Information security is more important than ever before. Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet.
Furthermore, activities of many companies now rely on IT, and information has become a valuable asset.
Protection of information is crucial for the continuity and proper functioning of the organization: information must be reliable. The international standard, the Code of Practice for Information Security ISO/IEC 27002:2005 structures the organization of information security and tests organizational and managerial aspects of information security.
The target audience is people who are professionally involved with the implementation and evaluation of information security and this program is also suitable for small independent businesses for whom some basic knowledge of information security is necessary.
In addition this foundation level provides a good starting point for new information security professionals.
This certification kit contains both the study guide and access to our online program including presentations, exam preparation modules, the sample exam and forum to interact, that together provides everything you need to prepare for the ISO/IEC 27002 Foundation certification exam.
ISO/IEC 27002:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 27002:2005 contains best practices of control objectives and controls in the following areas of information security management:
- security policy;
- organisation of information security;
- asset management;
- human resources security;
- physical and environmental security;
- communications and operations management;
- access control;
- information systems acquisition, development and maintenance;
- information security incident management;
- business continuity management;
- compliance.
The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.