ISO/IEC Information Security Controls – Training Courses

What Is ISO/IEC 27002?

ISO/IEC 27002 is an international standard that provides guidelines for selecting and implementing information security controls and for implementing information security standards and practices. It is applicable to organizations of all industries or sizes. ISO/IEC 27002 can be used to develop information security management guidelines tailored to the specific context of an organization.

Originally published in 2005 and then updated in 2013, ISO/IEC 27002 was again revised and published in 2022. This new version provides a list of information security controls generally practiced in the information security industry, along with guidelines for their implementation. ISO/IEC 27002 provides four categories of information security controls: organizational (clause 5), people (clause 6), physical (clause 7), and technological (clause 8).

Why is ISO/IEC 27002 important for you?

An ISO/IEC 27002 training course provides guidelines for implementing, managing, and continually improving information security management in an organization.

Different organizations have different information security needs and capabilities. With that in mind, the controls of ISO/IEC 27002 are designed to be generic and flexible. The PECB ISO/IEC 27002 training courses are focused on equipping participants with the necessary knowledge for selecting, implementing, and managing such controls.

A PECB certification demonstrates the holder’s knowledge and ability to manage information security risks by applying relevant information security controls. It is also proof of their ability to help organizations preserve the confidentiality, integrity, and availability of information, protect against threats and vulnerabilities, and reduce information security risks. Certified ISO/IEC 27002 individuals can be crucial members of an ISMS implementation team.

PECB ISO/IEC 27002 certification benefits

A PECB ISO/IEC 27002 certificate will prove that you have:

  • Understood the implementation of information security controls and control policies based on ISO/IEC 27002 guidelines
  • Obtained practical knowledge of the approaches and techniques used for the implementation and effective management of information security controls
  • Obtained the necessary expertise to support an organization in planning, implementing, and managing information security controls
  • Understood risk management and its importance in determining appropriate information security controls
  • Gained the ability to support organizations in continually improving their information security management system
ISO/IEC 27002 Introduction
ISO/IEC 27002 Foundation
ISO/IEC 27002 Manager
ISO/IEC 27002 Lead Manager

How do I get started with ISO/IEC 27002 training?

PECB experts are more than willing to help you with the certification process and obtaining a PECB Certified ISO/IEC 27002 credential.

Why choose PECB for ISO/IEC 27002 certification?

Certification is one of the key methods of demonstrating your competence and abilities. PECB certifications in information security are internationally recognized and accredited by top relevant authorities. PECB ISO/IEC 27002 certifications are a combination of extensive training and a comprehensive certification process, providing you professional credibility and boosting your opportunities for a successful career in one of the world’s fastest-growing and most in-demand industries.

PECB Certified ISO/IEC 27002 training courses available

Learn more about information security controls by attending the PECB ISO/IEC 27002 training courses. Below you can find the training that best suits you.

ISO/IEC 27002 Introduction training course introduces participants to information security controls of ISO/IEC 27002. 

Why Should You Attend?

ISO/IEC 27002 Introduction training course enables participants to understand the categorization of information security controls outlined in ISO/IEC 27002. The training course provides information on fundamental concepts of information security, cybersecurity, and privacy and the ISO/IEC 27002 standard structure.

By attending the ISO/IEC 27002 Introduction training course, you will understand the importance of an information security management system (ISMS) and the benefits of implementing information security controls based on ISO/IEC 27002.

Who Should Attend?

This training course is intended for:

  • Managers or consultants engaged in information security management
  • Individuals seeking to gain knowledge about the information security controls of ISO/IEC 27002
  • Individuals wishing to pursue a career in information security

Learning Objectives

By the end of this training course, the participants will be able to:

  • Explain the main concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
  • Identify the ISO/IEC 27002 controls for treating information security risks

Educational approach

  • The training course contains multiple-choice quizzes.
  • Participants are encouraged to communicate and engage in discussions and the completion of quizzes.

Prerequisites 

There are no prerequisites to participate in this training course.

Course agenda

  • Day 1: Introduction to information security controls of ISO/IEC 27002

General information

  • Participants will be provided with training course materials containing over 100 pages of information and practical examples.
  • An attestation of course completion worth 7 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.

