Pre-order ITIL Foundation (Version 5) with a discount!

Ends:

Days
Hours
Minutes
Seconds
Pre-order Now
Sign In
Detectando sua região…

+71k students

EXIN Information Security Management ISO/IEC 27001 Foundation (2022) – ISFS
Official preparatory course for the EXIN exam

Build your package:

✅ Best Choice:
With this package, you get the Course for just 1.00 USD.

628.00 USD

399.00 USD

  • 🇧🇷 Brazilian Portuguese
  • 1-year course access
  • Immediate 24/7 access
  • Exam Voucher - valid for 1 year
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

Money-saving Tip: Add the Exam and get this Course for just 1.00 USD!

129.00 USD

99.00 USD

  • 🇧🇷 Brazilian Portuguese
  • 1-year course access
  • Immediate 24/7 access
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

💡 Money-saving Tip: Add the Course and pay only 1.00 USD for it!

499.00 USD

398.00 USD

  • Exam Voucher - valid for 1 year
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

Build your package:

✅ Best Choice:
With this package, you get the Course for just 1.00 €.

628,00 €

399,00 € incl. VAT

  • 🇧🇷 Brazilian Portuguese
  • 1-year course access
  • Immediate 24/7 access
  • Exam Voucher - valid for 1 year
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

💡 Money-saving Tip: Add the Exam and get this Course for just 1.00 €.

129,00 €

99,00 € incl. VAT

  • 🇧🇷 Brazilian Portuguese
  • 1-year course access
  • Immediate 24/7 access
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

💡 Money-saving Tip: Add the Course and pay only 1,00 € for it!

499,00 €

398,00 € incl. VAT

  • Exam Voucher - valid for 1 year
Get Certified Now

* Discounted price valid for individuals only. For corporate billing, please check our pricing policy

About the course

This EXIN Information Security Management ISO/IEC 27001 Foundation | ISFS Course and Exam are based on the latest version of ISO/IEC 27001:2022. They are official, accredited, and approved by EXIN, aiming to present the fundamental requirements of the ISO/IEC 27001 standard for an Information Security Management System (ISMS). It provides IT professionals with an understanding of the basic principles of information security management, in addition to preparing the candidate for the Information Security Foundation based on ISO/IEC 27001:2022 (ISFS) certification exam.

This course is part of the DPO Track. To become an EXIN Data Protection Officer, you must take this course + EXIN PDPF + PDPP.

The EXIN Certified Data Protection Officer certification naturally begins with the EXIN Privacy & Data Protection Foundation certification. Information security is very important for aspiring DPOs (ISFS). Therefore, the second domain of the Certified Data Protection certification has Information Security as a mandatory discipline.

In combination with the EXIN Privacy & Data Protection Foundation and Professional certifications, this gives candidates a broad understanding of security as a whole. See the image below:

DPOs play a vital role in organizations that process large amounts of data. Business digitalization means that the vast majority of companies are processing increasingly larger volumes of data. To protect customers and themselves, these organizations need to ensure they take the appropriate measures to handle data responsibly.

Who Should Attend

For anyone who wishes to have a basic understanding of information security. This is important knowledge for all personnel in a company or government, as everyone works with information.

Certification & Exam

This course is preparatory for the official EXIN ISFS certification exam.

  • Exam languages: Portuguese, Spanish, and English
  • Number of questions: 40 questions
  • Exam duration: 1 hour
  • Passing score: 65% (26/40)
  • Difficulty level: Easy
  • Prerequisites: EXIN strongly recommends the ISFS preparatory course
  • Open book exam: No
  • Exam format: Online

About Instructor

15 years of excellence in training with over 71,000 successful students.

Adriano is an ITIL Master, consultant, and author of 6 books, bringing 25 years of experience and more than 50 certifications in IT Management, Security, and Governance. As the leader of
the largest ITSM and DPSM community (+220k subscribers on YouTube), he combines his MBA from FGV—one of the world’s top-tier business schools—with a specialization in Neuroscience
to mentor a global network of over 71,000 students. His mission is clear: to demystify complex management and transform technical knowledge into tangible value and market impact.

