Information Security Risk Management Foundation (ISO/IEC 27005)

Earners of the Information Security Risk Management Foundation (ISO/IEC 27005) certification have demonstrated foundational knowledge of the ISO/IEC 27005 standard. This certification confirms that the professional has foundational knowledge of Information Security Risk Management in accordance with the ISO/IEC 27005 standard. The exam covers topics such as Terms and definitions, the information security risk management process, information security risk assessment (risk identification (identification of assets, threats, existing controls, vulnerabilities and consequences), risk analysis, risk evaluation, information security risk treatment (risk modification, risk retention, risk avoidance and risk sharing), information security risk acceptance, information risk communication and consultation and information security risk monitoring and review. Earning criteria: To earn the Information Security Risk Management Foundation (ISO/IEC 27005) certification candidates must successfully pass the ITC-012: Information Security Risk Management Foundation (ISO/IEC 27005) exam - Foundational level. A score of 70% or higher is required to pass the exam. The ITC-012: Information Security Risk Management Foundation (ISO/IEC 27005) exam is a closed-book and remotely proctored exam. ITCERTS recommends that candidates have at least 6 months of work experience in Information Security Risk Management before sitting for the exam. This certification is considered good-for-life and does not expire.