Enterprise Security Risk Management for Cybersecurity Managers: From Assessment to Governance with ISO/IEC 27005

In today’s threat landscape, cybersecurity risk management isn’t optional. It’s essential. In this course, cybersecurity director Marc Menninger equips security leaders and GRC professionals with the skills to build and maintain a risk management program based on the ISO 27005 framework. Learn how to identify, analyze, and treat cyber risks in alignment with business objectives, and how to communicate those risks effectively to executives. Explore practical examples and challenge-based exercises to gain hands-on experience applying the ISO 27005 lifecycle to real-world scenarios. Plus, dive into third-party risk management, software supply chain threats, and techniques for continual improvement. When you complete this course, you’ll be ready to lead with confidence and integrate cybersecurity risk into your organization’s enterprise risk strategy.

Learning objectives

• Explain the purpose of enterprise risk management (ERM) and how cybersecurity fits into a broader risk management framework.
• Apply the ISO 27005 risk management lifecycle to identify, analyze, evaluate, and treat cybersecurity risks.
• Develop and maintain a cybersecurity risk register that aligns with business objectives and supports audit readiness.
• Communicate cybersecurity risks effectively to stakeholders using risk matrices, dashboards, and executive reporting.
• Integrate third-party and software supply chain risks into your risk management program and map them to enterprise-level concerns.