ISO/IEC 27002 - Foundation


This course enables participants to learn about the best practices for implementing and managing Information Security controls as specified in ISO/IEC 27002. This training also helps to understand how ISO/IEC 27002 and ISO/IEC 27001 relate with ISO/IEC 27003 (Guidelines for the implementation of an ISMS), ISO/IEC 27004 (Measurement of information security) and ISO/IEC 27005 (Risk Management in Information Security).


Who should attend?

  • Members of an information security team
  • IT Professionals wanting to gain a comprehensive knowledge of the main processes of Information Security controls
  • Staff involved in the implementation of the ISO/IEC 27002 standard
  • Technicians involved in operations related to an ISMS
  • Auditors
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks


Learning objectives

  • To understand the implementation of Information Security controls in accordance with ISO/IEC 27002
  • To understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
  • To know the concepts, approaches, standards, methods and techniques allowing to effectively implement Information Security controls
  • To acquire the necessary knowledge to contribute in implementing Information Security controls as specified in ISO/IEC 27002


Course Agenda

Day 1: Introduction to Information Security Management System (ISMS) concepts and ISO/IEC 27002

  • Introduction to the ISO/IEC 27000 family of standards
  • Introduction to management systems and the process approach
  • Fundamental principles of information security
  • General requirements: presentation of the clauses 4 to 18 of ISO/IEC 27002
  • Implementation phases of the ISO/IEC 27002 framework
  • Continual improvement of Information Security
  • Conducting an ISO/IEC 27002 certification audit

Day 2: Implementing controls in information security according to ISO/IEC 27002 and Certification Exam

  • Principles and design of information security controls
  • Documentation of an information security control environment
  • Monitoring and reviewing the information security controls
  • Examples of  implementation of information security controls based on ISO/IEC 27002 best practices
  • Certification Exam





Educational approach

  • This training is based on both theory and practice:
    • Sessions of lectures illustrated with examples based on real cases
    • Review exercises to assist the exam preparation
    • Practice test similar to the certification exam

Examination and Certification

  • The “PECB Certified ISO/IEC 27002 Foundation” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts of  information security
    • Domain 2: Information Security control best practices based on ISO/IEC 27002
  • The “PECB Certified ISO/IEC 27002 Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form)
  • Duration: 1 hour
  • For more information about the exam, refer to PECB section on ISO/IEC 27002 Foundation Exam
  • A certificate of “PECB Certified ISO/IEC 27002 Foundation” will be issued to participants who successfully passed the exam and comply with all the other requirements related to this credential
  • For more information about PECB Certified ISO/IEC 27002 certifications and the PECB certification process, refer to PECB section on ISO/IEC 27002 Foundation

 General Information

  • Certification fees are included in the exam price
  • A student manual containing over 200 pages of information and practical examples will be distributed to participants
  • A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to participant
  • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions