ISO/IEC 27002 Lead Manager
What Is ISO/IEC 27002?
ISO/IEC 27002 is an international standard that provides guidelines for selecting and implementing information security controls and for implementing information security standards and practices. It is applicable to organizations of all industries or sizes. ISO/IEC 27002 can be used to develop information security management guidelines tailored to the specific context of an organization.
Originally published in 2005 and then updated in 2013, ISO/IEC 27002 was again revised and published in 2022. This new version provides a list of information security controls generally practiced in the information security industry, along with guidelines for their implementation. ISO/IEC 27002 provides four categories of information security controls: organizational (clause 5), people (clause 6), physical (clause 7), and technological (clause 8)
Why Should You Attend?
The ISO/IEC 27002 Lead Manager training course enables participants to develop the necessary knowledge and skills for supporting an organization in effectively determining, implementing, and managing information security controls. The training course provides information that will help participants interpret the ISO/IEC 27002 controls in the specific context of an organization.
The PECB ISO/IEC 27002 Lead Manager Certification demonstrates that you have acquired the necessary expertise for determining adequate information security controls needed to treat the risks identified by a risk assessment process.
The training course is followed by an exam. If you pass, you can apply for the “PECB Certified ISO/IEC 27002 Lead Manager” credential.
Who Should Attend?
This training course is intended for:
- Managers or consultants seeking to enhance their knowledge regarding the implementation of information security controls in an ISMS based on ISO/IEC 27001
- Individuals responsible for maintaining information security, compliance, risk, or governance in an organization
- IT professionals or consultants seeking to enhance their knowledge in information security
- Members of an ISMS implementation or information security team
Upon successfully completing the training course, participants will be able to:
- Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
- Acknowledge the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
- Interpret the ISO/IEC 27002 information security controls in the specific context of an organization
- Support an organization in effectively determining, implementing, and managing information security controls based on ISO/IEC 27002
- Explain the approaches and techniques used for the implementation and effective management of information security controls
- The training course integrates both theory and practice by guidance and practical examples for the implementation and management of information security controls.
- The training course contains essay-type exercises and multiple-choice quizzes, some of which are scenario-based.
- Participants are encouraged to communicate and discuss with each other while partaking in exercises and quizzes.
- The structure of quizzes is similar to that of the certification exam.
The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27002 and comprehensive knowledge of information security controls.
- Day 1: Introduction to ISO/IEC 27002Day 2: Information security roles and responsibilities, people controls, and physical controlsDay 3: Information security assets, access controls, and protection of information systems and networks
Day 4: Information security incident management and testing and monitoring of information security controls based on ISO/IEC 27002
Day 5: Certification exam