Information Security Foundation (S-ISF)

Module 1: Information Security Management System (ISO 27001) & Code of Practice for Information Security Controls (ISO 27002)

• Understanding information security standards and frameworks
• ISO / IEC 27001 and ISO / IEC 27002 in a nutshell
• Information Security Management System and continuous improvement (Plan – Do – Check – Act)
• Implementation of ISO / IEC 27001 and ISO / IEC 27002
• Establishing information security management objectives and understanding information security controls

Module 2: Information and security

• Information and security: The concept, value, importance and context of information
• The cornerstones of information security: confidentiality, integrity and availability
• The influence of information security on operational processes, information architecture and information management
• Different types of information and information systems

Module 3: Threats and Risks

• Understanding the concepts of threat and risk and their impact on the reliability of information
• Types of risk analysis and risk assessment
• Types of information security threats and countermeasures
• Information security risk treatment
• Information security measures
• Preventing and mitigating information security risks

Module 4: Approach and organisation

• Information security policies, procedures and codes of conduct
• Internal information security organisation
• Management of security incidents
• Information security roles and responsibilities

Module 5: Measures

• Physical, technical and organisational information security controls
• Types and categories of security procedures
• The importance of access control
• Identification, authentication and authorisation
• Business continuity management (BCM) aspects

Module 6: Laws and regulations

• The most important laws and regulations with a relevance to information security
• The importance of compliance

Practice Exam

At the end of the course, you will complete a practice exam that mimics the SECO Information Security Foundation Certification Exam. After completing the practice exam, you will have the opportunity to discuss your results with your trainer and the group.

Information Security Foundation Certification Exam

The Information Security Foundation certification exam is conducted by the SECO-Institute, Europe’s leading security and continuity certification body. The exam voucher is included in the course fee, but you need to schedule your exam with the SECO-Institute. Upon successful completion of the exam, you will receive an exam certificate and an invitation to register your official SECO-Information Security Foundation (S-ISF) certification title free of charge. By activating your certification title, you will become a certified professional in your field and you will receive a shareable digital badge to verify your competence to clients, employers and fellow professionals.

Exam information

• Exam language: English
• Exam delivery: Online exam with remote proctoring
• Exam format: 40 multiple-choice questions
• Duration: 60 minutes

Why earn a SECO Information Security Foundation (S-ISF) certificate?

Information Security Foundation equips you with the knowledge and skills you need to lay the foundations of your information security education and career. By passing the ISF certification exam and earning a SECO-Information Security Foundation (S-ISF) certificate, you demonstrate your ability to:

• Adopt a holistic approach to information security;
• Understand fundamental security and risk management concepts;
• Understand quality improvement cycles and their importance for management systems;
• Understand and apply the main objectives of information security (confidentiality, integrity and availability or ‘the CIA triad’);
• Understand the importance and scope of influence of information security;
• Understand the importance of effective information security governance;
• Understand information security roles and responsibilities;
• Describe common information security threats and identify effective preventive, detective, repressive and corrective countermeasures;
• Describe best-practice physical, technical and organisational security measures;
• Grasp the basics of information security incident management;
• Understand the relationship between information security and business continuity management;
• Understand legal and regulatory requirements relevant to information security.

What are the benefits of an S-ISF certificate?

In a world where information is key to any successful business, demonstrable information security awareness and knowledge can considerably improve your career prospects.

If you have an IT background and would like to transition to information security management, a SECO ISF certification is a sure way to set yourself on the path. The ISF credential validates your ability to approach information security from an executive management point of view, and provides you with a sufficient basis for following more advanced security management trainings. For example, you will be competent to take on our Information Security Practitioner training where you can practice an Information Security Officer’s tasks, from ISO 27001 implementation planning to risk assessments or developing awareness programs. You will also have sufficient knowledge to follow our ISACA Certified Information Security Manager (CISM) Preparation Course and prepare to earn your ISACA CISM certificate.Depending on your interests and background, S-ISF may be your first step towards a career as an information security manager, a cybersecurity consultant, or an information risk manager.

If you work with information in any other field, ISF is an excellent means to give yourself a competitive advantage over your fellow professionals and improve your career prospects. With cyberattacks and data breaches becoming more frequent, employers attach greater importance to their employees’ information security awareness. An ISF certificate demonstrates to potential employers that you have a responsible attitude to information security.