Are you the victim of a security incident? Contact our CERT


Risk fundamentals

This course enables participants to develop knowledge and skills for the mastery of the basic elements of risk management, from a general and then specific definition of information security and ISS risks, a presentation of the normative framework and existing methodologies. This training is recommended as a preparation for the ISO 27005 Risk Manager and Ebios Risk Manager certification courses.

Course overview

  • Understand what a risk is and how to assess it
  • Differentiate between information security risk and information systems security risk
  • Understand the stakes of risk management
  • Find your way in the existing documentation (standards and methodologies)

Course Curriculum

Section 1: The Risk

I. Defining and Assessing Risk Broadly

  • Definition of risk
  • Assessing the level of risk

II. Overview of the main current threats

III. Understanding information security risk

  • Definition of information security
  • The risk of information security

IV. Understanding Information Systems Security Risk

  • Definition of Information System (IS)
  • Definition of Information Systems Security (ISS)
  • The risk of information systems security

Section 2: Risk Management

I. Define and understand the issues of risk management

II. The normative framework

  • The ISO/IEC 31000 standard
  • The ISO/IEC 25000 standard

III. Risk management methods

  • Overview of existing methods
  • Comparison of existing methods
  • The choice in the methodology

Principle planning

  • 6 hours of distance learning with the trainer, divided into 3 sessions
  • 2 hours of independent personal work time
Day 1
Day 2
Day 3
Live session
Section 1 (2h)
Section 2 (2h)
Questions/Answers (45 min)
Learning assessment (45 min)
Personal work

Learning assessment

A 45-minute quiz to validate the knowledge acquired during the course

Training benefits

  • Training delivered by risk trainers
  • Exchanges on key concepts and experience sharing adapted to the learners’ context
  • Training methods adapted to all learning profiles

Who should attend?

Anyone wishing to learn more about risk management in general and information security risk management in particular:

  • People responsible for information security or compliance within an organization
  • Risk managers
  • Project manager
  • Information security team members
  • Information technology consultants

Entry Requirements

General knowledge of information systems

How and when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 10 working days before the start of the training


Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.

If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.

To go further

This trainging course is designed to prepare you for the following training courses:


8 hours


OPCO support

Download the training sheet in PDF format

Would you like more information?

+33 (0)2 55 59 01 11

Almond commits itself to ensure that the collection and processing of your data, carried out from the site, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data. The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information. You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see for more information on your rights). You can exercise your rights by contacting Almond's Data Protection Officer at the following address: [email protected]. Your data will be kept within the European Union, in accordance with the regulations in force.