ISO/IEC 27002 - Information Security Foundation (ISFS) Certification Program - (2 Days)
This exam-preparatory course provides basic coverage of Information Security Foundation based on the ISO/IEC 27002 Standard. Information security is becoming increasingly important and globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet.
Activities of many companies now rely on IT, and information has become a valuable asset, as such protection of information is crucial for the continuity and proper functioning of the organization; information must be reliable.
The international standard, the Code of Practice for Information Security ISO/IEC 27002:2005 structures the organization of information security and provides the basic concepts of information security and their coherence are tested.
The basic knowledge that is tested in this program contributes to the understanding that information is vulnerable and that measures are necessary to protect this information.
This program is offered over a 2-day period where the Minimum number of students per session is 6 where the maximum is 16.
- The course includes 12 hours of student-instructor interaction, a sample and a formal examination. The examination will be held on the afternoon of the 2nd day.
- The format of the examination consists of a closed book paper of 40 multiple choice complex questions, to be answered within 60 minutes. The pass mark will be 65%.
- Instructor led Classroom environment
- Virtual Web based
Everyone in the organization who is processing information. The program is also suitable for Entrepreneurs of small independent businesses for whom some basic knowledge of Information Security is necessary. The program can be a good start for new information security professionals.
Note: The success in achieving this certification is highly dependent upon participants' effort in doing their homework, and self-study before and during the program.
The content of this program include but not limited to discussion of the following items:
- 1. Securing information
- 2. Information security
- 3. Examples of valuable information
- 4. Threats
- 5. Damage
- 6. Risk
- 7. Security measures during the incident cycle
- 8. Physical measures
- 9. Technical measures
- 10. Organizational measures
- 11. Legislation and regulations
This training program includes the following as reference documentation:
- Program slide presentation
- Syllabus document
- Sample examination questions and answers
Simulation and practical application
We provide the students with real life experiences; for the purpose of discussion and to show the value of using best practice, we could use the client organization as "Case study" example (where private course is delivered).