Information Security Foundation (S-ISF)

Learn information security fundamentals from practicing information security experts.
EnrollBook as in-company

What will you learn?

  • 9Understand the context of information security and the relationship between information security, legal & regulatory compliance and corporate goals and strategies;
  • 9Grasp the basics of information security risk management and risk assessment;
  • 9Learn how to mitigate human, organizational, and technological risks.


  • 3 days, 1pm – 5.30pm CEST
  • 8 hours of self-study
  • R1 CPE credit per study hour

Information Security Foundation Course – Beginner’s information security management training

Our Information Security Foundation course was designed by experienced information security officers to help you truly understand the fundamentals of information security management. This beginner’s information security training offers a concise but in-depth coverage of all key topics of information security management, combining best-practice know-how with practical examples, interactive group discussions and fresh insights from the industry. The course encompasses strategies for mitigating human, organizational, and technological risks. Upon completion, participants are equipped to safeguard sensitive information, ensure compliance, and foster a security-conscious culture within their organization.

This foundational training serves as the initial stage in SECO’s distinctive information security training and certification pathway. It lays the groundwork for the Practitioner level, which involves Information Security Officer training with practical exercises in policy development, risk assessment, awareness planning, standard implementation, and improvement planning post-audit. The journey culminates in the Expert – CISO training, focusing on strategic leadership in the field of information security.

Is this Information Security Foundation course for you?

Information Security Foundation gives you a solid grounding in information security management principles and best practices. This course is an ideal choice if you aspire to start a career in information security management without a security background. Having completed Information Security Foundation, you will be well-equipped to move on to more advanced information security management trainings and certifications. For example, you will be competent to join our Information Security Practitioner training where you can practice an Information Security Officer’s tasks, from ISO 27001 implementation planning to performing information security risk assessments or developing security awareness programs. You will also be able to follow our ISACA Certified Information Security Manager (CISM) Preparation Course and prepare to earn your ISACA CISM certificate.

Information security awareness and fundamental information security skills are becoming indispensable in all sectors. Do you work with information in any capacity? Completing this Information Security Foundation course and certifying your skills can add extra value to your professional profile.

Finally, we also recommend this training to business owners or (line) managers who would like to oversee and understand their information security responsibilities, or aim to educate their employees on information security beyond ‘traditional’ awareness trainings.


What is included in this Information Security Foundation course?

  • Official SECO-Institute course materials developed by practicing information security officers and consultants;
  • Online training by passionate instructors who are active in the information security industry;
  • Practice exam and exam syllabus so you can fully prepare for your certification exam;
  • Certification exam voucher;
  • Access to the (S)ECO-system, the SECO-Institute’s professional community website where you will find additional resources and exclusive knowledge events.

Module 1 – Introduction to Information Security:

  • What is information security?
  • The importance of information security for organizations and employees
  • The evolution of information security
  • The information security process in a continuously changing environment
  • Roles and responsibilities to manage information security

Module 2 – Information & Risk:

  • Elements and objectives of the risk management process
  • Standards, laws and regulations, social obligations
  • Relationship with other business plans
  • Data protection & privacy
  • How information risk management is governed
  • Information and enterprise-wide risk management processes
  • Qualitative and quantitative risk assessments
  • Risk assessments & threat modeling
  • Risk governance

Module 3: Risk Mitigation – Human Factor:

  • What is information security awareness?
  • The boundaries of awareness programs

Module 4 – Risk Mitigation – Organizational Focus:

  • The information security framework
  • The use of standards and best practices

Module 5: Risk Mitigation – Technological Focus:

  • Asset management
  • Identity and access management
  • Data protection
  • Vulnerability management
  • Incident response
  • Security intelligence

Practice Exam

At the end of the course, you will complete a practice exam that mimics the SECO Information Security Foundation Certification Exam. After completing the practice exam, you will have the opportunity to discuss your results with your trainer and the group.

Information Security Foundation Certification Exam

The Information Security Foundation certification exam is conducted by the SECO-Institute, Europe’s leading security and continuity certification body. The exam voucher is included in the course fee, but you need to schedule your exam with the SECO-Institute. Upon successful completion of the exam, you will receive an exam certificate and an invitation to register your official SECO-Information Security Foundation (S-ISF) certification title free of charge. By activating your certification title, you will become a certified professional in your field and you will receive a shareable digital badge to verify your competence to clients, employers and fellow professionals.

Exam information

  • Exam language: English
  • Exam delivery: Online exam with remote proctoring
  • Exam format: 40 multiple-choice questions
  • Duration: 60 minutes

Why earn a SECO Information Security Foundation (S-ISF) certificate?

Information Security Foundation equips you with the knowledge and skills you need to lay the foundations of your information security education and career. By passing the ISF certification exam and earning a SECO-Information Security Foundation (S-ISF) certificate, you demonstrate your ability to:

  • Adopt a holistic approach to information security;
  • Understand fundamental security and risk management concepts;
  • Understand quality improvement cycles and their importance for management systems;
  • Understand and apply the main objectives of information security (confidentiality, integrity and availability or ‘the CIA triad’);
  • Understand the importance and scope of influence of information security;
  • Understand the importance of effective information security governance;
  • Understand information security roles and responsibilities;
  • Describe common information security threats and identify effective preventive, detective, repressive and corrective countermeasures;
  • Describe best-practice physical, technical and organisational security measures;
  • Grasp the basics of information security incident management;
  • Understand the relationship between information security and business continuity management;
  • Understand legal and regulatory requirements relevant to information security.

What are the benefits of an S-ISF certificate?

In a world where information is key to any successful business, demonstrable information security awareness and knowledge can considerably improve your career prospects.

If you have an IT background and would like to transition to information security management, a SECO ISF certification is a sure way to set yourself on the path. The ISF credential validates your ability to approach information security from an executive management point of view, and provides you with a sufficient basis for following more advanced security management trainings. For example, you will be competent to take on our Information Security Practitioner training where you can practice an Information Security Officer’s tasks, from ISO 27001 implementation planning to risk assessments or developing awareness programs. You will also have sufficient knowledge to follow our ISACA Certified Information Security Manager (CISM) Preparation Course and prepare to earn your ISACA CISM certificate.Depending on your interests and background, S-ISF may be your first step towards a career as an information security manager, a cybersecurity consultant, or an information risk manager.

If you work with information in any other field, ISF is an excellent means to give yourself a competitive advantage over your fellow professionals and improve your career prospects. With cyberattacks and data breaches becoming more frequent, employers attach greater importance to their employees’ information security awareness. An ISF certificate demonstrates to potential employers that you have a responsible attitude to information security.

Authors & Lead Trainers

Kenneth Smit

Operational Director at
Ventus IT Professionals


Dennis Zandvliet

Independent IT security-consultant

Edo-Jan Koster

Lead Auditor at
DEKRA Certification

Register now

In-company training tailored to your needs

It is possible to organize the course Incompany. Please contact us for more information.