Adriano Martins Antonio, ITIL 4 Master

Official translator of the ITIL Foundation (Version 5) Guide

Linkedin Youtube Link Medium

Contents

  • About the Official Course
  • About the Training
  • About the General Syllabus
  • About the Exam
  • Change in the Standard’s Name
  • Size of the Standard
  • Control Themes
  • New Control Attributes
  • Examples of New Control Attributes
  • Does a Standard Mean Quality?
  • Related Standards
  • Importance of ISO/IEC 27001:2022
  • How Security is Managed
  • Starting from the Beginning
  • Information Architecture
  • TOGAF
  • Definitions for Information Architecture
  • Information Security Overview
  • Availability, Integrity, and Confidentiality
  • Confidentiality
  • Example of Confidentiality Measures
  • Integrity
  • Example of Integrity Measures
  • Availability
  • Characteristics of Availability
  • Example of Availability Measures
  • Accountability and Auditability
  • NIST Beyond CIA
  • Measures in the Incident Lifecycle
  • Control Attributes
  • Exercises
  • Risk Assessment Mathematics
  • Risk Assessment
  • Risk Management
  • Risk
  • Examples of Risks
  • Threat
  • Vulnerability
  • Exposure
  • Relationship Between Threat and Risk
  • Security Measures
  • Risk Analysis
  • Objectives and Purpose of Risk Analysis
  • Types of Risk Analysis
  • Risk Analysis Type: Quantitative
  • Risk Analysis Type: Qualitative
  • Combined Analysis
  • SLE, ALE, EF, and ARO
  • Measures in the Incident Lifecycle
  • Measures to Reduce Incidents
  • Prevention
  • Detection
  • Avoidance
  • Insurance
  • Acceptance
  • Repression (Suppression)
  • Correction
  • Human Threats
  • Non-Human Threats
  • Types of Damage
  • Types of Risk Strategies
  • Exercises
  • Information Security Focus
  • The Information Security Organization
  • Context of the Organization
  • Information Security Management System (ISMS)
  • ISO 27001 Domains
  • Information Security Policy
  • Hierarchical Content of a Policy
  • Information Security Policy Assessment
  • PDCA Model for the ISMS
  • PDCA for the ISMS
  • PDCA Cycle
  • Ownership or Control
  • Authenticity
  • Utility
  • Diligence and Due Care
  • Value of Data and Information
  • Information Analysis
  • Information System
  • Information Management
  • Interdisciplinary Field of Information Management
  • Distributed Computing
  • Management Type
  • Operational Processes and Information
  • Information Security Process
  • Exercises
  • About Information Security Policy
  • Information Security Roles and Responsibilities
  • Roles
  • Segregation of Duties
  • Management Responsibilities
  • Contact with Authorities
  • Threat Intelligence
  • Information Security in Project Management
  • Exercises
  • Information Asset
  • Inventory
  • Inventory of Information Assets
  • Acceptable Use of Information and Other Assets
  • Return of Assets
  • Information Classification
  • Classification
  • Labeling
  • Examples of Classification and Labels
  • Information Transfer
  • Exercises
  • Access Control
  • Logical Access Control
  • Activities in Access Management
  • Identity Management
  • Authentication Information
  • Access Rights
  • Type of Access Control
  • Security at Access Points
  • Exercises
  • Supplier Relationships
  • ICT Supply Chains
  • Examples of ICT Supply Chains
  • Monitoring, Review, and Change Management of Supplier Services
  • Information Security for Use of Cloud Services
  • Exercises
  • Planning and Preparation for Information Security Incident Management
  • Assessment and Decision on Information Security Events
  • Considerations in the Assessment and Decision on IS Events
  • Example of IS Incidents
  • Example of Procedure in Case of IS Incidents
  • Severity Level
  • Information Security Incident Response
  • Learning from Information Security Incidents
  • Evidence Collection
  • Information Security During Disruption
  • Business Continuity Management Principles
  • ICT Readiness for Business Continuity
  • Exercises
  • Legal, Statutory, Regulatory, and Contractual Requirements
  • Intellectual Property Rights
  • Considerations on Intellectual Property Rights
  • Protection of Records
  • Definition of Personal Data
  • Privacy and Protection of Personal Data
  • Territorial Scope
  • Restrictions on Data Use
  • Additional Duties for Companies
  • Increased Fines
  • Information Security Review
  • Rules for Information Security Review
  • Compliance with Information Security Policies and Standards
  • Information Security Organizations and Standards
  • Documented Operating Procedures
  • Exercises
  • People Controls
  • Control: Screening
  • Terms and Conditions of Employment
  • Awareness, Education, and Training
  • Information Security Awareness, Education, and Training
  • Disciplinary Process
  • Responsibilities After Termination or Change of Employment
  • Confidentiality or Non-Disclosure Agreements
  • Remote Working
