Pre-order ITIL Foundation (Version 5) with a discount!

Ends:

Days
Hours
Minutes
Seconds
Pre-order Now
Sign In
Detectando sua região…

+71k students

EXIN Information Security Management ISO/IEC 27001 Foundation (2022) – ISFS
Official preparatory course for the EXIN exam

Build your package:

✅ Best Choice:
With this package, you get the Course for just 1.00 USD.

628.00 USD

399.00 USD

  • 🇧🇷 Brazilian Portuguese
  • 1-year course access
  • Immediate 24/7 access
  • Exam Voucher - valid for 1 year
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

Money-saving Tip: Add the Exam and get this Course for just 1.00 USD!

129.00 USD

99.00 USD

  • 🇧🇷 Brazilian Portuguese
  • 1-year course access
  • Immediate 24/7 access
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

💡 Money-saving Tip: Add the Course and pay only 1.00 USD for it!

499.00 USD

398.00 USD

  • Exam Voucher - valid for 1 year
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

Build your package:

✅ Best Choice:
With this package, you get the Course for just 1.00 €.

628,00 €

399,00 € incl. VAT

  • 🇧🇷 Brazilian Portuguese
  • 1-year course access
  • Immediate 24/7 access
  • Exam Voucher - valid for 1 year
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

💡 Money-saving Tip: Add the Exam and get this Course for just 1.00 €.

129,00 €

99,00 € incl. VAT

  • 🇧🇷 Brazilian Portuguese
  • 1-year course access
  • Immediate 24/7 access
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

💡 Money-saving Tip: Add the Course and pay only 1,00 € for it!

499,00 €

398,00 € incl. VAT

  • Exam Voucher - valid for 1 year
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

About the course

This EXIN Information Security Management ISO/IEC 27001 Foundation | ISFS Course and Exam are based on the latest version of ISO/IEC 27001:2022. They are official, accredited, and approved by EXIN, aiming to present the fundamental requirements of the ISO/IEC 27001 standard for an Information Security Management System (ISMS). It provides IT professionals with an understanding of the basic principles of information security management, in addition to preparing the candidate for the Information Security Foundation based on ISO/IEC 27001:2022 (ISFS) certification exam.

This course is part of the DPO Track. To become an EXIN Data Protection Officer, you must take this course + EXIN PDPF + PDPP.

The EXIN Certified Data Protection Officer certification naturally begins with the EXIN Privacy & Data Protection Foundation certification. Information security is very important for aspiring DPOs (ISFS). Therefore, the second domain of the Certified Data Protection certification has Information Security as a mandatory discipline.

In combination with the EXIN Privacy & Data Protection Foundation and Professional certifications, this gives candidates a broad understanding of security as a whole. See the image below:

DPOs play a vital role in organizations that process large amounts of data. Business digitalization means that the vast majority of companies are processing increasingly larger volumes of data. To protect customers and themselves, these organizations need to ensure they take the appropriate measures to handle data responsibly.

Who Should Attend

For anyone who wishes to have a basic understanding of information security. This is important knowledge for all personnel in a company or government, as everyone works with information.

Certification & Exam

This course is preparatory for the official EXIN ISFS certification exam.

  • Exam languages: Portuguese, Spanish, and English
  • Number of questions: 40 questions
  • Exam duration: 1 hour
  • Passing score: 65% (26/40)
  • Difficulty level: Easy
  • Prerequisites: EXIN strongly recommends the ISFS preparatory course
  • Open book exam: No
  • Exam format: Online

About Instructor

15 years of excellence in training with over 71,000 successful students.

Adriano is an ITIL Master, consultant, and author of 6 books, bringing 25 years of experience and more than 50 certifications in IT Management, Security, and Governance. As the leader of
the largest ITSM and DPSM community (+220k subscribers on YouTube), he combines his MBA from FGV—one of the world’s top-tier business schools—with a specialization in Neuroscience
to mentor a global network of over 71,000 students. His mission is clear: to demystify complex management and transform technical knowledge into tangible value and market impact.

