Who should attend?

  • Managers or consultants wanting to implement an Information Security Management System (ISMS);
  • Project managers or consultants wanting to master the Information Security Management System implementation process;
  • Persons responsible for the information security or conformity in an organization;
  • Members of information security teams;
  • Expert advisors in information technology;
  • Technical experts wanting to prepare for an Information Security Audit function.

Learning objectives

  • To understand the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002;
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of Information Security controls;
  • To understand the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behaviour;
  • Preparing an acquisition and procurement process;
  • Calculation of benefits using financially oriented and non-financially-oriented cost-benefit techniques;
  • Drafting and implementing cost optimization strategies.

Course program

Day 1: Introduction to Information Security controls and ISO / IEC 27002:

  • Course objective and structure;
  • Standard and regulatory framework;
  • Fundamental Principles of Information Security;
  • Information Security Management System;
  • Information security policies;
  • Organization of information security.

Day 2: Human resources, Asset Management and Access Control:

  • Human resources security:
  • Asset Management:
  • Access Control.

Day 3: Operations and communications security as required by ISO / IEC 27001:

  • Cryptography;
  • Physical and Environmental Security;
  • Operations Security;
  • Communications security.

Day 4: Continuous improvement and preparation for certification:

  • System acquisition, development and maintenance;
  • Supplier Relationships;
  • Information security Incident Management;
  • Information security aspects of business continuity management;
  • Compliance
  • Golden Rules and Conclusion;
  • Lead Manager Certification Scheme;
  • Closing the Training.

Day 5: Certification Exam


Knowledge in Information Security is preferred.

Educational approach

This training is based on both theory and practice:

  • Sessions of lectures illustrated with examples based on real cases;
  • Practical exercises based on a full case study including role playing and oral presentations;
  • Review exercises to assist the exam preparation;
  • Practice test similar to the certification exam.

Exam & Certification

  • The “PECB Certified ISO / IEC 27002 Lead Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts for Information Security Controls;
    • Domain 2: Information Security Control Best Practice based on ISO / IEC 27002:
      • Domain 2.1: Guidance for Information Security Controls;
      • Domain 2.2: Evaluate the need and applicability of each control;
      • Domain 2.3: Direct the adherence to each control;
      • Domain 2.4: Monitor all or key activities related to all the controls.
  • The “PECB Certified ISO / IEC 27002 Lead Manager” exam is available in different languages (trainers are fluent in English, French & Spanish);
  • Duration: 3 hours;
  • For more information about the exam, refer to ISO / IEC 27002 Lead Manager Exam;
  • After successfully completing the exam, participants can apply for the credentials of PECB Certified ISO / IEC 27002 Provisional Manager, or PECB Certified ISO / IEC 27002 Manager depending on their level of experience;
  • A certificate will be issued to the participants who successfully pass the exam and comply with all the other requirements related to the selected credential;
  • For more information about ISO / IEC 27002 certifications and the PECB certification process, refer to ISO / IEC 27002 Lead Manager Certification.

Testimonials about the trainer

The Next 3 Courses