EXIN Information Security Foundation based on ISO/IEC 27001 - Professional

3 Days

18 CPD hours

Security professionals. This module is intended for everyone who is involved in the implementation, evaluation and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification.

The module Information Security Management Professional based on ISO/IEC 27001 (ISMP.EN) tests understanding of the organizational and managerial aspects of information security.The subjects of this module are:
Information security perspectives: business, customer, service provider/supplier
Risk Management: analysis, controls, remaining risks
Information security controls: organizational, technical, physical.

Information security is the preservation of confidentiality, integrity and availability of information (ISO/IEC 27000 definition). Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their staff, customers and suppliers) and an explosion in the use of networked computers and computing devices. The core activities of many companies completely rely on IT. Enterprise resource planning (ERP) management systems, the control systems that govern how a building runs or a manufacturing machine functions, day-to-day communications - everything - runs on computers. The vast majority of information - the most valuable commodity in the world - passes through IT. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. Companies and individual users of technology are also beginning to understand how important security is and are beginning to make choices based on the security of the technology or service.

Information Security Perspectives

• The candidate understands the business interest of information security
• The canidate understands the customer perspective on governance
• The candidate understands the supplierïs responsibilities in security assurance

Risk Mangement

• The candidate understands the principles of risk management
• The candidate knows how to control risks
• The candidate knows how to deal with remaining risks

Information Security Controls

• The candidate has knowledge of organizational controls
• The candidate has knowledge of technical controls
• The candidate has knowledge of physical, employment-related and continuity controls