HSC   Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Training courses > ISO 27005 Risk Manager ou Information Security Risk Manager
Go to: HSC main site
Download the training catalog
Version française
   Training courses   
o Planning
o Organismes de certifications
o Labels des formations
o Certifications et qualifications d'HSC
o Formations universitaires
o E-learning HSC
o ISO 27001
o PHP security
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
   HSC est certifié OPQF   
logo OPQF
|>|ISO 27005 Risk Manager ou Information Security Risk Manager  
Training courses
See also...
o Organization of the courses
o Training sessions planning
o General presentation of our ISO 27001 services
o Gestion des risques avancée
o ISO 27001 Lead Implementer
o ISO 27001 Lead Auditor
o ISO 22301 Lead Implementer
o Gestion des mesures de sécurité et norme ISO 27002
o Certification by LSTI
o Goals
o International recognition
o Duration
o Instructor(s)
o Pre-requisite for attendants
o Teaching method
o Related courses
o Material
o Agenda
o Methods of inscription

Dates of the coming sessions:
> 12-14 December 2016 (Paris)
> 18-20 January 2017 (Paris)
> 3-05 April 2017 (Paris)
> 10-12 May 2017 (Toulouse)
> 7-09 June 2017 (Paris)
> 26-28 June 2017 (Luxembourg)
> 11-13 September 2017 (Paris)
> 11-13 October 2017 (Paris)
> 13-15 November 2017 (Paris)
> 11-13 December 2017 (Paris)
Dates subject to modification without prior notice. The sessions will only take place if the number of registered attendants is high enough.
The training will focus on information systems security risks and how to assess and analyse them.


Certifying ISO 27005 Risk Manager (Information Security Risk Manager) course explain the ISO 27005 standard more globally information security risk management. This course allows you to pratically run by yourself the risk management process and to manage it's lifecycle.

In details, goals of the courses follaws :

  • Learn to implement the ISO 27005 standard as well as others risk management methodologies in any situation
  • Describe the risk management process and it's lifecyle
  • Give to the trainee all means to run and complete a risk assessment by himself
  • Communicate the ressources and tools available to implement the best risk management
  • Prepare the candidate to the certification exam

International recognition

The training by HSC and the examination by LSTI are internationally recognized, on the same level as the other trainings and examinations available on the market.
For more information, see the page Certification by LSTI. The ISO 27005 standard "Information Security Risk Management" has been published on June 4, 2008 by ISO. This detailed method for information security risk management reflect the international concensus on the topic. The standard is pragmatic and complete, usable in any cases, and recommanded in the case of the set up of an ISMS following the ISO 27001 standard. ISO 27005 is inspired by existing previous methodologies, first of all the EBIOS v2 methodology from the french DCSSI, and also the british BS7799-3 and australian AS/NZS 4360. The Information Security Risk Management course from HSC is similar to equivalent courses based upon EBIOS, Mehari or Actave, however the HSC courses is based upon ISO 27005 wich is the internationale reference.

For un introduction to the ISO 27005 standard, look at the article published in GlobalSecurityMag in july 2008 (in french).


3 days.

  • 2.5 days of course, practical cases, exercises and a case study
  • 0.5 day for exam

  • Instructor(s)

    This training is given by:

