Information Security Management Systems - ISO/IEC 27001
"ISO/IEC 27001 Foundation training allows you to learn the basic elements to implement and manage an Information Security Management System as specified in ISO/IEC 27001. During this training course, you will be able to understand the different modules of ISMS, including ISMS policy, procedures, performance measurements, management commitment, internal audit, management review and continual improvement.
After completing this course, you can sit for the exam and apply for the “PECB Certificate Holder in ISO/IEC 27001 Foundation” credential. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach."
"Managers and consultants seeking to know more about information security
Professionals wishing to get acquainted with ISO/IEC 27001 requirements for an ISMS
Individuals engaged in or responsible for information security activities in their organization
Individuals wishing to pursue a career in information security"
"Describe the main information security management concepts, principles, and definitions
Explain the main ISO/IEC 27001 requirements for an information security management system (ISMS)
Identify approaches, methods, and techniques used for the implementation and management of an ISMS"
There are no prerequisites to participate in this training course.
"Information security threats and attacks increase and improve constantly. The best form of defense against them is the proper implementation and management of information security controls and best practices. Information security is also a key expectation and requirement of customers, legislators, and other interested parties.
This training course is designed to prepare participants in implementing an information security management system (ISMS) based on ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement.
After attending the training course, you can take the exam. If you successfully pass it, you can apply for a “PECB Certified ISO/IEC 27001 Lead Implementer” credential, which demonstrates your ability and practical knowledge to implement an ISMS based on the requirements of ISO/IEC 27001."
"Managers or consultants involved in and/or concerned with the implementation of an information security management system in an organization
Project managers, consultants, or expert advisers seeking to master the implementation of an information security management system; or individuals responsible to maintain conformity with the ISMS requirements within an organization
Members of the ISMS team"
"By the end of this training course, the participants will be able to:
Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
Interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an implementer
Initiate and plan the implementation of an ISMS based on ISO/IEC 27001, by utilizing PECB’s IMS2 Methodology and other best practices
Support an organization in operating, maintaining, and continually improving an ISMS based on ISO/IEC 27001
Prepare an organization to undergo a third-party certification audit"
The main requirement for participating in this training course is having a general knowledge of the ISMS concepts and ISO/IEC 27001.
"During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.
Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution.
After acquiring the necessary expertise to perform this audit, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27001 Lead Auditor” credential. By holding a PECB Lead Auditor Certificate, you will demonstrate that you have the capabilities and competencies to audit organizations based on best practices."
"Auditors seeking to perform and lead information security management system (ISMS) audits
Managers or consultants seeking to master the information security management system audit process
Individuals responsible to maintain conformity with the ISMS requirements in an organization
Technical experts seeking to prepare for the information security management system audit
Expert advisors in information security management"
"By the end of this training course, the participants will be able to:
Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
Interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an auditor
Evaluate the ISMS conformity to ISO/IEC 27001 requirements, in accordance with the fundamental audit concepts and principles
Plan, conduct, and close an ISO/IEC 27001 compliance audit, in accordance with ISO/IEC 17021-1 requirements, ISO 19011 guidelines, and other best practices of auditing
Manage an ISO/IEC 27001 audit program"
A fundamental understanding of ISO/IEC 27001 and comprehensive knowledge of audit principles.
Information Security Management Systems - ISO/IEC 27001 Transition
"The new version of ISO/IEC 27001 has been recently published and is now aligned with the new version of ISO/IEC 27002, which was published in February, 2022.
The major changes between ISO/IEC 27001:2022 and ISO/IEC 27001:2013 are noticed in the information security controls of Annex A, whereas a few other minor changes are present in the clauses of the standard too. Furthermore, the title of ISO/IEC 27001:2022 differs from the title of ISO/IEC 27001:2013, as now the standard is titled Information security, cybersecurity and privacy protection — Information security management systems — Requirements.
