ISO/IEC 27035 - Foundation
Summary
This course enables participants to learn about the best practices for implementing and managing an incident management process throughout their organization using the ISO/IEC 27035 standard as a reference framework. This training is fully compatible with ISO/ IEC 27035, which supports ISO/IEC 27001 by providing guidance for incident management. The course material has also taken into consideration leading industry standards, such as NIST SP 800-61.
Who should attend?
- Members of an Information Security Risk Management team
- Professionals wanting to gain a comprehensive knowledge of the main processes of Incident Management
- Staff involved in the implementation of the ISO/IEC 27035 standard
- Persons responsible for information security or conformity within an organization
- Business Continuity Managers
Learning objectives
- To understand the implementation of an Incident Management process
- To understand the relationship between an Incident Management process with the requirements of different stakeholders of the organization
- To know the concepts, approaches, standards, methods and techniques allowing an effective Information Security Incident Management based on ISO/IEC 27035
-
To acquire the necessary knowledge to contribute in implementing an ongoing information security incident management program according to ISO/IEC 27035
Course Agenda
Day 1: Introduction to the incident management framework, according to ISO/IEC 27035
- Information security incident management
- The ISO/IEC 27035 core processes
- Fundamental principles of information security
- Linkage to business continuity
- Legal and ethical issues
Day 2: Organizational Incident Management Process based on ISO/IEC 27035
- Initiating a Security Incident Management Process
- Understanding the organization and clarifying the objectives
- Plan and prepare
- Roles and functions
- Policies and procedures
- Analysis of lessons learned
- Corrective actions
- Competence and evaluation of incident managers •
Day 3: Certification Exam
Prerequisites
Basic knowledge of Incident Management is preferred.
Educational approach
- This training is based on both theory and practice:
- Sessions of lectures illustrated with examples based on real cases
- Review exercises to assist the exam preparation
- Practice test similar to the certification exam
- To benefit from the practical exercises, the number of training participants is limited
Examination and Certification
- The “PECB Certified ISO/IEC 27035 Foundation” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:
- Domain 1: Fundamental principles and concepts of Incident Management
- Domain 2: Information Security Incident Management
- The “PECB Certified Security Incident Foundation” exam is available in different languages (the complete list of languages can be found in the examination application form)
- Duration: 1 hour
- For more information about exam, refer to PECB section on PECB Certified Security Incident Foundation
- A certificate of "PECB Certified ISO/IEC 27035 Foundation" will be issued to participants who successfully pass the exam and comply with all the other requirements related to this credential
General Information
- Certification fees are included in the exam price
- A student manual containing over 200 pages of information and practical examples will be distributed to participants
- A participation certificate of 14 CPD (Continuing Professional Development) credits certificate will be issued to participants
- In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions