Information Security Foundation (S-ISF)

Learn information security fundamentals from practicing information security experts.
EnrollBook as in-company

What will you learn?

  • 9Understand the context of information security and the relationship between information security, legal & regulatory compliance and corporate goals and strategies;
  • 9Grasp the basics of information security risk management and risk assessment;
  • 9Familiarise yourself with ISO 27001 and ISO 27002, the most widely used information security standards;


  • 3 days, 1pm – 5.30pm CEST
  • 8 hours of self-study
  • R1 CPE credit per study hour

Information Security Foundation Course – Beginner’s information security management training

Our Information Security Foundation course was designed by experienced information security officers to help you truly understand the fundamentals of information security management. This beginner’s information security training offers a concise but in-depth coverage of all key topics of information security management, combining best-practice know-how with practical examples, interactive group discussions and fresh insights from the industry.

Starting this course, you will first understand the relationship between information security and corporate governance. You will learn what focus areas information security needs to address to effectively protect an organisation against information security threats, and what capabilities are needed in people, process, technology and business to build an effective information security program. You will familiarise yourself with ISO 27001, the most widely used information security standard, and explore the key elements of designing, implementing and continually improving an information security management system (ISMS). Next, you will grasp the fundamentals of information security risk management and risk assessment, and practice identifying information security risks through authentic scenarios. Finally, with the help of ISO 27001 and its supporting code of practice, ISO 27002, you will gain insight into industry best practice information security controls.

At the end of the course, you will communicate with confidence about information security topics. You will have a good understanding of information security risks, you will be able to identify information security risks in a given context, and you will be competent to identify suitable best-practice physical, organisational and technical information security controls to mitigate specific information security risks.

Is this Information Security Foundation course for you?

Information Security Foundation gives you a solid grounding in information security management principles and best practices. This course is an ideal choice if you aspire to start a career in information security management without a security background. Having completed Information Security Foundation, you will be well-equipped to move on to more advanced information security management trainings and certifications. For example, you will be competent to join our Information Security Practitioner training where you can practice an Information Security Officer’s tasks, from ISO 27001 implementation planning to performing information security risk assessments or developing security awareness programs. You will also be able to follow our ISACA Certified Information Security Manager (CISM) Preparation Course and prepare to earn your ISACA CISM certificate.

Information security awareness and fundamental information security skills are becoming indispensable in all sectors. Do you work with information in any capacity? Completing this Information Security Foundation course and certifying your skills can add extra value to your professional profile.

Finally, we also recommend this training to business owners or (line) managers who would like to oversee and understand their information security responsibilities, or aim to educate their employees on information security beyond ‘traditional’ awareness trainings.


What is included in this Information Security Foundation course?

  • Official SECO-Institute course materials developed by practicing information security officers and consultants;
  • Online training by passionate instructors who are active in the information security industry;
  • Practice exam and exam syllabus so you can fully prepare for your certification exam;
  • Certification exam voucher;
  • Access to the (S)ECO-system, the SECO-Institute’s professional community website where you will find additional resources and exclusive knowledge events.

Module 1: Information Security Management System (ISO 27001) & Code of Practice for Information Security Controls (ISO 27002)

  • Understanding information security standards and frameworks
  • ISO / IEC 27001 and ISO / IEC 27002 in a nutshell
  • Information Security Management System and continuous improvement (Plan – Do – Check – Act)
  • Implementation of ISO / IEC 27001 and ISO / IEC 27002
  • Establishing information security management objectives and understanding information security controls

Module 2: Information and security

  • Information and security: The concept, value, importance and context of information
  • The cornerstones of information security: confidentiality, integrity and availability
  • The influence of information security on operational processes, information architecture and information management
  • Different types of information and information systems

Module 3: Threats and Risks

  • Understanding the concepts of threat and risk and their impact on the reliability of information
  • Types of risk analysis and risk assessment
  • Types of information security threats and countermeasures
  • Information security risk treatment
  • Information security measures
  • Preventing and mitigating information security risks