The “PECB ISO/IEC 27001 Transition” training course provides detailed information on the revised clauses, the new terminology, and the differences in the controls of Annex A. Additionally, this training course provides participants with the necessary knowledge to support organizations in planning and implementing the changes in their ISMS to ensure conformity with ISO/IEC 27001:2022. As such, you will be able to participate in projects to transition from an ISMS based on ISO/IEC 27001:2013 to an ISMS based on ISO/IEC 27001:2022.
Once you become acquainted with the new concepts and requirements of ISO/IEC 27001:2022 by attending the training course, you can sit for the exam, and if you successfully pass it, you can apply for the “PECB Certified ISO/IEC 27001 Transition” credential. This certificate will prove that you have up-to-date knowledge and professional capabilities to successfully update an ISMS based on the requirements of ISO/IEC 27001:2022. "
"This training course is intended for:
Individuals seeking to remain up-to-date with ISO/IEC 27001 requirements for an ISMS
Individuals seeking to understand the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022 requirements
Individuals responsible for transitioning an ISMS from ISO/IEC 27001:2013 to ISO/IEC 27001:2022
Managers, trainers, and consultants involved in maintaining an ISMS
Professionals wishing to update their ISO/IEC 27001 certificates"
"Upon successfully completing the training course, participants will be able to:
Explain the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022
Interpret the new concepts and requirements of ISO/IEC 27001:2022
Plan and implement the necessary changes to an existing ISMS in accordance with ISO/IEC 27001:2022"
Participants who attend this training course need to have a fundamental understanding of information security concepts and ISO/IEC 27001 requirements.
Information Security Controls – Best practices - ISO/IEC 27002
"ISO/IEC 27002 Foundation training course enables participants to learn the basic concepts related to the implementation and management of information security controls based on the guidelines of ISO/IEC 27002. Through this training course, participants will be able to identify the information security controls of ISO/IEC 27002 that are categorized into four themes: organizational, people, physical, and technological. The training course also provides information on how ISO/IEC 27002 is related with other standards, such as ISO/IEC 27001 and ISO/IEC 27003.
The training course is followed by an exam. If you pass, you can apply for the “PECB Certificate Holder in ISO/IEC 27002 Foundation” certificate. This certificate demonstrates that you have a general knowledge of ISO/IEC 27002 information security controls. "
"This training course is intended for:
Managers and consultants seeking to know more about information security controls of ISO/IEC 27002
Professionals engaged in or responsible for information security management
Individuals seeking to gain knowledge about the main processes of an information security management system and information security controls
Individuals interested to pursue a career in information security "
"By successfully completing this training course, you will be able to:
Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
Discuss the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
Interpret the ISO/IEC 27002 organizational, people, physical, and technological controls in the specific context of an organization"
There are no prerequisites to participate in this training course.
"ISO/IEC 27002 Manager enables participants to acquire the necessary knowledge and skills to support an organization in selecting, implementing, and managing information security controls based on ISO/IEC 27002. The training course provides information that will help participants in gaining a thorough understanding of how information security risks can be treated by selecting relevant controls, especially in the context of an information security management system (ISMS).
A PECB ISO/IEC 27002 Manager certification will enable you to demonstrate your comprehensive knowledge in the implementation and management of information security controls based on industry best practices."
"This training course is intended for:
Managers involved in the implementation of an information security management system (ISMS) based on ISO/IEC 27001
IT professionals and consultants seeking to enhance their knowledge in information security
Members of an ISMS implementation or information security team
Individuals responsible for information security in an organization"
"By successfully completing this training course, you will be able to:
Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
Discuss the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
Support an organization in effectively determining, implementing, and managing information security controls based on ISO/IEC 27002"
The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27002 and comprehensive knowledge of information security.
"The ISO/IEC 27002 Lead Manager training course enables participants to develop the necessary knowledge and skills for supporting an organization in effectively determining, implementing, and managing information security controls. The training course provides information that will help participants interpret the ISO/IEC 27002 controls in the specific context of an organization.
