Basics of Information Security: ISO 27001 Foundation
Our 2-day-Foundation seminar provides you with the basic knowledge of information security management according to the international standard ISO/IEC 27001. The standard specifies the requirements for the establishment, implementation, maintenance and continuous improvement of a documented information security management system.
The Foundation course is a must for security officers in their own company, freelance security consultants or security auditors. Of course, we prepare our participants intensively for the certification exam. After successfully passing the exam, you will receive a certificate that can be used as proof of achieving competence according to chapter 7.2 of ISO/IEC 27001.
For whom is the ISO 27001 Foundation course suitable?
This Foundation Course is suitable for you, if you
- want to gain a basic understanding for information security management according to ISO 27001.
- are a security manager, a security consultant or security auditor. It is a must for all IT-professionals, -managers and -employees, that want to improve information security in their organization.
Which benefits will I gain from this training?
- After this training, you will be able to assess and prioritize actions according to the ISO 27001 standard.
- You can support a security audit according to this standard. Your knowledge is confirmed by the internationally recognized certificate you have obtained.
- If you successfully pass the exam, you will receive a certificate which can also serve as proof of achieving competence according to chapter 7.2 of ISO/IEC 27001.
ISO 27001 Foundation – English
In this two-day basic seminar on information security management, you will learn about the requirements of the ISO 27001 standard in a practical manner. We will discuss the measures for implementing the standard and prepare you intensively for the certification examination at the end of the training. You do not need any previous knowledge for this training. Course and exam are in English.
It entitles to further education to the ISMS Security Officer nach ISO 27001. The Security Officer Certificate is a prerequisite for continuing education with the ISMS Auditor nach ISO 27001.
Mi 28.06. bis
Online Live Online Live Zoom Session mit Live Trainer
Mi 04.10. bis
Online Live Online Live Zoom Session mit Live Trainer
Mi 29.11. bis
Online Live Online Live Zoom Session mit Live Trainer
ISO 27001 Foundation – English
In our ISO 27001 Foundation training, you will learn the basics of information security management according to the international standard ISO/IEC 27001. The following content awaits you:
- Introduction to information security
- Basics of information security management systems (ISMS)
- Requirements of the ISO/IEC 27001:2022 standard
- Risk management in relation to information security
- Implementation and monitoring of measures for information security
- Conducting internal audits and assessing the ISMS
- Preparation for certification according to ISO/IEC 27001:2022
The ISO 27001 Foundation training is aimed at professionals who are responsible for the implementation and maintenance of information security management systems (ISMS), as well as individuals working in IT and security management teams.
This includes, for example:
- IT staff and managers
- IT security officers
- Data protection officers
- IT auditors
- IT consultants
- Project managers
- Familiarity with the concept of risk assessment and treatment
- Understanding of the relationships between the standards of the ISO/IEC 27000 series
- Learn methods for implementing an ISMS
- Improved ability to identify and address security risks
- Improved ability to manage and protect information securely
- Increased customer and stakeholder confidence in information security
- Improved internal communication and collaboration between IT and security personnel
- Improved compliance with legal and regulatory requirements
- Improved planning, implementation, and monitoring of security measures
- Improved business continuity and crisis management
Day 1: 09:00 am to approx. 4:30 pm
Day 2: 09:00 am to approx. 4:30 pm – incl. exam preparation
Key points of the training
In two days, all important theoretical foundations as well as exam-relevant terms and contents will be taught.
- Overview of the ISO/IEC 27000 series
- Basics of information security management systems
- ISO/IEC 27001 – Minimum requirements
- ISO/IEC 27001 – Objectives and measures
- Related standards and frameworks
- Certification options according to ISO/IEC 27001
- Risk management and risk assessment in information security
- Introduction to ISO/IEC 27002 as an important complement to ISO/IEC 27001
- Best practices for information security management systems
- Protection of personal data and privacy
- Physical and logical security of IT systems
- Legal and regulatory requirements for information security management systems
- Establishment, implementation, monitoring, and improvement of an ISMS according to ISO/IEC 27001
- Importance of information security for business and organization
- Methods for implementing ISO/IEC 27001 requirements in practice
How do I get my certification?
