Management and Information Security.
  • The teaching of several Risk Management, Information Security, Business Continuity, ISO and ITSM training courses in the academic and the professional fields.
The participant receives a high quality student handout.