The PECB ISO/IEC 27002 Lead Manager Certification demonstrates that you have acquired the necessary expertise for determining adequate information security controls needed to treat the risks identified by a risk assessment process.
The training course is followed by an exam. If you pass, you can apply for the “PECB Certified ISO/IEC 27002 Lead Manager” credential."
"This training course is intended for:
Managers or consultants seeking to enhance their knowledge regarding the implementation of information security controls in an ISMS based on ISO/IEC 27001
Individuals responsible for maintaining information security, compliance, risk, or governance in an organization
IT professionals or consultants seeking to enhance their knowledge in information security
Members of an ISMS implementation or information security team"
"Upon successfully completing the training course, participants will be able to:
Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
Acknowledge the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
Interpret the ISO/IEC 27002 information security controls in the specific context of an organization
Support an organization in effectively determining, implementing, and managing information security controls based on ISO/IEC 27002
Explain the approaches and techniques used for the implementation and effective management of information security controls"
The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27002 and comprehensive knowledge of information security controls.
Information Security Risk Management based - ISO/IEC 27005:2022
"ISO/IEC 27005 Foundation is a two-day training course that focuses on the information security risk management process introduced by ISO/IEC 27005 and the structure of the standard. It provides an overview of the guidelines of ISO/IEC 27005 for managing information security risks, including context establishment, risk assessment, risk treatment, communication and consultation, recording and reporting, and monitoring and review.
After attending the training course, you can sit for the exam. If you successfully pass the exam, you can apply for the “PECB Certificate Holder in ISO/IEC 27005 Foundation” designation. This certificate demonstrates that you have a general knowledge of ISO/IEC 27005 guidelines for information security risk management."
"The ISO/IEC 27005 Foundation training course is intended for:
Risk management professionals
Professionals wishing to get acquainted with the guidelines of ISO/IEC 27005 for information security risk management
Personnel tasked with managing information security risks in their area of responsibility
Individuals interested in pursuing a career in information security risk management"
"Upon successful completion of this training course, you will be able to:
Describe the main risk management concepts, principles, and definitions
Interpret the guidelines of ISO/IEC 27005 for managing information security risks
Identify approaches, methods, and techniques used for the implementation and management of an information security risk management program"
There are no prerequisites to participate in this training course.
"The ISO/IEC 27005:2022 Risk Manager training course provides valuable information on risk management concepts and principles outlined by ISO/IEC 27005:2022 and also ISO 31000. The training course provides participants with the necessary knowledge and skills to identify, evaluate, analyze, treat, and communicate information security risks based on ISO/IEC 27005:2022. Furthermore, the training course provides an overview of other best risk assessment methods, such as OCTAVE, MEHARI, EBIOS, NIST, CRAMM, and Harmonized TRA.
The PECB ISO/IEC 27005:2022 Risk Manager certification demonstrates that you comprehend the concepts and principles of information security risk management.
The training course is followed by an exam. After passing the exam, you can apply for the “PECB Certified ISO/IEC 27005:2022 Risk Manager” credential."
"Managers or consultants involved in or responsible for information security in an organization
Individuals responsible for managing information security risks
Members of information security teams, IT professionals, and privacy officers
Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organization
Project managers, consultants, or expert advisers seeking to master the management of information security risks"
"Upon the successful completion of this training course, you will be able to:
Explain the risk management concepts and principles outlined by ISO/IEC 27005:2022 and ISO 31000
Establish, maintain, and improve an information security risk management framework based on the guidelines of ISO/IEC 27005:2022
Apply information security risk management processes based on the guidelines of ISO/IEC 27005:2022
Plan and establish risk communication and consultation activities"
There are no prerequisites to participate in this training course.
"Risk management is an essential component of any information security program. An effective information security risk management program enables organizations to detect, address, mitigate, and even prevent information security risks.
The ISO/IEC 27005:2022 Lead Risk Manager training course provides an information security risk management framework based on ISO/IEC 27005:2022 guidelines, which also supports the general concepts of ISO/IEC 27001. The training course also provides participants with a thorough understanding of other best risk management frameworks and methodologies, such as OCTAVE, EBIOS, MEHARI, CRAMM, NIST, and Harmonized TRA.
