close

close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

close

close

Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

ISO 27005 Training courses

Online Instructor-led (5 days)

Classroom (5 days)

Online Self-paced (40 hours)

ISO 27005 Lead Auditor Course Outline

The following subjects are taught during this course:

Module 1: Introduction to ISO 27005 Standard

  • Core concepts, key definitions and background
  • Quality Management System (QMS)
  • Role and importance
  • Understanding the situation in an organisation
  • Reviewing and monitoring
  • Octave method
  • EBIOS method
  • MEHARI
  • Harmonised Tra method

Module 2: Interaction With Other ISOs

  • How ISO 27005 interacts with ISO 9001
  • How ISO 27005 interacts with ISO 27001
  • Quantifying the business impact
  • Impact severity

Module 3: Planning Individual Internal Audits

  • Internal audit approach
  • Risk assurance mapping
  • Audit plan
  • Research the audit area
  • Conduct process walk-throughs
  • Map risks to the organisation, process, or function
  • Obtain data prior to fieldwork

Module 4: Conducting the Internal Audit and Handling the Interview Process

  • Decide what you want to achieve
  • Identify risks and review objectives
  • Plan and audit activities
  • Validate the facts and complete the work
  • Develop a deliverable or report that will drive action
  • Follow up

Module 5: Understanding Quality Management Principles in an Internal Audit

Module 6: Preparation of an ISO 27005 Audit

Module 7: Conducting an ISO 27005 Audit

Module 8: Closing an ISO 27005 Audit

Module 9: Managing an ISO 27005 Audit Program

Module 9: Managing an ISO 27005 Audit Program

Module 10: Key Concepts, Terminology and Definitions for Lead Implementer

Module 11: Introduction to Risk Management

  • Monitoring and reviewing potential risks
  • Risk management methodologies
  • Information Security risk management framework and process model
  • Information assets classification, identification and threats
  • Threat vulnerabilities
    • Controls
    • Controlling vulnerabilities
    • Vulnerability categories
    • Vulnerability sources
    • The consequences of vulnerabilities
    • Incident scenarios
  • Types of vulnerabilities
  • Methods for risk assessment
  • Scales and simple calculations
  • Acceptance strategies
  • Improvement of risk assessment and risk management
  • Implementation of risk management programs
  • Risk communication and consultation
    • Communicating risk – an overview
    • The six principles of risk communication
    • Accurate communication
    • Risk communication procedures

Module 12: Risk Identification and Analysis

  • Risk analysis and scoring
  • Risk identification
  • Risk estimation
  • Risk estimation methodologies
  • Risk estimation components
  • Risk assessment techniques
  • Assumptions analysis
  • Checklist analysis
  • SWOT analysis
  • Prompt lists
  • Interviewing and brainstorming

Module 13: Role and Responsibilities of a Risk Manager

  • Risk acceptance and making changes accordingly
  • About information security
  • Types of risks and associated threats
  • Security controls and measures
  • Scope and boundaries of process
  • Understand the organisation
  • Know about constraints that affect an organisation
  • Impact of risks
  • Handling the information security risk management team
  • Train and make employees aware of risks

Module 14: Identifying, Evaluating and Treating Risks Specified in ISO 27005

  • Risk treatment
  • Mitigating control measures
  • Risk analysis tools & evaluation

Module 15: Role of an Auditor

  • The qualifications of an auditor
  • The International Register of Certified Auditors (IRCA) code of conduct
  • Internal and external audits
  • Roles and responsibilities of a lead auditor

Module 16: Preparation and Planning of an audit

  • Auditing definition
  • Pre-audit
  • Setting audit standards
  • Defining targets
  • Auditing goals
  • Types of audit

Module 17: Audit Tasks

  • Monitoring and logging
  • Intrusion and penetration testing
  • The penetration testing process
  • Penetration testing methods
  • Inspection
  • Report tips
  • Report structure
  • Reporting audits
  • Decision-making

