Mastering the Implementation and Management of Information Security Controls based on ISO 27002

This five-day intensive course enables participants to develop the necessary expertise and knowledge to support an organization in implementing and managing Information Security controls as specified in ISO 27002.

Participants will also gain a thorough understanding of best practices used to appropriately govern Information Security controls across all the principles of ISO 27002.

Who should attend?

  • Managers or consultants wanting to implement an Information Security Management System (ISMS);
  • Project managers or consultants wanting to master the Information Security Management System implementation process;
  • Persons responsible for the information security or conformity in an organization;
  • Members of information security teams;
  • Expert advisors in information technology;
  • Technical experts wanting to prepare for an Information Security Audit function.

Learning objectives

  • To understand the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002;
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of Information Security controls;
  • To understand the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behaviour;
  • Preparing an acquisition and procurement process;
  • Calculation of benefits using financially oriented and non-financially-oriented cost-benefit techniques;
  • Drafting and implementing cost optimization strategies.

Course program

Day 1: Introduction to Information Security controls and ISO / IEC 27002:

  • Course objective and structure;
  • Standard and regulatory framework;
  • Fundamental Principles of Information Security;
  • Information Security Management System;
  • Information security policies;
  • Organization of information security.

Day 2: Human resources, Asset Management and Access Control:

  • Human resources security:
  • Asset Management:
  • Access Control.

Day 3: Operations and communications security as required by ISO / IEC 27001:

  • Cryptography;
  • Physical and Environmental Security;
  • Operations Security;
  • Communications security.

Day 4: Continuous improvement and preparation for certification:

  • System acquisition, development and maintenance;
  • Supplier Relationships;
  • Information security Incident Management;
  • Information security aspects of business continuity management;
  • Compliance
  • Golden Rules and Conclusion;
  • Lead Manager Certification Scheme;
  • Closing the Training.

Day 5: Certification Exam

Prerequisites

Knowledge in Information Security is preferred.

Educational approach

This training is based on both theory and practice:

  • Sessions of lectures illustrated with examples based on real cases;
  • Practical exercises based on a full case study including role playing and oral presentations;
  • Review exercises to assist the exam preparation;
  • Practice test similar to the certification exam.

Exam & Certification

  • The “PECB Certified ISO / IEC 27002 Lead Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts for Information Security Controls;
    • Domain 2: Information Security Control Best Practice based on ISO / IEC 27002:
      • Domain 2.1: Guidance for Information Security Controls;
      • Domain 2.2: Evaluate the need and applicability of each control;
      • Domain 2.3: Direct the adherence to each control;
      • Domain 2.4: Monitor all or key activities related to all the controls.
  • The “PECB Certified ISO / IEC 27002 Lead Manager” exam is available in different languages (trainers are fluent in English, French & Spanish);
  • Duration: 3 hours;
  • For more information about the exam, refer to ISO / IEC 27002 Lead Manager Exam;
  • After successfully completing the exam, participants can apply for the credentials of PECB Certified ISO / IEC 27002 Provisional Manager, or PECB Certified ISO / IEC 27002 Manager depending on their level of experience;
  • A certificate will be issued to the participants who successfully pass the exam and comply with all the other requirements related to the selected credential;
  • For more information about ISO / IEC 27002 certifications and the PECB certification process, refer to ISO / IEC 27002 Lead Manager Certification.

Testimonials about the trainer

The Next 3 Courses

Dates on request