  • Elements Considered in Remote Working
  • Information Security Event Reporting
  • Exercises
  • Physical Security Measures
  • Protection Rings
  • Outer Ring
  • Building
  • Rooms and Vaults
  • Physical Security Perimeters
  • Physical Access Controls
  • Access Management
  • Electronic Access Management
  • Other Physical Security Measures
  • Securing Offices, Rooms, and Facilities
  • Physical Security Monitoring
  • Protection Against Physical and Environmental Threats
  • Working in Secure Areas
  • Exercises
  • Clear Desk and Clear Screen
  • Equipment Siting and Protection
  • Special Rooms
  • Protection of Special Rooms
  • Fire-Resistant Cabinets and Security Cabinets
  • Protection Against Moisture
  • Fire Protection
  • Signage
  • Fire Extinguishing Agents
  • Security of Assets Off-Premises
  • Storage Media
  • Secure Disposal
  • Secure Disposal or Reuse of Equipment
  • Secure Transport
  • Emergency Power
  • Cooling
  • Cabling Security
  • Equipment Maintenance
  • Exercises
  • Endpoint Devices
  • User Endpoint Devices
  • Considerations for User Endpoint Devices
  • Remote Working Policy
  • Software Installation on Operating Systems
  • Utility Programs
  • Utility Program Tasks
  • Use of Privileged Utility Programs
  • Exercises
  • Special Access Privileges
  • Restriction of Access to Information
  • Access to Source Code
  • Secure Authentication
  • Secure Password Tips
  • Password Manager
  • Exercises
  • Malware: Malicious Software
  • Phishing
  • Protection Against Phishing
  • Ransomware
  • Example: Clop Ransomware
  • Example: Hidden Ransomware
  • Example: Zeus Gameover
  • Example: News
  • Example: IoT Devices
  • Spam
  • Virus
  • Measures Against Viruses
  • Worm
  • Measures Against Worms
  • Trojan Horse
  • Measures Against Trojan Horses
  • Hoax
  • Measures Against Hoaxes
  • Logic Bomb
  • Spyware
  • Measures Against Spyware
  • Botnet
  • Measures Against Botnets
  • Rootkit
  • Measures Against Rootkits
  • Exercises
  • Network Security
  • Network Security Controls
  • Network Services
  • Security of Network Services
  • Network Segregation
  • Types of Networks
  • Web Filtering
  • Exercises
  • Cryptography
  • Use of Cryptography
  • Cryptography Policy
  • Key Management
  • Examples of Cryptographic Systems
  • Symmetric Cryptography
  • Asymmetric System
  • Asymmetric Cryptography
  • Public Key Infrastructure (PKI)
  • Components of PKI Solutions
  • Digital Signatures
  • One-Way Cryptography (Hash)
  • Exercises
  • Information Deletion
  • Data Masking (Obfuscation)
  • Data Masking Techniques
  • Anonymization or Pseudonymization
  • Data Leakage Prevention (DLP)
  • Data Leakage
  • Preventing Data Leakage
  • Exercises
  • Logging
  • Use of Logging
  • Log Content
  • Log Considerations
  • Activity Monitoring
  • Monitoring
  • Clock Synchronization
  • Exercises
  • Information Backup
  • Redundancies
  • Types of Redundancies
  • Redundant Site
  • On-Demand Emergency Site
  • Personnel Measures
  • Exercises
  • Capacity Management
  • Vulnerability
  • Technical Vulnerability Management
  • Configuration
  • Managing Configuration
  • Configuration Management
  • Change Management
  • Protection of Information Systems During Audit Testing
  • Exercises
  • Secure Development Lifecycle
  • Systems Development Life Cycle (SDLC)
  • Security by Design (SbD)
  • Benefits of Integrating Security into SDLC
  • Application Security Requirements
  • E-commerce Services
  • Publicly Available Information
  • Security Architecture
  • Secure Systems Architecture and Engineering Principles
  • Secure Coding
  • Security Testing in Development and Acceptance
  • Outsourced Development
  • Separation of Development, Testing, and Production Environments
  • Test Information
  • Exercises

Support & Contact

WhatsApp

Chat with us

Email

Send a message

FAQ

Common questions

For over 15 years, PMG Academy has maintained one of the fastest response SLAs in the market. Whether you are a prospective or enrolled student, our average response time is just 15 minutes!

* Business Hours: Monday to Friday, 13:00 to 22:00 (London Time / GMT+0)

Reviews

Lucas El-moor Pereira
BBTS Banco do brasil Tecnologia e serviços
November 30, 2025

Today I successfully completed the "Information Security Management based on ISO/IEC 27001" course promoted by PMG Academy. During the training, I acquired fundamental knowledge about the requirements for implementing and maintaining an Information Security Management System (ISMS), including risk assessment and treatment, definition and application of controls, asset management, access control, physical and logical security, as well as governance and regulatory compliance.

Paulo Cesar Chagas de Azevedo
Santander Serviços Digitais
November 27, 2025

Very explanatory course, met my expectations.

michaz
October 25, 2025

Excellent course.

Previous page 1 2 3 ... 18 Next Page

Who Trusts PMG Academy