    • Hervé Schauer (Herve.Schauer@hsc.fr)
      • ISO27001:2013 Lead Auditor and Lead Implementer certified by LSTI
      • ISO27005:2011 Risk Manager certified by LSTI
      • ISO22301 Lead Auditor certified by LSTI
      • CISSP, ISC2 certified
      • GSLC (GIAC Security Leadership Certification) certified by GIAC
      • Participating to the normalization in security at AFNOR since 1990 and at CN27 since its creation in 1993
      • Member of the ISO 27001 group of the Clusif
      • Host of Club 27001
    • Tonty Belot (Tony.Belot@hsc.fr)
      • ISO27001:2013 Lead Auditor certified by LSTI
      • ISO27001:2013 Lead Implementer certified by LSTI
      • ISO27005:2011 Risk Manager by LSTI
      • PCI DSS QSA certified by PCI Security Standards Council
      • GCIH (GIAC Certified Incident Handler) certified by GIAC
    • Alexandre Magloire (alexandre.magloire@hsc.fr)
      • ISO27001:2013 Lead Auditor certified by LSTI
      • ISO27001:2013 Lead Implementer certified by LSTI
      • ISO27005:2011 Risk Manager certified by LSTI
      • EBIOS Risk Manager certified by LSTI
      • ISO22301:2012 Lead Implementer certified by LSTI
      • ISO22301:2012 Lead Auditor certified by LSTI
    • Beatrice Joucreau (Beatrice.Joucreau@hsc.fr)
      • ISO27001:2013 Lead Auditor certified by LSTI
      • ISO27001:2013 Lead Implementer certified by LSTI
      • ISO27005:2011 Risk Manager certified by LSTI
      • EBIOS Risk Manager certified by LSTI
      • GSEC(GIAC Security Essentials) certified by GIAC

    Pre-requisite for attendants

    The course "ISO 27005 Risk Manager" is targeted to anyone willing to control the ISO 27005 standard or gaining ISO 27005 certification. This course is targeted to anyone needing to run an information risk assessment particularly on information systems. This training is designe to fit into an Information Security Management System implementation process. This training is perfectly suited for CISOs and information security consultants. To follow this course it is recommanded to get basic knowledge in computer security.

    Teaching method

    The pedagogic method is based upon the five following practices :

    • Authoritative course based upon ISO 27005 standard, with some references to ISO 27001 standard
    • Good use of standards and methodologies available
    • Construction of risk assessment tables reusable from any spreadsheet such as Excel
    • Examples and real cases studies
    • practical group and individual exercises

    Related courses

    Gestion des risques avancée
    ISO 27001 Lead Auditor
    ISO 27001 Lead Implementer
    Gestion des mesures de sécurité et norme ISO 27002
    Formation RSSI


    The course is fully delivered in french and in french only. Course material include slides in French, exercices in french, exercices corrections in french, and all others documents in french or english necessary for the course. Electronic version of Excel files and corrections are delivered on an USB memory key.



    • ISO 2700X standards
    • ISO 27005: advantages and drawbacks
    • Other methods
    Risk management vocabulary according to ISO 27005 :
    • Identity an asset, a threat and a vulnerability
    • Threats and vulnerabilities
    • Appreciation of the risks
    • Likelihood and consequences of a risk
    • Evaluation of the risks
    • Various treatments of the risk
    • Acceptation of the risks
    • Notion of residual risk
    Risk Management process and ISO 27005 standard :
    • ISO 27005 introduction
    • Process management
    • Lifecycle and continual improvement (PDCA model)
    • Setting the Context
    • Identification of the risks
    • Analyses of the risks
    • Evaluation of the risks
    • Treatment of the risk
    • Acceptation of the risk
    • Monitoring and reconsidaration of the risk
    • Communication of the risk

    Case study:
    • Realisation of a complete risk appreciation
    • Team work
    • Simulation of an interview with a buisness process responsible
    • Usage of a laptop to do the study
    • Oral presentation of the results for each team
    • Review of the presented results
    HSC advices:
    • Common mistakes
    • Risk management actors
    • General recommandations
    • Examples of risks criterias scales
    • Exam preparation

    Methods of inscription

    For registering an HSC course, please contact our training department by phone : +33 141 409 704 or by email at formations@hsc.fr, with first and last name of every student, your postal address and your company VAT number. Thoses informations enable us to send your the training agreement. The training agreement must be return agreed with signature and company stamp with you purchase order, at least 6 days before the course. The purchase order should precise your billing address and our payment regulations : net 30 days from our invoice date. Registration is completed as soon as we received those two documents.

    Last modified on 20 May 2016 at 12:57:28 CET - webmaster@hsc.fr
    Mentions légales - Information on this server - © 1989-2013 Hervé Schauer Consultants