This course enables participants to develop knowledge and skills for the mastery of the basic elements of risk management, from a general and then specific definition of information security and ISS risks, a presentation of the normative framework and existing methodologies.

This training is recommended as a preparation for the ISO 27005 Risk Manager and Ebios Risk Manager certification courses.


  • Understand what a risk is and how to assess it
  • Differentiate between information security risk and information systems security risk
  • Understand the stakes of risk management
  • Find your way in the existing documentation (standards and methodologies)

Course Curriculum

I. Defining and Assessing Risk Broadly

  1. Definition of risk
  2. Assessing the level of risk

II. Overview of the main current threats

III. Understanding information security risk

  1. Definition of information security
  2. The risk of information security

IV. Understanding Information Systems Security Risk

  1. Definition of Information System (IS)
  2. Definition of Information Systems Security (ISS)
  3. The risk of information systems security

I. Define and understand the issues of risk management

II. The normative framework

  1. The ISO/IEC 31000 standard
  2. The ISO/IEC 25000 standard

III. Risk management methods

  1. Overview of existing methods
  2. Comparison of existing methods
  3. The choice in the methodology

Principle planning



Day 1 Day 2 Day 3
Live session Section 1 (2H) Section 2 (2H) Question and answer session (45 min)

Evaluation of knowledge (45 min)

Individual work 1h 1h

Learning assessment

  • A 45-minute quiz to validate the knowledge acquired during the training

The +

  • Training delivered by risk trainers
  • Exchange moments on key concepts and experience sharing adapted to the learners’ context
  • A training pedagogy adapted to all learning profiles

Who should attend?

Anyone interested in learning more about risk management in general and information security risk management in particular:

  • Information security or compliance managers within an organization
  • Risk managers
  • Project manager
  • Information security team member
  • Information Technology Consultants


General knowledge of information systems.

How and when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 5 working days before the start of the training.


Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment. If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.

To go further

This training enables you to prepare for the following courses:


8 hours

+ OPCO support

Download the educational sheet in PDF format

Would you like more information?

contact us by filling out this form

    Almond commits itself to ensure that the collection and processing of your data, carried out from the site, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data.
    The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information.
    You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see for more information on your rights).
    You can exercise your rights by contacting Almond's Data Protection Officer at the following address:
    Your data will be kept within the European Union, in accordance with the regulations in force.