• Training page

ISO/IEC 27002



The ISO/IEC 27000 series of standards provides best practice guidelines for information security management, risks, and controls within the context of an overall Information Security Management System. These best practices are not covered within ITIL. Information Security is gaining importance in the Information Technology (IT). Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet
This comprehensive three-day certification course teaches you how to structure and organize information security within your organization. Overall, you’ll learn the organizational and managerial principles required to define, implement, maintain, comply with and evaluate a logical set of proven measures to safeguard your information’s availability, integrity, and confidentiality. One big reason to look beyond the IT Infrastructure Library (ITIL®) in today’s business climate is the growing recognition of the business exposure and risk related to information security. That’s because globalization is leading to a steady exchange of information between an organization’s employees, customers and suppliers. In turn, this leads to growing use of networks, connections of networks and the internet. These activities rely heavily on IT, making information one of an organization’s most valuable assets. Protection of this information is critical to the continuity and efficiency of both IT and the organization. That’s why there is an international standard for information security – The Code of Practice for Information Security ISO/IEC 27002:2005.

Target group

  • Anyone who wants a basic understanding, of information security, from entry-level personnel to executive managers.
  • Those seeking a career in information technology as well as those whose organizations are preparing for the ISO/IEC 27002 certification.
  • New information security professionals.
  • CIOs, CTOs, CSOs, CFOs
  • VPs and AVPs
  • Anyone responsible for security, governance, audit, compliance, risk, service continuity, disaster recovery
  • Financial Directors
  • Quality Managers
  • Internal Consultants
  • Professional Consultants
  • Service / Help Desk Executivesv
  • Process Coordinator / Managers


The Certificate Information Security Foundation based on ISO/IEC 27002 is part of the qualification program Information Security. The module is followed up by the Certificates Information Security Management Advanced based on ISO/IEC 27002 and Information Security Management Expert based on ISO/IEC 27002.>/p>


Exam content

  1. Information and security: 10%
  2. Threats and risks: 30%
  3. Approach and organization: 10%
  4. Measures: 40%
  5. Legislation and regulations: 10%

Exam Details
Number of multiple-choice questions: 40
Pass mark: 65% (26 out of 40)
Open book: no
Electronic equipment allowed: no


The Swirl logoTMis a trade mark of AXELOS Limited.
ITIL®is a registered trade mark of AXELOS Limited.
PRINCE2®is a Registered Trade Mark of AXELOS Limited.
COBIT®is a trademark of ISACA®registered in the United States and other countries.
CISM CRISC CGEIT CISA® are Registered Trade Marks of the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute
CISSP is a registered mark of The International Information Systems Security Certification Consortium ((ISC)2)