Adriano Martins Antonio, ITIL 4 Master

Official translator of the ITIL Foundation (Version 5) Guide

Linkedin Youtube Link Medium

Contents

  • About the Official Course
  • About the Training
  • About the General Syllabus
  • About the Exam
  • Change in the Standard’s Name
  • Size of the Standard
  • Control Themes
  • New Control Attributes
  • Examples of New Control Attributes
  • Does a Standard Mean Quality?
  • Related Standards
  • Importance of ISO/IEC 27001:2022
  • How Security is Managed
  • Starting from the Beginning
  • Information Architecture
  • TOGAF
  • Definitions for Information Architecture
  • Information Security Overview
  • Availability, Integrity, and Confidentiality
  • Confidentiality
  • Example of Confidentiality Measures
  • Integrity
  • Example of Integrity Measures
  • Availability
  • Characteristics of Availability
  • Example of Availability Measures
  • Accountability and Auditability
  • NIST Beyond CIA
  • Measures in the Incident Lifecycle
  • Control Attributes
  • Exercises
  • Risk Assessment Mathematics
  • Risk Assessment
  • Risk Management
  • Risk
  • Examples of Risks
  • Threat
  • Vulnerability
  • Exposure
  • Relationship Between Threat and Risk
  • Security Measures
  • Risk Analysis
  • Objectives and Purpose of Risk Analysis
  • Types of Risk Analysis
  • Risk Analysis Type: Quantitative
  • Risk Analysis Type: Qualitative
  • Combined Analysis
  • SLE, ALE, EF, and ARO
  • Measures in the Incident Lifecycle
  • Measures to Reduce Incidents
  • Prevention
  • Detection
  • Avoidance
  • Insurance
  • Acceptance
  • Repression (Suppression)
  • Correction
  • Human Threats
  • Non-Human Threats
  • Types of Damage
  • Types of Risk Strategies
  • Exercises
  • Information Security Focus
  • The Information Security Organization
  • Context of the Organization
  • Information Security Management System (ISMS)
  • ISO 27001 Domains
  • Information Security Policy
  • Hierarchical Content of a Policy
  • Information Security Policy Assessment
  • PDCA Model for the ISMS
  • PDCA for the ISMS
  • PDCA Cycle
  • Ownership or Control
  • Authenticity
  • Utility
  • Diligence and Due Care
  • Value of Data and Information
  • Information Analysis
  • Information System
  • Information Management
  • Interdisciplinary Field of Information Management
  • Distributed Computing
  • Management Type
  • Operational Processes and Information
  • Information Security Process
  • Exercises
  • About Information Security Policy
  • Information Security Roles and Responsibilities
  • Roles
  • Segregation of Duties
  • Management Responsibilities
  • Contact with Authorities
  • Threat Intelligence
  • Information Security in Project Management
  • Exercises
  • Information Asset
  • Inventory
  • Inventory of Information Assets
  • Acceptable Use of Information and Other Assets
  • Return of Assets
  • Information Classification
  • Classification
  • Labeling
  • Examples of Classification and Labels
  • Information Transfer
  • Exercises
  • Access Control
  • Logical Access Control
  • Activities in Access Management
  • Identity Management
  • Authentication Information
  • Access Rights
  • Type of Access Control
  • Security at Access Points
  • Exercises
  • Supplier Relationships
  • ICT Supply Chains
  • Examples of ICT Supply Chains
  • Monitoring, Review, and Change Management of Supplier Services
  • Information Security for Use of Cloud Services
  • Exercises
  • Planning and Preparation for Information Security Incident Management
  • Assessment and Decision on Information Security Events
  • Considerations in the Assessment and Decision on IS Events
  • Example of IS Incidents
  • Example of Procedure in Case of IS Incidents
  • Severity Level
  • Information Security Incident Response
  • Learning from Information Security Incidents
  • Evidence Collection
  • Information Security During Disruption
  • Business Continuity Management Principles
  • ICT Readiness for Business Continuity
  • Exercises
  • Legal, Statutory, Regulatory, and Contractual Requirements
  • Intellectual Property Rights
  • Considerations on Intellectual Property Rights
  • Protection of Records
  • Definition of Personal Data
  • Privacy and Protection of Personal Data
  • Territorial Scope
  • Restrictions on Data Use
  • Additional Duties for Companies
  • Increased Fines
  • Information Security Review
  • Rules for Information Security Review
  • Compliance with Information Security Policies and Standards
  • Information Security Organizations and Standards
  • Documented Operating Procedures
  • Exercises
  • People Controls
  • Control: Screening
  • Terms and Conditions of Employment
  • Awareness, Education, and Training
  • Information Security Awareness, Education, and Training
  • Disciplinary Process
  • Responsibilities After Termination or Change of Employment
  • Confidentiality or Non-Disclosure Agreements
  • Remote Working
  • Elements Considered in Remote Working
  • Information Security Event Reporting
  • Exercises
  • Physical Security Measures
  • Protection Rings
  • Outer Ring
  • Building
  • Rooms and Vaults
  • Physical Security Perimeters
  • Physical Access Controls
  • Access Management
  • Electronic Access Management
  • Other Physical Security Measures
  • Securing Offices, Rooms, and Facilities
  • Physical Security Monitoring
  • Protection Against Physical and Environmental Threats
  • Working in Secure Areas
  • Exercises
  • Clear Desk and Clear Screen
  • Equipment Siting and Protection
  • Special Rooms
  • Protection of Special Rooms
  • Fire-Resistant Cabinets and Security Cabinets
  • Protection Against Moisture
  • Fire Protection
  • Signage
  • Fire Extinguishing Agents
  • Security of Assets Off-Premises
  • Storage Media
  • Secure Disposal
  • Secure Disposal or Reuse of Equipment
  • Secure Transport
  • Emergency Power
  • Cooling
  • Cabling Security
  • Equipment Maintenance
  • Exercises
  • Endpoint Devices
  • User Endpoint Devices
  • Considerations for User Endpoint Devices
  • Remote Working Policy
  • Software Installation on Operating Systems
  • Utility Programs
  • Utility Program Tasks
  • Use of Privileged Utility Programs
  • Exercises
  • Special Access Privileges
  • Restriction of Access to Information
  • Access to Source Code
  • Secure Authentication
  • Secure Password Tips
  • Password Manager
  • Exercises
  • Malware: Malicious Software
  • Phishing
  • Protection Against Phishing
  • Ransomware
  • Example: Clop Ransomware
  • Example: Hidden Ransomware
  • Example: Zeus Gameover
  • Example: News
  • Example: IoT Devices
  • Spam
  • Virus
  • Measures Against Viruses
  • Worm
  • Measures Against Worms
  • Trojan Horse
  • Measures Against Trojan Horses
  • Hoax
  • Measures Against Hoaxes
  • Logic Bomb
  • Spyware
  • Measures Against Spyware
  • Botnet
  • Measures Against Botnets
  • Rootkit
  • Measures Against Rootkits
  • Exercises
  • Network Security
  • Network Security Controls
  • Network Services
  • Security of Network Services
  • Network Segregation
  • Types of Networks
  • Web Filtering
  • Exercises
  • Cryptography
  • Use of Cryptography
  • Cryptography Policy
  • Key Management
  • Examples of Cryptographic Systems
  • Symmetric Cryptography
  • Asymmetric System
  • Asymmetric Cryptography
  • Public Key Infrastructure (PKI)
  • Components of PKI Solutions
  • Digital Signatures
  • One-Way Cryptography (Hash)
  • Exercises
  • Information Deletion
  • Data Masking (Obfuscation)
  • Data Masking Techniques
  • Anonymization or Pseudonymization
  • Data Leakage Prevention (DLP)
  • Data Leakage
  • Preventing Data Leakage
  • Exercises
  • Logging
  • Use of Logging
  • Log Content
  • Log Considerations
  • Activity Monitoring
  • Monitoring
  • Clock Synchronization
  • Exercises
  • Information Backup
  • Redundancies
  • Types of Redundancies
  • Redundant Site
  • On-Demand Emergency Site
  • Personnel Measures
  • Exercises
  • Capacity Management
  • Vulnerability
  • Technical Vulnerability Management
  • Configuration
  • Managing Configuration
  • Configuration Management
  • Change Management
  • Protection of Information Systems During Audit Testing
  • Exercises
  • Secure Development Lifecycle
  • Systems Development Life Cycle (SDLC)
  • Security by Design (SbD)
  • Benefits of Integrating Security into SDLC
  • Application Security Requirements
  • E-commerce Services
  • Publicly Available Information
  • Security Architecture
  • Secure Systems Architecture and Engineering Principles
  • Secure Coding
  • Security Testing in Development and Acceptance
  • Outsourced Development
  • Separation of Development, Testing, and Production Environments
  • Test Information
  • Exercises

Support & Contact

WhatsApp

Chat with us

Email

Send a message

FAQ

Common questions

For over 15 years, PMG Academy has maintained one of the fastest response SLAs in the market. Whether you are a prospective or enrolled student, our average response time is just 15 minutes!

* Business Hours: Monday to Friday, 13:00 to 22:00 (London Time / GMT+0)

Reviews

Ricardo Alves de Matos
Buscando recolocação profissional
February 14, 2024

Once again, I would like to thank Professor Adriano and everyone at PMG Academy for the information acquired. The method, platform, and support are simply fantastic!!! I will DEFINITELY take other training courses and obtain other certifications in partnership with PMG. CONGRATULATIONS!!!

Caroline Gomes
Agrogalaxy
January 29, 2024

I had started the training in the old format and honestly stopped a little over halfway through; it wasn't very didactic, and I ended up not being able to concentrate. Then came this update to this format with Professor Adriano on video, and it turned out so great that in one month I am finishing the training and have absorbed the content immensely. I want to congratulate you on the initiative to re-record in topics and add a quiz at the end of each module; this helps a lot to identify what we need to focus on more.

Thiago Alves
Unifique Telecomunicações SA
January 29, 2024

The course provided me with a very good experience, comprehensively covering the fundamental principles that the standard brings. The course structure was engaging, with clear and updated content, facilitating the understanding of the standard's requirements. The instructor demonstrated deep knowledge and skill in conveying complex information in an accessible manner. With well-crafted courseware and practical exercises, the course offered a solid foundation for those seeking to understand and effectively implement information security practices according to ISO/IEC 27001:2022. I recommend it without hesitation!

Previous page 1 ... 12 13 14 ... 18 Next Page

Who Trusts PMG Academy