ISO 27000 Information Security Management Systems Professional

Organisations should satisfy the quality, fiduciary and security requirements for their information, as for all assets. Management should also optimise the use of available IT resources, including applications, information, infrastructure and people.

Image description

For many enterprises, information and the technology that supports it represent their most valuable, but often least understood, assets. Successful enterprises recognise the benefits of information technology and use it to drive their stakeholders’ value. These enterprises also understand and manage the associated risks, such as increasing regulatory compliance and critical dependence of many business processes on IT.

Introduction


The ISO/IEC 27000 series of standards has been specifically reserved by ISO for information security matters and is a globally-recognized set of standards that outlines best practices in information security for an organization. The 27000 series is populated with a range of individual standards and documents. The emergence of the ISO/IEC 27000 series of standards is an extremely important development and is re-shaping approaches to information security on a global basis. For the purpose of this certification, two standards of the ISO/IEC 27000 series of standards will be used, and namely ISO/IEC 27001: Information Security Techniques – Information Security Management Systems – Requirements (ISMS) which is the recognized International standard, that provides a model for establishing, implementing, operating,monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS) and ISO/IEC 27002: Information Technology – Security Techniques – Code of Practice for Information Security Management.

Target Group/Audience


This qualification is the second level of the ISO 27000 certification scheme provided by PEOPLECERT, and is aimed at anyone working within an organization (internally or externally) who may require to have and demonstrate a solid knowledge and understanding of the ISO/IEC 27000 series of standards and their practical content. The certification can also cater for candidates seeking certification at a highly practical and not only theoretical level in regards to the standard as well as implementation activities based on the ISO/IEC 27000 series of standards and or candidates who need to prove not only their understanding of the subject but also their ability to practically apply ISO/IEC 27000 series of standards within their organization.


This qualification will provide the Professional level of knowledge to its holders and will certify that they have a solid understanding of the standard and its practical content, catering for the advanced level of knowledge for:


(a) staff responsible for managing implementation of the standard in an organization
(b) external or internal auditors
(c) external consultants or managers

Learning Objectives


As this is the Professional level course, candidates will be introduced to the more advanced principles and elements of the ISO/IEC 27001, 27002, 27003, 27004, 27005 and 27007 standards for Information Security Management, and more specifically:


  • ISO/IEC 27000: provides an overview of information security management systems, which form the subject of the Information Security Management System (ISMS) family of standards, and defines related terms.
  • ISO/IEC 27001: provides the formal specification which defines the requirements that must be achieved for an Information Security Management System (ISMS).
  • ISO/IEC 27002: describes a code of practice for information security management and details hundreds of specific controls which may be applied to secure information and related assets.
  • ISO/IEC 27003: provides practical guidance in developing the implementation plan for an Information Security Management System (ISMS) within an organization in accordance with ISO/IEC 27001.
  • ISO/IEC 27004: provides guidance on the development and use of measures and measurement in order to assess the effectiveness of an implemented Information Security Management System (ISMS) and controls or groups of controls, as specified in ISO/IEC 27001.
  • ISO/IEC 27005: provides guidelines for information security risk management in an organization, supporting in particular the requirements of an Information Security Management System (ISMS) according to ISO/IEC 27001.
  • ISO/IEC 27007: provides guidance on managing an information security management system (ISMS) audit program, on conducting the audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011.

Examination


The PEOPLECERT ISO 27000 Professional certification exam is designed to validate a knowledge of the contents, requirements and application of the standard along the ISO/IEC 27000 – Information Security Management certification path. The exam focuses on the following four categories in the cognitive domain of Bloom’s taxonomy 3:

  1. Knowledge
  2. Comprehension
  3. Apply
  4. Analyze

Entry Criteria/Training Requirements


There are specific entry criteria for candidates of the ISO/IEC 27000 Professional level examination. It is mandatory that candidates at this level of certification attend formal and accredited training on the subject with a minimum duration of 40 hours and that they hold a PEOPLECERT’s ISO 27000 Foundation level certificate. A detailed breakdown of these training hours, per topic area is provided in the syllabus section.

Examination Format

Multiple choice examination questions
40 questions
26 marks required to pass (out of 40 available) - 65%
90 minutes’ duration
Closed book.

Pre-requisite: PEOPLECERT’s ISO 27000 Foundation level certificate.