Closely aligned with the ISO27001 Standard, ISO27002 serves as a practical guideline for all members of staff as they initiate, implement and maintain an information security programme. An understanding of the best practice guidance as outlined in ISO27002 is essential to ensure the compliance to ISO27001 in any organisation. The ISO27002 ISMS Foundation Course delivers a comprehensive education in ISO27002 best practice and a recognised industry standard certification awarded by EXIN.
ISO/IEC27002 Information Security Foundation
Who should attend this course?
- This course is meant for all roles responsible for initiating, implementing or maintaining information security management systems (ISMS).
- Every employee, from administrative workers to the CEO, dealing with valuable information.
There are no formal entry requirements. The course is designed to provide a comprehensive introduction to information security management. Given the close relationship of ISO27002 with ISO27001, we strongly recommend that delegates attend the ISO27001 ISMS Foundation Course prior to taking this course
During this course, participants will learn, through a number of interactive sessions, the most significant aspects of the ISO27002 standard, its objectives, requirements, value to the organization, and its relation with the ISO27001 standard as well as with other standards. Additionally, participants will learn about the benefits and improvements that may be achieved by organizations that have an ISO27001-certified ISMS.
- Learn the importance of confidentiality, integrity and availability of information.
- Learn the types of risks, threats and damages, and the available risk strategies and the security measures you can take.
- Get insight in the security policy and organization, inclusive code of conduct, ownership, and roles and responsibilities.
- Be able to react to and manage security incidents.
- Learn the various security measures: physical, technical and organizational.
- Be aware of the most important legislations and regulations.
Introduction to Information Security
- Information Management
- Reliability Aspects
- Secure Information Systems Design
- Operational Processes and Information
- Information Architecture
Threats and Risks
- Risk Management
- Risk Analysis
- Guidelines for Implementing Security Measures
Approach and Organization
- Security policy
- Information Security Organization
- Code of Conduct
- Business Assets
- Incident Management
- Types of Security Measures
- Risks and Security Measures
- Information Classification
- Physical Security Measures
- Technical Measures
- Organizational Security Measures
Legislation and Regulations
- Importance of Legislation and Regulations
- Information Security Legislation
- Legislative Acts
- Information Security Regulations
- Legislation and Regulations Measures
ISO/IEC 27000 standards
- ISO/IEC 27001
- ISO/IEC 27002
- Qualification Scheme
- EXIN contact information
- Exam format
- EXIN’s exam content
- Tips for answering the exam
Review, Evaluation and Examination
- General review
- Sample exam
- Sample exam review
- Course evaluation
- Course certificate
- Certification exam