ISO/IEC 27002 – Information Security Foundation (ISFS) Certification Program – 2 Days

On Demand means the course can be scheduled and delivered as a dedicated corporate group session, based on a minimum number of students per session. Sessions identified with delivery dates, are open enrollment sessions for individual students

Program Overview

This exam-preparatory course provides basic coverage of Information Security Foundation based on the ISO/IEC 27002 Standard. Information security is becoming increasingly important and globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet.

Activities of many companies now rely on IT, and information has become a valuable asset, as such protection of information is crucial for the continuity and proper functioning of the organization; information must be reliable.

The international standard, the Code of Practice for Information Security ISO/IEC 27002:2005 structures the organization of information security and provides the basic concepts of information security and their coherence are tested.

The basic knowledge that is tested in this program contributes to the understanding that information is vulnerable and that measures are necessary to protect this information.


No Prerequisites


This program is offered over a 2-day period where the Minimum number of students per session is 6 where the maximum is 16.

  • The course includes 12 hours of student-instructor interaction, a sample and a formal examination. The examination will be held on the afternoon of the 2nd day.
  • The format of the examination consists of a closed book paper of 40 multiple choice complex questions, to be answered within 60 minutes. The pass mark will be 65%.


Everyone in the organization who is processing information. The program is also suitable for Entrepreneurs of small independent businesses for whom some basic knowledge of Information Security is necessary. The program can be a good start for new information security professionals.

Note: The success in achieving this certification is highly dependent upon participants’ effort in doing their homework, and self-study before and during the program.

The content of this program include but not limited to discussion of the following items:

  1. Securing information
  2. Information security
  3. Examples of valuable information
  4. Threats
  5. Damage
  6. Risk
  7. Security measures during the incident cycle
  8. Physical measures
  9. Technical measures
  10. Organizational measures
  11. Legislation and regulations

Delivery Methods

  • Instructor led Classroom based
  • Virtual Web based

Simulation and Practical Application

We provide the students with real life experiences; for the purpose of discussion and to show the value of using best practice, we could use the client organization as “Case study” example (where private course is delivered).

Program Material

This training program includes the following as reference documentation:

  • Program slide presentation
  • Syllabus document
  • Sample examination questions and answers