Module 18: Auditing Principles and Techniques

  • Gap analysis
  • Gap analysis process
  • 5-whys
  • Communication planning
  • Time and auditing on schedule
  • Procedure and process flow
  • Audit steps
  • Plans and programs
  • Activities of an auditor
  • Verification techniques
  • Inspection writing
  • Approaches and methods for auditing
  • Data analysis
  • Data access and management
  • Quality and control of audit analytics processes
  • Collaboration, efficiency, and sustainability

Module 19: Closure of Audit

  • Report evaluation
  • Follow-up actions
  • Auditing results
  • Higher management
  • Submitting reports to higher management
  • Audit findings
  • Audit evidence and findings
  • NCPARs
  • Audit follow-up
  • The follow-up process

Show moredown

Prerequisites

We recommend completing the ISO 27005 Foundation certification before studying this course.

Who Should Attend this ISO 27005 Training Course?

The ISO 27005 Lead Auditor course has been specifically built for Risk Managers, IT consultants and Individuals responsible for information security within an organisation. 

ISO 27005 Lead Auditor Course Overview

The ISO 27005 Lead Auditor certification provides delegates with the relevant skills to assist in the application of risk management methods used in the workplace. Over five day, delegates will grasp the fundamental guidelines for information security risk management, which are taught by our highly experienced ISO 27005 trainers. This course includes an exam that will be taken on the final day of training. Our dedicated trainers will ensure that you are fully prepared for the exam, and can offer support and guidance throughout the course. After successfully completing this course, delegates will be able to perform an optimal information security risk assessment and manage risks in the working environment.

Show moredown

What's included in this ISO 27005 Training Course?

This training course includes:

  • The ISO 27005 Lead Auditor Examination
  • The Knowledge Academy ISO 27005 Lead Auditor Manual 
  • Certificate
  • Experienced Instructor 
  • Refreshments 

ISO 27005 Lead Auditor Exam

This exam is comprised of:

  • 30 questions
  • Multiple choice
  • 40 minutes in duration
  • 50% pass mark (15/30)
  • Closed book

 

Show moredown

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

ISO 27005 Foundation Course Outline

ISO 27005 Foundation is a one-day course. During this course, the delegates will be able to learn about various methods and techniques for mitigation associated with information in compliance with the standard.

The following modules are taught during this course:

Module 1: Introduction to ISO 27005 Standard

  • Core concepts, key definitions and background
  • Quality Management System (QMS)
  • Role and importance
  • Understanding the situation in an organisation
  • Reviewing and monitoring
  • Octave method
  • EBIOS method
  • MEHARI
  • Harmonised Tra method

Module 2: Interaction With Other ISOs

  • How ISO 27005 interacts with ISO 9001
  • How ISO 27005 interacts with ISO 27001
  • Quantifying the business impact
  • Impact severity

Show moredown

Prerequisites

For attending this course, having knowledge related to Fundamentals of Risk Management and Information Security and about ISO 27005 foundation can be beneficial.

Who should attend this ISO 27005 Training Course?

This course has been designed for information security team members, Risk managers, Information security managers, IT Professionals and Project Managers.

ISO 27005 Foundation Course Overview

The ISO 27005 Foundation course helps delegates understand the different ways and techniques of risk assessment associated with Information Security. During this course, delegates will come to know about techniques on how to handle and deal with cybersecurity risks, knowledge of concepts, models, processes and terminologies.

The delegates will also learn how to master the knowledge of basic steps for information security and effectively manage risks by implementing the different frameworks.

The main objectives of this course are to understand the concepts, ways, approaches, techniques and methods for effective implementation of ISO 27005 in an organisation for risk management.

Show moredown

What's included in this ISO 27005 Training Course?

