Foundation Course


This course enables the participants to learn about the best practices for implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2005, as well as the best practices for implementing the information security controls of the eleven domains of the ISO 27002. This training also helps to understand how ISO 27001 and ISO 27002 are linked with ISO 27003 (Guidelines for the implementation of an ISMS), ISO 27004 (Measurement of information security) and ISO 27005 (Risk Management in Information Security).

Course Agenda

Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001

  • Introduction to the ISO 27000 standards family
  • Introduction to management systems and the process approach
  • General requirements: presentation of the clauses 4 to 8 of ISO 27001
  • Implementation phases of the ISO 27001 framework
  • Continual improvement of Information Security

Implementing controls in information security according to ISO 27002

  • Principles and design of information security controls
  • Documentation of a information security control environment
  • Monitoring and reviewing the information security controls
  • Security controls based on ISO 27002 best practices

Certification Exam

  • The "Certified ISO/IEC 27001 Foundation" exam fully meets the requirements of the PECB Examination Certification Programme (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts of information security
    • Domain 2: Information Security Management System (ISMS)
  • The "Certified ISO/IEC 27001 Foundation" exam is available in different languages (the complete list of languages can be found in the examination application form)
    Duration: 1 hour
  • Certification

A certificate of "Certified ISO/IEC 27001 Foundation" will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential.