ISMS Foundation

---

The ISMS Foundation course provides participants with the opportunity of acquiring the basic knowledge related to the management of an Information Security Management System based on ISO 27001: risk management (based on ISO 27005), risk management plan, implementation, surveillance, re-examination and operation of an ISMS, continuous improvement of information security, management’s commitment, follow-up and review as well as an introduction to ISO 27001 audit certification.

In addition, the participant will acquire basic knowledge of the best practices in the implementation of information security control measures based on the eleven (11) ISO 27002 domains: security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management, business continuity management and compliance.

Examination and certification: RABQSA

---

• The ISMS Foundation exam is certified by RABQSA and meets the "RABQSA Training Provider Examination Certification Scheme" (TPECS) criteria and covers the competency unit: RABQSA - IS (information security)
• Exam ISMS Foundation is available in English, French or Spanish
• Duration of the exam: 1 hour
• A certificate will be issued to participants who successfully complete the exam

General Information

---

• A copy of the ISO 27001 and ISO 27002 standard is distributed to participants
• A 14 CPE (continuing professional education) participation certificate will be issued to participants
• A kit of templates enabling the implementation of ISO 27001 as well as a student manual containing over 200 pages of information and practical examples will be distributed to participants

Learning objectives

---

• Understanding the application of the information security management system in the ISO 2701:2005 context.
• Understanding the relationship between the information security management system, including the management of risks and controls, and the various stakeholders.
• Introduction to the 11 domains and 133 control measures of ISO27002
• Acquiring basic knowledge of the best practices for implementing information security control measures

Who should participate?

---

• Technician, auditor, consultant or any person wanting to familiarize themselves with ISO 27002 to implement information security control measures.
• Information security team member.
• Expert advisor in information technology

Agenda

---

Day 1: Introduction to the management of an information security management system based on ISO 27001

• Introduction to the ISO 2700 family standards
• Introduction to management systems and the process approach
• Basic concepts in information security
• General requirements: introduction to clauses 4 to 8 (ISO 27001)
• Implementation stage of an ISO 27001 conformity framework
• Introduction to risk management based on ISO 27005
• Continuous improvement of information security
• Conduct of an ISO 27001 audit certification

Day 2: Implementing information security control measures based on ISO 27002

• Introduction to the 11 domains and 133 control measures of ISO 27002
• Development and design of control measures
• Documentation of a control environment
• Surveillance and examination of control measures
• Example of the implementation of control measures