The exam is online. You decide when and where you take the exam. Certification body for the personnel certification according to ISO/IEC 27001 at the mITSM is the ICO – International Certification Organization.
Details about the ICO’s online exam
After we have registered you for the online exam, you will receive an email with all important information (usually on the first day of training). Please read this carefully. In the email there is a link to your personal exam page where you will find your ordered exams. For each of your exams, there is a link to a sample exam. This way, you can familiarize yourself with the system, before taking the real one. These links are valid for 30 days. If necessary, the validity can be extended again for 10 more days. The exam can be taken at any time of the day or night during this 30-day-period. The ICO examination system SOE monitors the exam. In case you fail the exam, you may retake it for half the price. For more info, please follow this link to the ICO online exam FAQs and scroll down.
Which format is the Foundation certification exam?
- Language: English
- Duration: 45 Minutes
- Number of questions: 30
- There are two or three possible answers
- One, two or three answer(s) can be correct
- An answer is answered correct if all correct answers and no wrong answers are marked
- At least 60 percent of the questions must be answered correctly to pass.
We also offer this training as an Inhouse-Training, exclusively for your team. Please send us your request via our Inhouse-Form.
In-house training also available as online live training
No matter where your employees are located, whether at the workplace or at home, they can participate in a fully-fledged company in-house training online from there. Our experienced trainers present the same material as in a face-to-face training and are available to answer participants‘ questions during the training. In addition, you save travel costs for the trainer.
We cater to your needs
Do you have special interests? Do you want to focus on specific topics in a company training? We are happy to tailor the training to your individual requirements.
Experts from practice
All of our trainers are certified experts in their fields and are also deployed as consultants on-site with our clients. This means they are familiar with their teaching content from practical experience and can communicate it clearly. As important to us as technical expertise is the inspiring communication of knowledge.
In-house strip card
Alternatively to in-house training, you have the option of sending your employees to our public training sessions with a strip card. A strip card is valid for up to 10 participants attending a seminar, giving you a significant price advantage over individual bookings of the employees. You can find more information about this here: Inhouse-Streifenkarte
FAQ - Questions and Answers about Our ISO 27001 Foundation Course
For how long is my ISO 27001 Foundation certificate valid?
The certificate is valid indefinitely. In case of a change of the standard, like the step from ISO 27001:2005 to ISO 27001:2013, we recommend to attend an update course. You can find an interesting article specifically about the 2013 version under Downloads.
How can I become ISMS Security Officer or ISMS Auditor?
In any case, you have to start with our ISO 27001 Foundation.
Then attend the Professional training and pass the associated exam to become a Security Officer. You can now book the Auditor course, which focuses on standard 19011 – Auditing of Management Systems. After passing the exam, you will receive the certificate „ISMS Auditor according to ISO 27001“.
Which version of ISO 27001 are the trainings and certifications based on?
Our ISO 27001 training courses are based on the current German version of the ISO/IEC 27001 standard published in 2017.
In which format is the certification exam?
You finsish our ISO 27001 seminars with the certification exam of the ICO – International Certification Organization. It is an online exam, you can freely choose where and when you takte it.
FAQ - Questions and Answers about ISO 27001
What is ISO/IEC 27001?
ISO/IEC 27001 is a standard developed, issued and maintained by ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission). Key objectives of ISO/IEC 27001:
- Establishment of a uniform terminology
- Definition of uniform (standardized) criteria for the assessment of information security
- Simpler and more effective management of information security activities in organizations
Who is the standard ISO 27001 for?
ISO/IEC 27001 is basically not limited to certain industries or types of organizations.