The PECB ISO/IEC 27005:2022 Lead Risk Manager certificate demonstrates the individual has acquired the necessary skills and knowledge to successfully perform the processes needed for effectively managing information security risks. It also proves that the individual is able to assist organizations in maintaining and continually improving their information security risk management program.
The training course is followed by an exam. If you pass, you can apply for a “PECB Certified ISO/IEC 27005:2022 Lead Risk Manager” credential. For more information about the examination process, please refer to the Examination, Certification, and General Information section below."
"This training course is intended for:
Managers or consultants involved in or responsible for information security in an organization
Individuals responsible for managing information security risks, such as ISMS professionals and risk owners
Members of information security teams, IT professionals, and privacy officers
Individuals responsible for maintaining conformity with the information security requirements of ISO/IEC 27001 in an organization
Project managers, consultants, or expert advisers seeking to master the management of information security risks"
"By successfully completing this training course, you will be able to:
Explain the risk management concepts and principles based on ISO/IEC 27005:2022 and ISO 31000
Establish, maintain, and continually improve an information security risk management framework based on the guidelines of ISO/IEC 27005:2022 and best practices
Apply information security risk management processes based on the guidelines of ISO/IEC 27005:2022
Plan and establish risk communication and consultation activities
Record, report, monitor, and review the information security risk management process and framework"
The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27005:2022 and comprehensive knowledge of risk management and information security.
Information Security Risk Management - EBIOS Risk Manager - Training Course & Certification
"EBIOS Risk Manager training course enables you to gain the necessary knowledge and develop the necessary competence to master risk management concepts and components related to all assets of relevance for Information Security based on the EBIOS method.
Based on practical exercises and case studies, you will have the opportunity to acquire the necessary skills to perform an optimal Information Security risk assessment and timely risk management by being familiar with its life cycle. This training fits perfectly in the framework of the ISO/IEC 27001 standard implementation process.
After mastering all the necessary concepts of risk assessment using the EBIOS method, you can sit for the exam and apply for a “PECB Certificate Holder in EBIOS Risk Manager” certificate. By holding a PECB Risk Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support an organization in performing risk assessment based on the EBIOS method."
"Individuals seeking to learn and understand the basic concepts of Risk Management
Individuals participating in risk assessment activities using the EBIOS method
Managers seeking to understand the techniques for performing risk assessment based on the EBIOS method
Managers seeking to master the techniques for analyzing and communicating the results of a risk assessment based on the EBIOS method"
"Understand the concepts and basic principles of risk management associated with the use of the EBIOS method
Understand the activities of the EBIOS method in order to follow the completion of studies (pilot, control, reframe) as a work master
Understand and explain the findings of an EBIOS study and its key deliverables
Acquire the necessary skills to carry out an EBIOS study
Acquire the necessary skills to manage security risks of an organization's information systems
Develop the necessary skills to analyze and communicate the results of an EBIOS study"
A fundamental knowledge of risk management.
Information Security Incident Management - ISO/IEC 27035
"ISO/IEC 27035 Foundation training enables you to learn the basic elements to implement an Incident Management Plan and manage Information Security Incidents. During this training course, you will be able to understand Information Security Incident Management processes.
After completing this course, you can sit for the exam and apply for the “PECB Certificate Holder in ISO/IEC 27035 Foundation” certificate. A PECB Foundation Certificate shows that you have understood the fundamental methodologies, requirements, and management approach."
"Individuals interested in Information Security Incident Management process approaches
Individuals seeking to gain knowledge about the main principles and concepts of Information Security Incident Management
Individuals interested to pursue a career in Information Security Incident Management "
"Understand the basic concepts of Information Security Incident Management
Acknowledge the correlation between ISO/IEC 27035 and other standards and regulatory frameworks
Understand the process approaches used to effectively manage Information Security Incidents"
"Basic knowledge on Security Incident Management is preferred.
