ISO/IEC 27000The international and independent ISO/IEC standards in the 27000 series provide best practices and requirements on Information Security. ISO/IEC 27002 is the Code of Practice (formerly numbered ISO/IEC 17799). It provides best practice recommendations on Information Security Management for those who are responsible for initiating, implementing or maintaining Information Security Management Systems.
Information Security is defined within the standard in the context of the C-I-A triad: The preservation of confidentiality (ensuring that information is only accessible for those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required. In the future, the ISO/IEC 27000 standardwill be extended with new standards.
Qualification programThe new Qualification Program in Information Security based on ISO/IEC 27002 has a very practical character and includes several key features which distinguish it from other IT Service Management frameworks. The qualification program is based on the internationally recognized best practice standard ISO/IEC 27002 with an emphasis placed on employee awareness of security issues in an organization. It was developed in cooperation with highly respected experts from different companies in the field of information security ensuring the appropriate balance between the knowledge and competencies tested and day-to-day practice.
Independent exams The qualification program consists of two exams and can be easily integrated in educational or awareness programs:- Information Security Foundation based on ISO/IEC 27002 - Information Security Management Advanced based on ISO/IEC 27002For the moment the international qualification will only consist of the two exams mentioned above. At a later stage, and depending on the market demand, it will be decided whether or not to expand the program.
Target groupThe Foundation exam is aimed at everyone in the organization who is involved with information. The goal is to create awareness of each one’s role in Information Security. The exam is also suitable for small independent businesses for which some basic knowledge of Information Security is necessary.
The Advanced exam is intended for everyone who, through their position, is involved with the implementation, evaluation and reporting of information security, such as the Information Security Manager and the Information Security Officer or the Line Manager and Project Manager.
Learn more about the various certification programs.
Learn more about registering for an exam.
Take notice of our 10 tips when preparing for your exam.
Stay informed. Sign up for our quarterly newsletter: