Day 1: Introduction, risk management framework according to ISO 31000
•Concepts and definitions related to risk management
•Risk management standards, frameworks and methodologies
•Implementation of an information security risk management framework
•Understanding an organization and its context
Day 2: Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO 31000
•Risk identification
•Risk analysis and risk evaluation
•Risk treatment
•Risk acceptance and residual risk management
•Risk communication and consultation
•Risk monitoring and review
Day 3: Risk assessment methodologies according to IEC/ISO 31010 and Exam
•Presentation of risk assessment methodologies
•Certified ISO 31000 Risk Manager Exam (2 hours)
Prerequisites
None
Educational approach
•This training is based on both theory and practice:
- Sessions of lectures illustrated with examples based on real cases
- Practical exercises based on a full case study including role playing and oral presentations
- Review exercises to assist the exam preparation
- Practice test similar to the certification exam
•To benefit from the practical exercises, the number of training participants is limited
Exam
•The “Certified ISO 31000 Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
- Domain 1: Fundamental principles and concepts in risk management
- Domain 2: Risk management program
- Domain 3: Risk assessment
- Domain 4: Risk Treatment
- Domain 5: Risk communication, monitoring and improvement
•The “Certified ISO 31000 Risk Manager” exam is available in different languages, including English, French, Spanish and Portuguese
•Duration: 2 hours
•For more information about the exam, refer to PECB section on ISO 31000 Risk Manager Exam
Certification
•After successfully completing the “ISO 31000 Risk Manager” exam, participants can apply for the credentials of Certified Provisional ISO 31000 Provisional Risk Manager or Certified ISO 31000 Risk Manager depending on their level of experience.
•A certificate of “ISO 31000 Risk Manager” will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential.
•For more information about ISO 31000 certifications and PECB certification process, refer to PECB section on ISO 31000 Risk Manager Certification.
General information
•Certification fees are included in the exam price
•Participant manual contains over 350 pages of information and practical examples
•A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to participants
•ISO 31000 and IEC/ISO 31010 provide guidance on information security risk management to which organizations cannot get certified against
•In case of failure of the exam, participants are allowed to retake it for free under certain conditions.
Taken from PECB <https://pecb.com