Module 4: Approach and organisation

  • Information security policies, procedures and codes of conduct
  • Internal information security organisation
  • Management of security incidents
  • Information security roles and responsibilities

Module 5: Measures

  • Physical, technical and organisational information security controls
  • Types and categories of security procedures
  • The importance of access control
  • Identification, authentication and authorisation
  • Business continuity management (BCM) aspects

Module 6: Laws and regulations

  • The most important laws and regulations with a relevance to information security
  • The importance of compliance

Practice Exam

At the end of the course, you will complete a practice exam that mimics the SECO Information Security Foundation Certification Exam. After completing the practice exam, you will have the opportunity to discuss your results with your trainer and the group.

Information Security Foundation Certification Exam

The Information Security Foundation certification exam is conducted by the SECO-Institute, Europe’s leading security and continuity certification body. The exam voucher is included in the course fee, but you need to schedule your exam with the SECO-Institute. Upon successful completion of the exam, you will receive an exam certificate and an invitation to register your official SECO-Information Security Foundation (S-ISF) certification title free of charge. By activating your certification title, you will become a certified professional in your field and you will receive a shareable digital badge to verify your competence to clients, employers and fellow professionals.

Exam information

  • Exam language: English
  • Exam delivery: Online exam with remote proctoring
  • Exam format: 40 multiple-choice questions
  • Duration: 60 minutes

Why earn a SECO Information Security Foundation (S-ISF) certificate?

Information Security Foundation equips you with the knowledge and skills you need to lay the foundations of your information security education and career. By passing the ISF certification exam and earning a SECO-Information Security Foundation (S-ISF) certificate, you demonstrate your ability to:

  • Adopt a holistic approach to information security;
  • Understand fundamental security and risk management concepts;
  • Understand quality improvement cycles and their importance for management systems;
  • Understand and apply the main objectives of information security (confidentiality, integrity and availability or ‘the CIA triad’);
  • Understand the importance and scope of influence of information security;
  • Understand the importance of effective information security governance;
  • Understand information security roles and responsibilities;
  • Describe common information security threats and identify effective preventive, detective, repressive and corrective countermeasures;
  • Describe best-practice physical, technical and organisational security measures;
  • Grasp the basics of information security incident management;
  • Understand the relationship between information security and business continuity management;
  • Understand legal and regulatory requirements relevant to information security.

What are the benefits of an S-ISF certificate?

In a world where information is key to any successful business, demonstrable information security awareness and knowledge can considerably improve your career prospects.

If you have an IT background and would like to transition to information security management, a SECO ISF certification is a sure way to set yourself on the path. The ISF credential validates your ability to approach information security from an executive management point of view, and provides you with a sufficient basis for following more advanced security management trainings. For example, you will be competent to take on our Information Security Practitioner training where you can practice an Information Security Officer’s tasks, from ISO 27001 implementation planning to risk assessments or developing awareness programs. You will also have sufficient knowledge to follow our ISACA Certified Information Security Manager (CISM) Preparation Course and prepare to earn your ISACA CISM certificate.Depending on your interests and background, S-ISF may be your first step towards a career as an information security manager, a cybersecurity consultant, or an information risk manager.

If you work with information in any other field, ISF is an excellent means to give yourself a competitive advantage over your fellow professionals and improve your career prospects. With cyberattacks and data breaches becoming more frequent, employers attach greater importance to their employees’ information security awareness. An ISF certificate demonstrates to potential employers that you have a responsible attitude to information security.

Authors & Lead Trainers

Kenneth Smit

Operational Director at
Ventus IT Professionals


Dennis Zandvliet

Independent IT security-consultant

Edo-Jan Koster

Lead Auditor at
DEKRA Certification

Register now

In-company training tailored to your needs

It is possible to organize the course Incompany. Please contact us for more information.