EXIN Information Security Management Professional logo

EXIN Information Security Management Professional based on ISO/IEC 27001

Master ISO/IEC 27001 with our EXIN Information Security Management Professional module, focusing on protecting information across organizational domains.

Category:

This certification is intended for all security professionals who are involved in the implementation, evaluation and reporting of an information security program, including the following roles:

  • information security manager (ISM)
  • Information security officer (ISO)
  • line manager.
  • process manager
  • project manager with security responsibilities.

In order to become certified, a professional need:

  • Successful completion of the EXIN Information Security Management Professional based on ISO/IEC 27001 exam.
  • Accredited EXIN Information Security Management Professional based on ISO/IEC 27001 training, including completion of the practical assignments.
1.1 Business interest of information security
The candidate can…
1.1.1 distinguish types of information based on their business value.
1.1.2 explain the characteristics of a management system for information security.

1.2 Customer perspective on governance
The candidate can…
1.2.1 explain the importance of information governance when outsourcing.
1.2.2 recommend a supplier based on security controls.

1.3 Supplier’s responsibilities in security assurance
The candidate can…
1.3.1 distinguish security aspects in service management processes.
1.3.2 support compliance activities
2.1 Principles of risk management
The candidate can…
2.1.1 explain principles of analyzing risks.
2.1.2 identify risks for classified assets.
2.1.3 calculate risks for classified assets.


2.2 Control risks
The candidate can…
2.2.1 categorize controls based on confidentiality, integrity, and availability.
2.2.2 choose controls based on incident cycle stages.
2.2.3 choose relevant guidelines for applying controls.

2.3 Deal with residual risks
The candidate can…
2.3.1 distinguish risk strategies.
2.3.2 produce business cases for controls.
2.3.3 produce reports on risk analyses.
3.1 Organizational controls
The candidate can…
3.1.1 write policies and procedures for information security.
3.1.2 implement information security incident handling.
3.1.3 perform an awareness campaign in the organization.
3.1.4 implement roles and responsibilities for information security.
3.1.5 support the development and testing of a business continuity plan.

3.2 Technological controls
The candidate can…
3.2.1 explain the purpose of security architectures.
3.2.2 explain the purpose of security services.
3.2.3 explain the importance of security elements in the IT infrastructure.

3.3 Physical controls and people controls
The candidate can…
3.3.1 recommend controls for physical access.
3.3.2 recommend security controls for employment life cycle.
Length of exam 90 Minutes
Number of questions 30
Question format Multiple choice
Passing grade 65%
Exam availability English, Chinese, Portuguese
Testing center Online Proctored / Paper-based

Description

Globalization of the economy is leading to an ever-growing exchange of information. This information crosses not only national borders but also the thin lines between private and business domains. The scope of accountability grows together with the information that is managed. This information must be protected against unauthorized access, safeguarded from accidental or malicious modification or destruction, and must remain available when needed.

The module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational, physical and technical aspects of information security.

 

Related Courses