Information Security Practitioner

5 days

Build your career as an information security manager

Information Security Practitioner (ISP) was designed for information security professionals who aspire to progress into a management or advisory role. ISP offers you the mindset, knowledge and practical skills you need to become a successful Information Security Officer or Manager. During the course, you will draft an information security vision statement, plan and perform information security risk assessments, develop an implementation plan for the ISO/IEC 27001 standard, assess and improve strategic information security policies, develop an effective information security awareness program using behavioural theory and learning theory, and start coordinating activities in the domains of Identity and Access Management and Incident Response. The training ends with a comprehensive case study assignment, where you will review an information security audit report and propose an actionable plan that will help the audited organisation achieve ISO 27001-compliance.

Authors & Lead Trainers

Lies Alderlieste-de Wit
Author & Trainer

CISO at Stater

Chris Wauters
Author & Trainer

Security Transition Manager,
Agile & Security Leadership

Koen Maris
Advisory Board

Cyber Security leader
at PwC Luxembourg

Michael Garceau

Senior Risk Manager,
Founder CipherQuest

Mario Procopio

Interim CISO &
Founder at Pro CISO®

At a Glance

Advanced level

Information Security Practitioner

5 days

Information security professionals looking to progress into a security management role. (Aspiring) information security officers, consultants, security managers, IT Auditors, line managers and project managers with a direct line to the information security practice.

Integrate information security into strategic management and organisational culture, while ensuring compliance with information security laws, regulations and standards.

Adopt a risk-based approach to information security. Balance interests and threats to improve organisational resilience. Apply resilience management principles. Contribute to effective information security governance. Plan and perform information security risk assessments in line with best practices. Develop an implementation plan for the ISO/IEC 27001 standard.

Apply best practice project management principles. Compose and lead a project team.

Evaluate types of information security risks posed by human behaviour. Develop an effective information security awareness action plan based on behavioural, learning and adoption theories.

Identify, prioritise and present key business drivers for Identity and Access Management. Evaluate user authentication methods, identity governance schemes, access governance and authorisation methods and how to achieve good accountability in IAM.

Evaluate organisational aspects of establishing a Computer Security Incident Response Team (CSIRT), the incident response process and fundamentals of incident response policy governance. Understand best practices for security report writing.

Understand how information security audits are performed and learn to interpret audit opinions. Review an audit report and create an actionable improvement plan.

What’s included

  • Official SECO-Institute course materials
  • Training from passionate instructors with exceptional skills
  • Access to the SECO member portal
  • Practice exam
  • Exam voucher
  • Membership to SECO’s Alumni Network after passing the exam


Day 1 – Core Values & Strategic Goals


  • Cyber Security and Information Security
  • Information Security Management Framework (ISMF)
  • Defining a Vision on Information Security
  • Laws and Regulations
  • Standards and Best Practices
  • Developing an Information Security Vision


  • Mission, Vision and Strategy
  • Vision on Information Security

Day 2 – Developing an Information Security Management System


  • Interests, Threats and Resilience
  • Resilience Management Framework
  • Risk Management
  • ISO/IEC 27001
  • Information Security Policy
  • Information Security Profile


  • Resilience Management Framework implementation
  • Risk Assessment
  • ISO27001 implementation
  • Information Security Governance

Day 3 – Human Aspects


  • Project Management: People
  • Project Management: Leadership
  • Project leadership


  • Leadership skills


  • Information Security & Human Behaviour
  • Security Awareness Measures
  • Security Awareness Tools
  • Measuring Behavioural Change
  • Security Awareness Roadmap


  • Security Awareness Program Part 1 – Gain Support
  • Security Awareness Program Part 2 – Security Risks
  • Security Awareness Program Part 5 – Gap Analysis and Awareness Measures

Self-study – Attacker perspectives


  • The Methods of the Hacker
  • Open-Source Intelligence (OSINT)
  • Google Hacking

Day 4 – Domains of IAM and Incident Response


  • Introduction to Identity & Access Management
  • IAM Processes
  • Authentication and Related Services
  • Identity Governance
  • Access Governance
  • Accountability and Identity Intelligence
  • Responsibilities and Implementation


  • Introduction to Incident Response
  • Incident Response Process
  • Policy and Agreements
  • CSIRT Services
  • Reporting


  • Coordinating incident response
  • CSIRT services

Day 5 – The Security Audit


  • Audit, Definition and goals
  • Security audits
  • Audit process
  • In-control statement

In this last case study, students will review an information security audit report and propose an action plan that will help the organization to make this service ISO 27001-compliant.

The training ends with a test exam, followed up with an evaluation and discussion.

Collect your badge of honor


  • Language: English
  • Delivered: Online via a certified proctor
  • Questions: 10 multiple choice, 5 open questions and one case
  • Time: 120 minute

Join our Alumni Network

Dates & locations

This program is conducted by our training partner, Security Academy Online.

Find a Local Training Partner

Organize a class dedicated for your team