 

ISO/IEC 27002 Foundation training course provides information on the fundamental concepts of information security, cybersecurity and privacy based on ISO/IEC 27002.

Why Should You Attend?

ISO/IEC 27002 Foundation training course enables participants to learn the basic concepts related to the implementation and management of information security controls based on the guidelines of ISO/IEC 27002. Through this training course, participants will be able to identify the information security controls of ISO/IEC 27002 that are categorized into four themes: organizational, people, physical, and technological. The training course also provides information on how ISO/IEC 27002 is related with other standards, such as ISO/IEC 27001 and ISO/IEC 27003.

The training course is followed by an exam. If you pass, you can apply for the “PECB Certificate Holder in ISO/IEC 27002 Foundation” certificate. This certificate demonstrates that you have a general knowledge of ISO/IEC 27002 information security controls. 

Who Can Attend?

This training course is intended for:

  • Managers and consultants seeking to know more about information security controls of ISO/IEC 27002
  • Professionals engaged in or responsible for information security management 
  • Individuals seeking to gain knowledge about the main processes of an information security management system and information security controls
  • Individuals interested to pursue a career in information security 

Learning Objectives

By successfully completing this training course, you will be able to:

  • Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
  • Discuss the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
  • Interpret the ISO/IEC 27002 organizational, people, physical, and technological controls in the specific context of an organization

Educational Approach

  • This training course contains lecture sessions that are illustrated with practical questions and examples.
  • The participants are encouraged to communicate with each other and engage in discussions when completing quizzes and exercises.
  • The structure of quizzes is similar to that of the certificate exam.

Prerequisites 

There are no prerequisites to participate in this training course. 

Course agenda

  • Day 1: Introduction to ISO/IEC 27002 and organizational controls 

    Day 2: People, physical, and technological controls and certificate exam

Examination

  • The exam fully meets the requirements of the PECB Examination and Certificate Programme. It covers the following competency domains:

    Domain 1: Fundamental principles and concepts of information security, cybersecurity, and privacy 

    Domain 2: Information security controls based on ISO/IEC 27002

    For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

General Information

  • Certificate and examination fees are included in the price of the training course.
  • Training material containing over 200 pages of information and practical examples will be distributed.
  • An attestation of course completion worth 14 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
  • In case of exam failure, you can retake the exam within 12 months for free. 

 

ISO/IEC 27002 Manager training course provides information on the implementation and management of information security controls based on ISO/IEC 27002.

Why should you attend?

ISO/IEC 27002 Manager enables participants to acquire the necessary knowledge and skills to support an organization in selecting, implementing, and managing information security controls based on ISO/IEC 27002. The training course provides information that will help participants in gaining a thorough understanding of how information security risks can be treated by selecting relevant controls, especially in the context of an information security management system (ISMS).

A PECB ISO/IEC 27002 Manager certification will enable you to demonstrate your comprehensive knowledge in the implementation and management of information security controls based on industry best practices.

Who should attend?

This training course is intended for:

  • Managers involved in the implementation of an information security management system (ISMS) based on ISO/IEC 27001 
  • IT professionals and consultants seeking to enhance their knowledge in information security
  • Members of an ISMS implementation or information security team
  • Individuals responsible for information security in an organization

Learning objectives

By successfully completing this training course, you will be able to:

  • Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
  • Discuss the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
  • Support an organization in effectively determining, implementing, and managing information security controls based on ISO/IEC 27002

    Educational approach

    • This training is based on both theory and best practices used in the implementation and management of information security controls.
    • Participants are encouraged to communicate and discuss with each other while partaking in exercises and quizzes.
    • The structure of quizzes is similar to that of the certification exam.

    Prerequisites

    The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27002 and comprehensive knowledge of information security.

Course agenda

  • Day 1: Introduction to ISO/IEC 27002

    Day 2: Information assets, people controls, physical controls, and operational security controls

    Day 3: Information security incident management and monitoring of information security controls and certification exam

Examination

  • The “PECB Certified ISO/IEC 27002 Manager” exam meets all the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

    Domain 1: Fundamental principles and concepts of information security, cybersecurity, and privacy

    Domain 2: Information security controls based on ISO/IEC 27002

    For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification

After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential.

