ISO/IEC 27002 - Lead Manager


This five-day intensive course enables participants to develop the necessary expertise and knowledge to support an organization in implementing and managing Information Security controls as specified in ISO/IEC 27002. Participants will also gain a thorough understanding of best practices used to appropriately govern Information Security controls across all the principles of ISO/IEC 27002.


Who should attend?

  • Managers or consultants wanting to implement an Information Security Management System (ISMS)
  • Project managers or consultants wanting to master the Information Security Management System implementation process
  • Persons responsible for the information security or conformity in an organization
  • Members of information security teams
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information Security Audit function


Learning objectives

  • To understand the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of Information Security controls
  • To understand the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behavior
  • Preparing an acquisition and procurement process
  • Calculation of benefits using financially oriented and non-financially-oriented cost-benefit techniques
  • Drafting and implementing cost optimization strategies


Course Agenda

Day 1: Introduction to Information Security controls and ISO/IEC 27002

  • Course objective and structure
  • Standard and regulatory framework
  • Fundamental Principles of Information Security
  • Information Security Management System
  • Information security policies
  • Organization of information security

Day 2: Human resources, Asset Management and Access Control 

  • Human resources security
  • Asset Management
  • Access Control

Day 3: Operations and communications security as required by ISO/IEC 27001

  • Cryptography
  • Physical and Environmental Security
  • Operations Security
  • Communications security

Day 4: Continuous improvement and preparation for certification 

  • System acquisition, development and maintenance
  • Supplier Relationships
  • Information security Incident Management
  • Information security aspects of business continuity management
  • Compliance
  • Golden Rules and Conclusion
  • Lead Manager Certification Scheme
  • Closing the Training

Day 5: Certification Exam





Knowledge in Information Security is preferred.

Educational approach

This training is based on both, theory and practice:

  • Sessions of lectures illustrated with examples based on real cases
  • Practical exercises
  • Review exercises to assist the exam preparation
  • Practice test similar to the certification exam

Examination and Certification

  • The “PECB Certified ISO/IEC 27002 Lead Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts for Information Security Controls
    • Domain 2: Information Security Control Best Practice based on ISO/IEC 27002
      • Domain 2.1: Guidance for Information Security Controls
      • Domain 2.2: Evaluate the need and applicability of each control
      • Domain 2.3: Direct the adherence to each control
      • Domain 2.4: Monitor all or key activities related to all the controls
  • The “PECB Certified ISO/IEC 27002 Lead Manager” exam is available in different languages (the complete list of languages can be found in the examination application form)
  • Duration: 3 hours
  • For more information about the exam, refer to PECB section on ISO/IEC 27002 Lead Manager Exam
  • After successfully completing the exam, participants can apply for the credentials of PECB Certified ISO/IEC 27002 Provisional Manager, or PECB Certified ISO/IEC 27002 Manager depending on their level of experience
  • A certificate will be issued to the participants who successfully pass the exam and comply with all the other requirements related to the selected credential
  • For more information about ISO/IEC 27002 certifications and the PECB certification process, refer to the PECB section on ISO/IEC 27002 Lead Manager

General Information

  • Exam and certification fees are included in the training price
  • A student manual containing over 500 pages of information and practical examples will be distributed to the participants
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants
  • In case of failure of an exam, the participants are allowed to retake the exam for free under certain conditions