Information Security Foundation course

3 days, 4.5 hours a day

Fundamental understanding of information security and a comprehensive introduction to information security management 

Information Security Foundation (ISF) gives you a hands-on introduction to information security management. In this course, you will understand what building blocks are needed for information security and how these building blocks are held together. You’ll familiarise yourself with ISO 27001, the most widely used information security standard, learn to identify relevant information security threats and risks, and gain insight into commonly accepted information security controls. The course is ideal for career starters or career switchers looking for an entry-level certification in information security. We also recommend this course to all professionals and managers looking to get a good understanding of key information security principles and practices.

This Foundation training is the first level of SECO’s unique complete information security training & certification track. It readies you for the Practitioner level (Information Security Officer-level training with hands-on policy development, risk assessment, awareness planning, standard implementation and post-audit improvement planning exercises). The track culminates in an Expert – CISO training focused on strategic information security leadership.

Authors & Lead Trainers

Lies Alderlieste-de Wit
Author & Trainer

Global Director Cybersecurity Governance at Danone

Chris Wauters
Author & Trainer

Security Transition Manager,
Agile & Security Leadership

Koen Maris
Advisory Board

Cyber Security Leader
at PwC Luxembourg

Michael Garceau

Senior Risk Manager,
Founder CipherQuest

Mario Procopio

Interim CISO &
Founder at Pro CISO®

At a Glance

Entry level

Information Security Foundation

3 days, 4.5 hours a day

Career starters and career switchers looking for an entry-level certification in information security. Anyone who wants or needs to learn the fundamentals of information security and information security management.

Get a comprehensive introduction to information security and information security management.

Understand how to use ISO 27001 and ISO 27002, and gain insight into the topics covered.

Learn to chart potential information security threats.

Explore physical, technical and organisational control measures to protect information.

Understand the fundamentals of information security risk management and risk assessment.

Understand information security roles and responsibilities within and outside the internal information security organisation.

Understand legal and regulatory requirements relevant to information security.

What’s included

  • Official SECO-Institute course materials
  • Training by passionate trainers with exceptional skills and industry experience
  • Access to a SECO member portal where we share additional resources and knowledge events
  • Practice exam
  • Exam voucher
  • Membership to SECO’s Alumni Network after passing the exam


Information and Security


  • The purpose and main characteristics of quality standards
  • Implementation challenges and the main categories of requirements
  • The Information Security Management System (ISMS)
  • Overview of the contents of ISO 27001/2
  • The first steps towards the implementation of ISO 27001 and ISO 27002: Information security as a process, control objectives and measures


  • Definition of information and information security
  • The CIA triad and measures to preserve the CIA of information
  • Information systems and information technology
  • The value of information: information as a production factor
  • Information architecture, operational processes and information, information analysis and information management
  • Discussion: What information is valuable to your organisation?


  • Definition of vulnerability, threat and risk
  • Definitions and objectives of risk assessment, analysis and management. Qualitative and quantitative methods
  • Types of security measures: preventive, detective, repressive and corrective measures
  • Types of threat and damage: human and nonhuman threats, direct and indirect damage; Annual and Single Loss Expectancy
  • Types of risk strategies: risk appetite
  • Risk treatment
  • Assignment: Categorise potential threats

Information Security Policy and Organisation, Information Security Controls, Legal and Regulatory Requirements


  • The purpose and content of an information security policy
  • The purpose and activities of an information security organisation
  • Codes of conduct
  • Ownership and asset owners
  • Security roles and responsibilities: Chief Information Security Officer, Information Security Officer, Information Security Manager
  • Information security incidents and incident management: the objectives of incident management, potential causes of incidents, incident management process, incident cycle


  • Preventive, detective, repressive and corrective security measures (assignment)
  • Information classification
  • Physical security measures
  • Technical security measures including cryptography. Kerckhoff’s principle and security by obscurity
  • The hacker’s toolkit
  • Organisational security measures
  • Business continuity management
  • Group assignment


  • Definition, purpose and different types of compliance
  • Legal and regulatory compliance relating to information security
  • Measures to achieve compliance

Collect your badge of honor


  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 40 multiple choice
  • Time: 60 minutes

Join our Alumni Network

Dates & locations

Online Live

3 days

1pm – 5.30pm CEST

June 2023
22, 29
July 2023

Organize a class dedicated for your team