Basics of Information Security: ISO 27001 Foundation
Our 2-day-Foundation seminar provides you with the basic knowledge of information security management according to the international standard ISO/IEC 27001. The standard specifies the requirements for the establishment, implementation, maintenance and continuous improvement of a documented information security management system.
The Foundation course is a must for security officers in their own company, freelance security consultants or security auditors. Of course, we prepare our participants intensively for the certification exam. After successfully passing the exam, you will receive a certificate that can be used as proof of achieving competence according to chapter 7.2 of ISO/IEC 27001.
For whom is the ISO 27001 Foundation course suitable?
This Foundation Course is suitable for you, if you
- want to gain a basic understanding for information security management according to ISO 27001.
- are a security manager, a security consultant or security auditor. It is a must for all IT-professionals, -managers and -employees, that want to improve information security in their organization.
Which benefits will I gain from this training?
- After this training, you will be able to assess and prioritize actions according to the ISO 27001 standard.
- You can support a security audit according to this standard. Your knowledge is confirmed by the internationally recognized certificate you have obtained.
- If you successfully pass the exam, you will receive a certificate which can also serve as proof of achieving competence according to chapter 7.2 of ISO/IEC 27001.
ISO 27001 Foundation – English
In this two-day basic seminar on information security management, you will learn about the requirements of the ISO 27001 standard in a practical manner. We will discuss the measures for implementing the standard and prepare you intensively for the certification examination at the end of the training. You do not need any previous knowledge for this training. Course and exam are in English.
Do 21.07. bis
Do 29.09. bis
Do 03.11. bis
Day 1 09:00 am to approx. 4:30 pm
Day 2 09:00 am to approx. 4:30 pm – incl. exam preparation
In two days, in addition to all the major theoretical principles of information security management, audit-related terms and concepts are taught.
The main key points are
- Introduction and basic principles
- The standard family ISO/IEC 27000
- Basics of Information Security Management Systems
- ISO/IEC 27001 – Minimum requirements
- ISO/IEC 27001 – Control objectives and controls
- Related standards and frameworks
- Certifications according to ISO/IEC 27001
How do I get my certification?
The exam is online. You decide when and where you take the exam. Certification body for the personnel certification according to ISO/IEC 27001 at the mITSM is the ICO – International Certification Organization.
Details about the ICO’s online exam
After we have registered you for the online exam, you will receive an email with all important information (usually on the first day of training). Please read this carefully. In the email there is a link to your personal exam page where you will find your ordered exams. For each of your exams, there is a link to a sample exam. This way, you can familiarize yourself with the system, before taking the real one. These links are valid for 30 days. If necessary, the validity can be extended again for 10 more days. The exam can be taken at any time of the day or night during this 30-day-period. The ICO examination system SOE monitors the exam. In case you fail the exam, you may retake it for half the price. For more info, please follow this link to the ICO online exam FAQs and scroll down.
Which format is the Foundation certification exam?
- Language: English
- Duration: 45 Minutes
- Number of questions: 30
- There are two or three possible answers
- One, two or three answer(s) can be correct
- An answer is answered correct if all correct answers and no wrong answers are marked
- At least 60 percent of the questions must be answered correctly to pass.
FAQ - Questions and Answers about Our ISO 27001 Foundation Course
For how long is my ISO 27001 Foundation certificate valid?
The certificate is valid indefinitely. In case of a change of the standard, like the step from ISO 27001:2005 to ISO 27001:2013, we recommend to attend an update course. You can find an interesting article specifically about the 2013 version under Downloads.
How can I become ISMS Security Officer or ISMS Auditor?
In any case, you have to start with our ISO 27001 Foundation.
Then attend the Professional training and pass the associated exam to become a Security Officer. You can now book the Auditor course, which focuses on standard 19011 – Auditing of Management Systems. After passing the exam, you will receive the certificate „ISMS Auditor according to ISO 27001“.
Which version of ISO 27001 are the trainings and certifications based on?
Our ISO 27001 training courses are based on the current German version of the ISO/IEC 27001 standard published in 2017.
In which format is the certification exam?
You finsish our ISO 27001 seminars with the certification exam of the ICO – International Certification Organization. It is an online exam, you can freely choose where and when you takte it.
FAQ - Questions and Answers about ISO 27001
What is ISO/IEC 27001?
