Information Security Foundation course
Fundamental understanding of information security and comprehensive introduction in information security management
Information Security Foundation (ISF) introduces you into the world of information security, its basic concepts and building blocks and how they relate to one another. You’ll familiarize yourself with ISO 27001, the most widely used information security standard, evaluate the concept of threat and risk and its relationship to the reliability of information, and gain insight into commonly accepted information security controls. The course is ideal for career starters / switchers looking for an entry level certification in information security, and anyone that wants or needs to learn the basics of information security and fundamentals of information security management. This training is part of SECO’s flagship track that is built on understanding and applying information security (Foundation training), managing information security (Practitioner training) and leading information security (Expert – CISO training).
Lies Alderlieste-de Wit
Author & Trainer
Global Director cybersecurity governance at Danone
Author & Trainer
Security Transition Manager,
Agile & Security Leadership
Cyber Security leader
at PwC Luxembourg
Senior Risk Manager,
At a Glance
Information Security Foundation
Career starters / switchers looking for an entry level certification in information security. Anyone that wants or needs to learn the basics of information security and fundamentals of information security management.
Comprehensive introduction to information security and information security management.
Introduction to ISO27001 and ISO27002.
Learn how to chart potential information security threats.
Explore physical, technical and organizational control measures to protect information.
Basics of Risk Management and Risk Analysis.
How a security organization is designed and operated.
Legal and regulatory requirements relevant to information security.
Day 1 – Information and Security
- The purpose and main characteristics of quality standards
- Implementation challenges and the main categories of requirements
- The Information Security Management System (ISMS)
- Overview of the contents of ISO 27001/2
- The first steps towards the implementation of ISO 27001 and ISO 27002: Information security as a process, control objectives and measures
- Definition of information and information security
- The CIA triad and measures to preserve the CIA of information
- Information systems and information technology
- The value of information: information as a production factor
- Information architecture, operational processes and information, information analysis and information management
- Discussion: What information is valuable to your organisation?
- Definition of vulnerability, threat and risk
- Definitions and objectives of risk assessment, analysis and management. Qualitative and quantitative methods
- Types of security measures: preventive, detective, repressive and corrective measures
- Types of threat and damage: human and nonhuman threats, direct and indirect damage; Annual and Single Loss Expectancy
- Types of risk strategies: risk appetite
- Risk treatment
- Assignment: Categorise potential threats
Day 2 – Information Security Policy and Organization, Measures, Legal and Regulatory Requirements
- The purpose and content of an information security policy
- The purpose and activities of an information security organisation
- Codes of conduct
- Ownership and asset owners
- Security roles and responsibilities: Chief Information Security Officer, Information Security Officer, Information Security Manager
- Information security incidents and incident management: the objectives of incident management, potential causes of incidents, incident management process, incident cycle
- Preventive, detective, repressive and corrective security measures (assignment)
- Information classification
- Physical security measures
- Technical security measures including cryptography. Kerckhoff’s principle and security by obscurity
- The hacker’s toolkit
- Organisational security measures
- Business continuity management
- Group assignment
- Definition, purpose and different types of compliance
- Legal and regulatory compliance relating to information security
- Measures to achieve compliance