The information security activities should follow best implementation and management practices and include the following:

  1. Drafting an ISMS implementation plan
  2. Managing an information security implementation project
  3. Implementing information security processes
  4. Selecting and implementing information security controls

For more information about ISO/IEC 27002 certifications and the PECB Certification process, please refer to Certification Rules and Policies.

General Information

  • Certification fees and examination fees are included in the price of the training course.
  • Participants will be provided with training material containing over 350 pages of information and practical examples.
  • An attestation of course completion worth 21 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
  • Candidates who have completed the training course but failed the exam are eligible to retake it once for free within a 12-month period from the initial date of the exam.

The ISO/IEC 27002 Lead Manager training course enables participants to acquire a comprehensive knowledge and understanding of the implementation and management of information security controls based on ISO/IEC 27002.

Why Should You Attend?

The ISO/IEC 27002 Lead Manager training course enables participants to develop the necessary knowledge and skills for supporting an organization in effectively determining, implementing, and managing information security controls. The training course provides information that will help participants interpret the ISO/IEC 27002 controls in the specific context of an organization.

The PECB ISO/IEC 27002 Lead Manager Certification demonstrates that you have acquired the necessary expertise for determining adequate information security controls needed to treat the risks identified by a risk assessment process.

The training course is followed by an exam. If you pass, you can apply for the “PECB Certified ISO/IEC 27002 Lead Manager” credential.

Who Should Attend?

This training course is intended for:

  • Managers or consultants seeking to enhance their knowledge regarding the implementation of information security controls in an ISMS based on ISO/IEC 27001
  • Individuals responsible for maintaining information security, compliance, risk, or governance in an organization
  • IT professionals or consultants seeking to enhance their knowledge in information security
  • Members of an ISMS implementation or information security team

Learning Objectives

Upon successfully completing the training course, participants will be able to:

  • Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
  • Acknowledge the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
  • Interpret the ISO/IEC 27002 information security controls in the specific context of an organization
  • Support an organization in effectively determining, implementing, and managing information security controls based on ISO/IEC 27002 
  • Explain the approaches and techniques used for the implementation and effective management of information security controls

Educational Approach

  • The training course integrates both theory and practice by guidance and practical examples for the implementation and management of information security controls.
  • The training course contains essay-type exercises and multiple-choice quizzes, some of which are scenario-based.
  • Participants are encouraged to communicate and discuss with each other while partaking in exercises and quizzes.
  • The structure of quizzes is similar to that of the certification exam.

Prerequisites 

The main requirements for participating in this training course are having a fundamental understanding of ISO/IEC 27002 and comprehensive knowledge of information security controls.

Course agenda

  • Day 1: Introduction to ISO/IEC 27002

    Day 2: Roles and responsibilities, assets, policies, and people controls

    Day 3: Physical controls and protection of information systems and networks

    Day 4: Information security incident management and testing and monitoring of information security controls based on ISO/IEC 27002

    Day 5: Certification exam

Examination

  • The “PECB Certified ISO/IEC 27002 Lead Manager” exam meets all the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

    Domain 1: Fundamental principles and concepts of information security, cybersecurity, and privacy

    Domain 2: Information security management system (ISMS) and initiation of ISO/IEC 27002 information security controls implementation

    Domain 3: Implementation and management of organizational and people controls based on ISO/IEC 27002

    Domain 4: Implementation and management of physical and technological controls based on ISO/IEC 27002

    Domain 5: Performance measurement, testing, and monitoring of ISO/IEC 27002 information security controls

    For specific information about the exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification

After successfully completing the exam, you can apply for one of the credentials shown on the table below. You will receive a certificate once you fulfill all the requirements of the selected credential.

The information security activities should follow best implementation and management practices and include the following:

  1. Drafting an ISMS implementation plan
  2. Managing an information security implementation project
  3. Implementing information security processes
  4. Selecting information security processes
  5. Implementing information security controls

For more information about ISO/IEC 27002 certifications and the PECB certification process, refer to the Certification Rules and Policies.

General Information

  • Certification and examination fees are included in the price of the training course
  • Participants will be provided with training course materials containing over 450 pages of information, practical examples, exercises, and quizzes.
  • An attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
  • Candidates who have completed the training course but failed the exam are eligible to retake it once for free within a 12-month period from the initial date of the exam.