"
"Whether deliberate or accidental, information security incidents are almost inevitable in the digital age, impacting organizations of all sizes and sectors. Learning to navigate the complexities of information security incident detection, assessment, response, and reporting allows participants to assist organizations in ensuring the safety of their information and reducing negative business consequences.
This training course aligns with ISO/IEC 27001, ISO/IEC 27005, and other standards in the ISO/IEC 27000 series and provides practical guidance on information security.
Upon completing the course and its exam, participants can apply for the ""PECB Certified ISO/IEC 27035 Lead Incident Manager"" credential, showcasing their proficiency in strategically and effectively managing and mitigating information security incidents."
"This training course is intended for:
Managers or consultants seeking to expand their knowledge of information security incident management
Professionals seeking to establish and manage effective incident response teams (IRTs)
IT professionals and information security risk managers seeking to enhance their knowledge in information security incident management
Members of incident response teams
Incident response coordinators or other roles with responsibilities for incident handling and response "
"By the end of this training course, you will be able to:
Explain the fundamental principles of incident management
Develop and implement effective incident response plans tailored to the organization's needs and select an incident response team
Conduct thorough risk assessments to identify potential threats and vulnerabilities within an organization
Apply good practices from various international standards to enhance the efficiency and effectiveness of incident response efforts
Conduct post-incident analysis and identify lessons learned"
The main requirement for participating in this training course is having a general knowledge of incident management processes, information security principles, and the ISO/IEC 27000 family of standards.
Chief Information Security Officer (CISO)
"In recent years, there has been a growing recognition within organizations that they need a designated individual who has the necessary skills to effectively address information security responsibilities. Consequently, the role of the CISO has emerged as an executive-level position, obtaining the information security responsibilities that previously were held by personnel within the IT Department.
Now, organizations have a dedicated professional focused on overseeing and managing all aspects of information security, ensuring a more comprehensive and specialized approach to safeguarding information and information assets.
By attending the PECB CISO training course, you will gain the necessary expertise to oversee and manage information security, ensuring the implementation of robust security measures, the identification and mitigation of information security risks, and the development of effective security strategies tailored to the organization’s specific needs.
In addition, by obtaining the PECB CISO credential, you demonstrate commitment to professional development and ability to take on executive-level responsibilities. Moreover, you will be able to enhance your career prospects, positioning yourself as a highly qualified candidate for senior leadership roles in the field of information security.
The PECB Chief Information Security Officer training course provides you with valuable insights and enables you to develop a comprehensive understanding of the role of a CISO and the steps involved in effectively managing information security within an organization. The training course covers a wide range of topics, including security frameworks, risk assessment, regulatory compliance, and governance.
By attending this training course, you will gain knowledge of emerging security trends and best practices. Additionally, you will learn about the technologies that are essential to information security, including network security, application security, and cloud security."
"This training course is intended for:
Professionals actively involved in information security management
IT managers responsible for overseeing information security programs
Security professionals who aspire to advance into leadership roles, such as security architects, security analysts, and security auditors
Professionals responsible for managing information security risk and compliance within organizations
Experienced CISOs seeking to enhance their knowledge, stay up to date with the latest trends, and refine their leadership skills
Executives, including CIOs, CEOs, and COOs, who play a crucial role in decision-making processes related to information security
Professionals aiming to achieve executive-level roles within the information security field "
"By the end of this training course, participants will be able to:
Explain the fundamental principles and concepts of information security
Comprehend the roles and responsibilities of the CISO and the ethical considerations involved, and address the challenges associated with the role
Design and develop an effective information security program, tailored to the needs of the organization
Adopt applicable frameworks, laws, and regulations and effectively communicate and implement policies to ensure information security compliance
Identify, analyze, evaluate, and treat information security risks, using a systematic and effective approach"
The main requirement for participating in this training course is having a fundamental understanding of information security principles and concepts.