ISO/IEC 27001 is a standard developed, issued and maintained by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission). Key objectives of ISO/IEC 27001:
- Establishment of a uniform terminology
- Definition of uniform (standardized) criteria for the assessment of information security
- Simpler and more effective management of information security activities in organizations
Who is the standard ISO 27001 for?
ISO/IEC 27001 is basically not limited to certain industries or types of organizations.
Accordingly, the two main documents of this standard are aimed at all types of organizations. There are some special publications within the scope of this series of standards that have been developed only for specific industries. You will learn more about these in the next two questions/answers).
How is the standard ISO 27001 structured?
ISO/IEC 27001 is a whole series of documents.
They deal with the topic of information security management in either a normative (i.e., requiring) or informative (i.e., recommending) manner. The various documents have different objectives and are partly aimed at different target groups. The central document is ISO/IEC 27001, which deals with the minimum requirements for an information security management system (ISMS) (chapters 4 to 10). On the other hand, Annex A describes over 114 security measures – the so-called controls – in a tabular presentation. The second main document, ISO/IEC 27002, is called the „Code of Practice“ and contains approximately 90 pages of implementation guidance for the controls described in ISO/IEC 27001. In our ISO 27001 training courses, we deal intensively with the individual parts of the standard.
What should one know about the ISO 27001?
ISO/IEC 27001 is the only international standard on information security management.
- The standard consists of not just one, but a series of documents.
- The central document is the ISO/IEC 27001 standard, which is also called the „Specification“ and defines auditable minimum requirements and controls.
- The ISO/IEC 27002 „Code of Practice“ contains implementation instructions for measures to ensure information security.
- ISO/IEC 27001 is a generally applicable standard and is not limited to specific industries. However, there are industry-specific supplements/extensions, such as
- ISO/IEC 27001 for telecommunications companies or ISO/IEC 27799 for healthcare organizations.
- This standard lays the foundation for consistent terminology. Terms such as „value (asset)“, „information security“, „risk analysis“, „risk acceptance“ or „risk treatment“ are defined.
- An ISO/IEC 27001 certificate does not certify that an organization has a maximum level of information security at all times, but demonstrates that it has a comprehensive and effective information security management system (ISMS) and is capable of dealing with security risks.
- The ISO/IEC 27001 standard is closely related to ISO/IEC 20000 (IT service management) and ISO 9000 (quality management). Of all three standards, ISO/IEC 27001 is the most detailed and specialized.
- According to ISO/IEC 27001, the three most important sub-aspects of information security are information availability, confidentiality and integrity.
- The ISO/IEC 27001 standard can be relevant in the context of related frameworks and approaches (such as BSI basic protection catalogs, COBIT, ITSM).
What is a so-called ISMS (Information Security Management System)?
ISO/IEC 27001 uses the term management system in a similar sense to ISO 9001 (standard for quality management).
A management system is the totality of all processes, tools and resources that are used in a coordinated manner to plan, execute, document and continuously improve the management tasks that arise in a target-, customer- and quality-oriented manner. The term ISMS thus describes all processes, procedures and measures (controls) that are planned and applied in an organization to ensure the required level of information security. The controls are accorded a particularly high level of importance.
Is there a connection between ISO/IEC 20000 and ISO/IEC 27001?
Yes. Both standards deal with management systems.
ISO/IEC 27001 specifies requirements and controls for an information security management system (ISMS). ISO/IEC 20000 also describes such requirements in Chapter 6.6. In summary, ISO/IEC 20000-1 contains a highly condensed list of the most important core requirements from ISO/IEC 27001 in Chapter 6.6. Meanwhile, there is a guide, ISO 27013, which deals with how to integrate both management systems.
Where can I download the standard ISO/IEC 27001?
Like all ISO standards, ISO/IEC 27001 is not freely available, but is subject to the license of the International Organization for Standardization (ISO). For example, if you want to download the main ISO/IEC 27001 and ISO/IEC 27002 documents as PDF versions, you will have to pay fees of around 300 euros. As far as our ISO 27001 training courses are concerned: The training price of the mITSM course ISMS Security Officer according to ISO 27001 includes the „Praxisbuch ISO/IEC 27001“ by Dr. Michael Brenner, with all essential parts of DIN ISO/IEC 27001 in text form.