This 27005 training course includes:

  • The ISO 27005 Foundation Examination
  • The Knowledge Academy ISO 27005 Foundation Manual 
  • Certificate
  • Experienced Instructor 
  • Refreshments 

ISO 27005 Foundation Exam

The ISO 27005 Foundation Exam is comprised of:

  • 30 questions
  • Multiple choice
  • 40 minutes in duration
  • 50% pass mark (15/30)
  • Closed book

 

Show moredown

Online Instructor-led (2 days)

Classroom (2 days)

Online Self-paced (16 hours)

ISO 27005 Internal Auditor Course Outline

The following subjects will be taught during this course:

Module 1: Introduction to ISO 27005 Standard

  • Core concepts, key definitions and background
  • Quality Management System (QMS)
  • Role and importance
  • Understanding the situation in an organisation
  • Reviewing and monitoring
  • Octave method
  • EBIOS method
  • MEHARI
  • Harmonised Tra method

Module 2: Interaction With Other ISOs

  • How ISO 27005 interacts with ISO 9001
  • How ISO 27005 interacts with ISO 27001
  • Quantifying the business impact
  • Impact severity

Module 3: Planning Individual Internal Audits

  • Internal audit approach
  • Risk assurance mapping
  • Audit plan
  • Research the audit area
  • Conduct process walk-throughs
  • Map risks to the organisation, process, or function
  • Obtain data prior to fieldwork

Module 4: Conducting the Internal Audit and Handling the Interview Process

  • Decide what you want to achieve
  • Identify risks and review objectives
  • Plan and audit activities
  • Validate the facts and complete the work
  • Develop a deliverable or report that will drive action
  • Follow up

Module 5: Understanding Quality Management Principles in an Internal Audit

Module 6: Preparation of an ISO 27005 Audit

Module 7: Conducting an ISO 27005 Audit

Module 8: Closing an ISO 27005 Audit

Module 9: Managing an ISO 27005 Audit Program

Show moredown

Prerequisites

We recommend completing the ISO 27005 Foundation certification before studying this course.

Who should attend this ISO 27005 Training Course?

This course has been created for Risk Managers, IT consultants and anyone responsible for information security.

ISO 27005 Internal Auditor Course Overview

The ISO 27005 Internal Auditor course will help delegates learn the basic features for Information Security when using the ISO 27005 (Risk Management) standards. Delegates will be taught the necessary skills to deliver an information security risk assessment and manage potential risks in the workplace. 

Show moredown

What's included in this ISO 27005 Training Course?

This training course includes:

  • The ISO 27005 Internal Auditor Examination
  • The Knowledge Academy 27005 Internal Auditor Manual 
  • Certificate
  • Experienced Instructor 
  • Refreshments 

ISO 27005 Internal Auditor Exam

The ISO 27005 Internal Auditor exam is comprised of:

  • 30 questions
  • Multiple choice
  • 40 minutes in duration
  • 50% pass mark (15/30)
  • Closed book

 

Show moredown

Online Instructor-led (3 days)

Classroom (3 days)

Online Self-paced (24 hours)

ISO 27005 Lead Implementer​ ​Course Outline

This course will cover the following topics:

Module 1: Introduction to ISO 27005 Standard

  • Core concepts, key definitions and background
  • Quality Management System (QMS)
  • Role and importance
  • Understanding the situation in an organisation
  • Reviewing and monitoring
  • Octave method
  • EBIOS method
  • MEHARI
  • Harmonised Tra method

Module 2: Interaction With Other ISOs

  • How ISO 27005 interacts with ISO 9001
  • How ISO 27005 interacts with ISO 27001
  • Quantifying the business impact
  • Impact severity

Module 3: Planning Individual Internal Audits

  • Internal audit approach
  • Risk assurance mapping
  • Audit plan
  • Research the audit area
  • Conduct process walk-throughs
  • Map risks to the organisation, process, or function
  • Obtain data prior to fieldwork

Module 4: Conducting the Internal Audit and Handling the Interview Process

  • Decide what you want to achieve
  • Identify risks and review objectives
  • Plan and audit activities
  • Validate the facts and complete the work
  • Develop a deliverable or report that will drive action
  • Follow up

