Information Security Foundation based on ISO/IEC 27001

Training available in 3 learning modes



Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.

Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their employees, customers and suppliers) and an explosion in the use of networked computers and computing devices.

The international standard for Information Security Management ISO/IEC 27001 is a widely respected and referenced standard and provides a framework for the organization and management of an information security program. Implementing a program based on this standard will serve an organization well in its goal of meeting many of the requirements faced in today’s complex operating environment. A strong understanding of this standard is important to the personal development of every information security professional.

The "Information Security Foundation based on ISO/IEC 27001" training is designed to provide the basic concepts of information security and their relationships. In addition, to raise the awareness that information is valuable and vulnerable, and to learn which measures are necessary to protect information.

Training objectives

 This basic training focuses on:

  • Information and security: the concept, the value, the importance and the reliability of information;
  • Threats and risks: the concepts of threat and risk and the relationship with the reliability of information;
  • Approach and organization: the security policy and security organization including the components of the security organization and management of (security) incidents;
  • Measures: the importance of security measures including physical, technical and organizational measures 
  • Legislation and regulations: the importance and impact of legislation and regulations.

Target group

The training  for Information Security Foundation based on ISO/IEC 27001 is intended for everyone in the organization who is processing information. The module is also suitable for entrepreneurs of small independent businesses for whom some basic knowledge of information security is necessary.

This module can be a good start for new information security professionals.

Bloom level

 The Information Security Foundation based on ISO/IEC 27001 certification tests candidates at Bloom Level 1 and Level 2 according to Bloom’s Revised Taxonomy:

  • Bloom Level 1: Remembering – relies on recall of information. Candidates will need to absorb, remember, recognize and recall. This is the building block of learning before candidates can move on to higher levels.
  • Bloom Level 2: Understanding – a step beyond remembering. Understanding shows that candidates comprehend what is presented and can evaluate how the learning material may be applied in their own environment. This type of questions aims to demonstrate that the candidate is able to organize, compare, interpret and choose the correct description of facts and ideas.

Training duration

Contact hours (face to face learning)

The minimum number of contact hours for the course is 14. This number includes group assignments, exam preparation and short coffee breaks. Not included are: homework, the logistics related to the exam session, the exam session and lunch breaks.

Indication study effort

60 hours, depending on existing knowledge.

Training requirements



Jamal SAAD

Certification body 


EXIN Foundation

Last modified: Tuesday, 26 January 2021, 4:26 PM