Skip to main Content

EXIN Information Security Foundation based on ISO/IEC 27001 - Including Exam

  • Course Code ISF-EXIN
  • Duration 2 days

Course Delivery

Company Event Price

Please call

Request Group Training Add to Cart

Jump to:

Course Delivery

This course is available in the following formats:

  • Company Event

    Event at company

Request this course in a different delivery format.

Download Course Details

Course Overview

Top

EXIN Information Security Foundation based on ISO/IEC 27001 certification confirms that the professional understands information security principles and concepts applied in the work environment and knows how to mitigate risk.

Globalization of the economy is leading to an ever-growing exchange of information. This information crosses not only national borders but also the thin lines between private and business domains. The scope of accountability grows together with the information that is managed. The international standard for information security management ISO/IEC 27001 is a widely respected and referenced standard and provides a framework for the organization and management of an information security program.

In the EXIN Information Security Management based on ISO/IEC 27001 program, the following definition is used: information security is the preservation of confidentiality, integrity, and availability of information.

EXIN Information Security Foundation based on ISO/IEC 27001 tests the basic concepts of information security and their relationships. Objectives of this module are to raise awareness that information is valuable and vulnerable, and to learn which controls are necessary to
protect information.

Company Events

These events can be delivered exclusively for your company at our locations or yours, specifically for your delegates and your needs. The Company Events can be tailored or standard course deliveries.

Course Schedule

Top

Contact us for dates

Request Group Training Dates in Other Countries

Target Audience

Top
The EXIN Information Security Foundation based on ISO/IEC 27001 certification is intended for everyone in the organization who is processing information. It is also suitable for entrepreneurs of small independent businesses for whom some basic knowledge of information security is necessary. This certification is a good start for new information security professionals.
Show me more

Course Objectives

Top

The certification covers:

  • information and security
  • threats and risks
  • security controls
  • legislation, regulations, and standards
Show me more

Course Content

Top

1 Information and security

1.1 Concepts relating to information
The candidate can…
1.1.1 explain the difference between data and information.
1.1.2 explain information security management concepts.

1.2 Reliability aspects
The candidate can…
1.2.1 explain the value of the CIA-triangle.
1.2.2 describe the concepts accountability and auditability.

1.3 Securing information in the organization
The candidate can…
1.3.1 outline the objectives and the content of an information security policy.
1.3.2 explain how to ensure information security when working with suppliers.
1.3.3 outline roles and responsibilities relating to information security.

2 Threats and risks

2.1 Threats and risks
The candidate can…
2.1.1 explain threat, risk, and risk management.
2.1.2 describe types of damage.
2.1.3 describe risk strategies.
2.1.4 describe risk analysis.

3 Security controls

3.1 Outlining security controls
The candidate can…
3.1.1 give examples of each type of security control.

3.2 Organizational controls
The candidate can…
3.2.1 explain how to classify information assets.
3.2.2 describe controls to manage access to information.
3.2.3 explain threat and vulnerability management, project management, and incident management in information security.
3.2.4 explain the value of business continuity.
3.2.5 describe the value of audits and reviews.

3.3 People controls
The candidate can…
3.3.1 explain how to enhance information security through contracts and agreements.
3.3.2 explain how to attain awareness regarding information security.

3.4 Physical controls
The candidate can…
3.4.1 describe physical entry controls.
3.4.2 describe how to protect information inside secure areas.
3.4.3 explain how protection rings work.

3.5 Technical controls
The candidate can…
3.5.1 outline how to manage information assets.
3.5.2 describe how to develop systems with information security in mind.
3.5.3 name controls that ensure network security.
3.5.4 describe technical controls to manage access.
3.5.5 describe how to protect information systems against malware, phishing, and spam.
3.5.6 explain how recording and monitoring contribute to information security.

4 Legislation, regulations, and standards

4.1 Legislation and regulations
The candidate can…
4.1.1 give examples of legislation and regulations relating to information security.

4.2 Standards
The candidate can…
4.2.1 outline the ISO/IEC 27000, ISO/IEC 27001, and ISO/IEC 27002 standards.
4.2.2 outline other standards relating to information security.

Show me more

Test Certification

Top

Requirements for certification

  • Successful completion of the EXIN Information Security Foundation based on ISO/IEC 27001 exam

Examination details

  • Examination type: Multiple-choice questions
  • Number of questions: 40
  • Pass mark: 65% (26/40 questions)
  • Open book: No
  • Notes: No
  • Electronic equipment/aides permitted: No
  • Exam duration: 60 minutes

The Rules and Regulations for EXIN’s examinations apply to this exam.

Show me more