Accordingly, the two main documents of this standard are aimed at all types of organizations. There are some special publications within the scope of this series of standards that have been developed only for specific industries. You will learn more about these in the next two questions/answers).
How is the standard ISO 27001 structured?
ISO/IEC 27001 is a whole series of documents.
They deal with the topic of information security management in either a normative (i.e., requiring) or informative (i.e., recommending) manner. The various documents have different objectives and are partly aimed at different target groups. The central document is ISO/IEC 27001, which deals with the minimum requirements for an information security management system (ISMS) (chapters 4 to 10). On the other hand, Annex A describes over 114 security measures – the so-called controls – in a tabular presentation. The second main document, ISO/IEC 27002, is called the „Code of Practice“ and contains approximately 90 pages of implementation guidance for the controls described in ISO/IEC 27001. In our ISO 27001 training courses, we deal intensively with the individual parts of the standard.
What should one know about the ISO 27001?
ISO/IEC 27001 is the only international standard on information security management.
- The standard consists of not just one, but a series of documents.
- The central document is the ISO/IEC 27001 standard, which is also called the „Specification“ and defines auditable minimum requirements and controls.
- The ISO/IEC 27002 „Code of Practice“ contains implementation instructions for measures to ensure information security.
- ISO/IEC 27001 is a generally applicable standard and is not limited to specific industries. However, there are industry-specific supplements/extensions, such as
- ISO/IEC 27001 for telecommunications companies or ISO/IEC 27799 for healthcare organizations.
- This standard lays the foundation for consistent terminology. Terms such as „value (asset)“, „information security“, „risk analysis“, „risk acceptance“ or „risk treatment“ are defined.
- An ISO/IEC 27001 certificate does not certify that an organization has a maximum level of information security at all times, but demonstrates that it has a comprehensive and effective information security management system (ISMS) and is capable of dealing with security risks.
- The ISO/IEC 27001 standard is closely related to ISO/IEC 20000 (IT service management) and ISO 9000 (quality management). Of all three standards, ISO/IEC 27001 is the most detailed and specialized.
- According to ISO/IEC 27001, the three most important sub-aspects of information security are information availability, confidentiality and integrity.
- The ISO/IEC 27001 standard can be relevant in the context of related frameworks and approaches (such as BSI basic protection catalogs, COBIT, ITSM).
What is a so-called ISMS (Information Security Management System)?
ISO/IEC 27001 uses the term management system in a similar sense to ISO 9001 (standard for quality management).
A management system is the totality of all processes, tools and resources that are used in a coordinated manner to plan, execute, document and continuously improve the management tasks that arise in a target-, customer- and quality-oriented manner. The term ISMS thus describes all processes, procedures and measures (controls) that are planned and applied in an organization to ensure the required level of information security. The controls are accorded a particularly high level of importance.
Is there a connection between ISO/IEC 20000 and ISO/IEC 27001?
Yes. Both standards deal with management systems.
ISO/IEC 27001 specifies requirements and controls for an information security management system (ISMS). ISO/IEC 20000 also describes such requirements in Chapter 6.6. In summary, ISO/IEC 20000-1 contains a highly condensed list of the most important core requirements from ISO/IEC 27001 in Chapter 6.6. Meanwhile, there is a guide, ISO 27013, which deals with how to integrate both management systems.
Where can I download the standard ISO/IEC 27001?
Like all ISO standards, ISO/IEC 27001 is not freely available, but is subject to the license of the International Organization for Standardization (ISO). For example, if you want to download the main ISO/IEC 27001 and ISO/IEC 27002 documents as PDF versions, you will have to pay fees of around 300 euros. As far as our ISO 27001 training courses are concerned: The training price of the mITSM course ISMS Security Officer according to ISO 27001 includes the „Praxisbuch ISO/IEC 27001“ by Dr. Michael Brenner, with all essential parts of DIN ISO/IEC 27001 in text form.