Module 5: Understanding Quality Management Principles in an Internal Audit

Module 6: Preparation of an ISO 27005 Audit

Module 7: Conducting an ISO 27005 Audit

Module 8: Closing an ISO 27005 Audit

Module 9: Managing an ISO 27005 Audit Program

Module 9: Managing an ISO 27005 Audit Program

Module 10: Key Concepts, Terminology and Definitions for Lead Implementer

Module 11: Introduction to Risk Management

  • Monitoring and reviewing potential risks
  • Risk management methodologies
  • Information Security risk management framework and process model
  • Information assets classification, identification and threats
  • Threat vulnerabilities
    • Controls
    • Controlling vulnerabilities
    • Vulnerability categories
    • Vulnerability sources
    • The consequences of vulnerabilities
    • Incident scenarios
  • Types of vulnerabilities
  • Methods for risk assessment
  • Scales and simple calculations
  • Acceptance strategies
  • Improvement of risk assessment and risk management
  • Implementation of risk management programs
  • Risk communication and consultation
    • Communicating risk – an overview
    • The six principles of risk communication
    • Accurate communication
    • Risk communication procedures

Module 12: Risk Identification and Analysis

  • Risk analysis and scoring
  • Risk identification
  • Risk estimation
  • Risk estimation methodologies
  • Risk estimation components
  • Risk assessment techniques
  • Assumptions analysis
  • Checklist analysis
  • SWOT analysis
  • Prompt lists
  • Interviewing and brainstorming

Module 13: Role and Responsibilities of a Risk Manager

  • Risk acceptance and making changes accordingly
  • About information security
  • Types of risks and associated threats
  • Security controls and measures
  • Scope and boundaries of process
  • Understand the organisation
  • Know about constraints that affect an organisation
  • Impact of risks
  • Handling the information security risk management team
  • Train and make employees aware of risks

Module 14: Identifying, Evaluating and Treating Risks Specified in ISO 27005

  • Risk treatment
  • Mitigating control measures
  • Risk analysis tools & evaluation

Show moredown

Prerequisites

We recommend completing the ISO 27005 Foundation certification before studying this course.

Who should attend this ISO 27005 Training Course?

This ISO 27005 course has been specifically designed for those involved in working with Quality Management System (QMS) or the ISO 9001 standard and want to gain knowledge on ISO 27005.

ISO 27005 Lead Implementer​ ​Course Overview

This 3-day ISO 27005 training course has been designed to help delegates gain the relevant experience on the role and importance of Risk Management in an organisation. After finishing the course, delegates will be able to integrate the ISO 27005 Information Security Risk Management Framework with the ISO 27001 ISMS.

Show moredown

What's included in this ISO 27005 Training Course?

This training course includes:

  • The ISO 27005 Lead Implementer​ Examination
  • The Knowledge Academy ISO 27005 Lead Implementer​ Manual 
  • Certificate
  • Experienced ISO 27005 Instructor 
  • Refreshments 

ISO 27005 Implementation Exam

The ISO 27005 Implementation exam is taken on the final day of training and follows the structure outlined below:

  • 30 questions
  • Multiple choice
  • 40 minutes in duration
  • 50% pass mark (15/30)
  • Closed book

 

Show moredown

Not sure which course to choose?

Speak to a training expert for advice if you are unsure of what course is right for you. Give us a call on +64 800 446148 or Enquire.

What our customers are saying

Frequently asked questions

FAQ's

Please arrive at the venue at 8:45am.
The Knowledge Academy is the Leading global training provider in the world for ISO 27005 Training.
The price for ISO 27005 Training certification in New Zealand starts from NZD2295.

Why we're the go to training provider for you

icon

Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.

icon

Trusted & Approved

We are accredited by PeopleCert on behalf of AXELOS

icon

Many delivery methods

Flexible delivery methods are available depending on your learning style.

icon

High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo
Shell Logo

"...the trainer for this course was excellent. I would definitely recommend (and already have) this course to others."

Diane Gray, Shell

Looking for more information on ISO 27005 Training