Information Security Practitioner (S-ISP)

Practical Information Security Officer training by experienced information security specialists
EnrollBook as in-company

What will you learn?

  • Develop an organisation’s strategic vision on information security and integrate information security into corporate governance, organisational culture and business processes;
  • Assess and improve strategic and issue-specific information security policies;
  • Plan and perform information security risk assessments in line with industry standards and best practices.


  • 10 course days, 7pm – 11pm CE(S)T
  • 47 hours of self-study
  • 1 CPE credit per study hour
  • €4.250,- excl. VAT

Information Security Practitioner Course – A practical Information Security Officer training

Our Information Security Practitioner course was designed by experienced information security specialists to equip you with the knowledge, practical insights, skills and credentials you need to become an Information Security Officer, Manager or Consultant.

In this hands-on Information Security Officer training, you will consolidate your knowledge of information security and practice an Information Security Officer’s tasks with realistic hands-on assignments in a simulated company environment. First, you will learn how to incorporate information security into an organisation’s governance and culture by developing a strategic vision on information security based on the organisation’s mission, vision, strategy, compliance needs, stakeholder expectations and information security posture. Following the development of a strategic vision, you will be challenged to assess and improve information security policies, perform information security risk assessments, develop ISO 27001 implementation plans, and build a project team to carry out information security projects.

As an Information Security Officer, you may be responsible for raising information security awareness in your organisation. To improve your skills in this area, you will develop an information security awareness action plan tailored to the needs of a specific target group based on behavioural theory.

In addition to the management aspects of information security, you will also grasp the fundamentals of attacker techniques. You will learn how to use open-source intelligence (OSINT) to proactively protect information against emerging threats. Subsequently, you will acquire the essentials of coordinating identity & access management and incident management activities. You will understand access governance and authorisation methods, and explore how to ensure accountability in identity & access management. You will grasp the organisational aspects of establishing an internal Computer Security Incident Response Team (CSIRT), immerse yourself in the incident handling process, identify key performance indicators for incident management and other information security processes, and write effective security reports.

Finally, you will put your newly acquired information security management skills to review an information security audit report and propose an actionable plan that will help the audited company to achieve ISO 27001-compliance.

Is this Information Security Practitioner course for you?

Are you starting a career in information security management? This Information Security Officer training equips you with the skills and credentials you need to become an Information Security Officer, Information Security Manager, Information Security Coordinator, or Information Security Consultant. Are you a line manager or project manager with a direct line to the information security practice? You will also benefit from industry insights and some hands-on practice on information security policies, risk assessments, awareness planning and ISO 27001-implementation.

What is included in this Information Security Practitioner course?

  • Official SECO-Institute course materials developed by practicing information security officers and consultants;
  • Online training by passionate instructors who are active in the information security industry;
  • Practice exam and exam syllabus so you can fully prepare for your certification exam;
  • Certification exam voucher;
  • Access to the (S)ECO-system, the SECO-Institute’s professional community website where you will find additional resources and exclusive knowledge events.

Information Security Practitioner Course Modules

Module 1: Defining Core Values & Strategic Goals for Information Security


  • Cyber Security and Information Security
  • Information Security Management Framework (ISMF)
  • Defining a Vision on Information Security
  • Laws and Regulations
  • Standards and Best Practices
  • Developing an Information Security Vision


  • Mission, Vision and Strategy
  • Vision on Information Security

Module 2: Developing an Information Security Management System


  • Interests, Threats and Resilience
  • Resilience Management Framework
  • Risk Management
  • ISO/IEC 27001
  • Information Security Policy
  • Information Security Profile


  • Resilience Management Framework implementation
  • Risk Assessment
  • ISO27001 implementation
  • Information Security Governance

Module 3: Human Aspects I: Project Management & Leadership


  • Project Management: People
  • Project Management: Leadership
  • Project leadership


  • Leadership skills

Module 4: Human Aspects II: Security Awareness


  • Information Security & Human Behaviour
  • Security Awareness Measures
  • Security Awareness Tools
  • Measuring Behavioural Change
  • Security Awareness Roadmap


  • Security Awareness Program Part 1 – Gain Support
  • Security Awareness Program Part 2 – Security Risks
  • Security Awareness Program Part 5 – Gap Analysis and Awareness Measures

Module 5: Methods of a Hacker, OSINT & Google Hacking


  • The Methods of the Hacker
  • Open-Source Intelligence (OSINT)
  • Google Hacking

Module 6: Identity & Access Management


  • Introduction to Identity & Access Management
  • IAM Processes
  • Authentication and Related Services
  • Identity Governance
  • Access Governance
  • Accountability and Identity Intelligence
  • Responsibilities and Implementation

Module 7: Incident Response & Reporting


  • Introduction to Incident Response
  • Incident Response Process
  • Policy and Agreements
  • CSIRT Services
  • Reporting


  • Coordinating incident response
  • CSIRT services

Module 8: Information Security Audit


  • Audit, Definition and goals
  • Security audits
  • Audit process
  • In-control statement

Module 9: Final Assignment

In this last case study, you will review an information security audit report. Using all you have learnt in the course, you will propose an action plan that will help the audited company to achieve ISO 27001-compliance.

Practice Exam

On your last course day, you will complete a practice exam that mimics the SECO Information Security Practitioner Certification Exam. Having completed the practice exam, you will also have the opportunity to discuss your results with your trainer and the group.

Information Security Practitioner Certification Exam

The certification exam is conducted by the SECO-Institute, Europe’s leading security and continuity certification body. The exam voucher is included in the course fee, but you need to schedule your exam with the SECO-Institute. Upon successful completion of the exam, you will receive an exam certificate and an invitation to register your official SECO-Information Security Practitioner (S-ISP) certification title. By activating your certification title, you will become a certified professional in your field and you will receive a shareable digital badge to verify your competence to clients, employers and fellow professionals.

Exam information

  • Exam language: English
  • Exam delivery: Online exam via a certified proctor
  • Exam format: 10 multiple-choice questions, 5 open questions and one case study
  • Passing score: 60%
  • Duration: 120 minutes

Why earn a SECO Information Security Practitioner (S-ISP) certificate?

By passing the S-ISP certification exam and earning a SECO-Information Security Practitioner (S-ISP) certificate, you demonstrate high-level, industry-relevant information security management skills. Most importantly, the S-ISP certificate attests to your ability to integrate information security into corporate governance, organisational culture and business processes, assess and treat information security risks, manage information security projects, interpret information security audit reports, and implement audit recommendations to improve information security compliance and governance.

What are the benefits of an S-ISP certificate?

Information security jobs can be found in every sector, from healthcare to financial services and public administration. As technology develops and security threats evolve, organisations are increasingly looking for professionals who can ensure their security and continuity prospects. An S-ISP certificate allows you to demonstrate core competencies employers look for in aspiring information security managers. With security jobs on the rise and a worldwide security skills shortage, earning an S-ISP title is a unique opportunity to launch and enjoy a rewarding career in a constantly expanding field.

Authors & Lead Trainers

Kenneth Smit

Operational Director at
Ventus IT Professionals

Dennis Zandvliet

Independent IT security-consultant

Edo-Jan Koster

Lead Auditor at
DEKRA Certification

Dr. Rob van der Staaij

IAM & IT-Infrastructure specialist

Jochen den Ouden

Ethical Hacker
Cyber Security specialist

Register now

In-company training tailored to your needs

Schedule this training as in-company. Upskill your entire team in the most cost-effective way!