5. Risk Management

Risk is the effect of uncertainty on expected results or objectives.

Risk management is defined as the policies, procedures, and technology an organization adopts in order to reduce the threats, vulnerabilities, and consequences that could arise if data is not protected.

Datasec offers the following training sessions regarding risk management:

  • ISO 31000 Risk Manager
  • ISO 31000 Lead Risk Manager
  • Enterprise Risk Management Training
  • ISO 27035 – IT Risk Training

Datasec also offers consultancy in the following as regards risk management:

  • IT Risks Audits
  • Enterprise Risk Management
  • ISO 31001 Management
  • Gap Analysis

ISO 27005: Information Security Risk Management

ISO/IEC 27005 enables you to acquire the necessary skills and knowledge to initiate the implementation of an information security risk management process. Therefore, it proves that you are able to identify, assess, analyze, evaluate and treat various information security risks faced by organizations. Moreover, it enables you to support organizations prioritize risks and undertake appropriate actions to reduce and mitigate them.


The training provided for ISO 27005 information security risk management will help you to properly align organizations Information Security Management system with Information Security Risk Management process. Also, when obtaining the Certified ISO/IEC 27005 Credentials you will be able to help organizations to continually improve an information security risk management process which leads the organization towards achieving its objectives.

b. ISO31000: Organizational Risk Management

ISO 31000:2009 describes a systematic and logical process, during which organizations manage risk by identifying it, analyzing and then evaluating whether the risk should be modified by risk treatment in order to satisfy their risk criteria.
Risk management can be applied to an entire organization, at its many areas and levels, at any time, as well as to specific functions, projects and activities.


The ISO 31000 Risk Manager training course helps participants acquire the knowledge necessary and ability to integrate the risk management guidelines of ISO 31000 in an organization. It provides information with regard to the risk management principles and their application, as well as the core elements of the risk management framework and steps for a risk management process. In addition, it provides the basic approaches, methods, and practices for assessing risk in a wide range of situations.
Upon completion of the training course, you can sit for the exam and apply to obtain the Certified ISO 31000 Risk Manager” credential. The credential demonstrates your knowledge and ability to apply the risk management process in an organization based on the guidelines of ISO 31000 and best practices.

Let's Talk

Speak With Our Consultant

Email: info@datasec.co.ke
Phone: +254 752 602 000/ 0704 522 699
Location: Forest View Mall 4th Floor, Ngong Road