What is included?

• You have 12 months time as of reception of the learning material to learn, do the exam and get your certification
  
• Certification and examination fees are included in the price of the training course 
• Training material containing over 400 pages of information and practical examples will be distributed  
  
• An Attestation of Course Completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course. 
• In case candidates do not pass the exam, they are entitled to a free retake within 12 months from the date the coupon code is received  
• + 20% reduction on the first year subscription for our all-in-one ISMS/GRC management solution
  

Why should you take this training course?

The ISO/IEC 27002 Lead Manager training course enables participants to develop the necessary knowledge and skills for supporting an organization in effectively determining, implementing, and managing information security controls. The training course provides information that will help participants interpret the ISO/IEC 27002 controls in the specific context of an organization.

The PECB ISO/IEC 27002 Lead Manager Certification demonstrates that you have acquired the necessary expertise for determining adequate information security controls needed to treat the risks identified by a risk assessment process.

The training course is followed by an exam. If you pass, you can apply for the “PECB Certified ISO/IEC 27002 Lead Manager” credential.

Who should attend?

This training course is intended for:

• Managers or consultants seeking to enhance their knowledge regarding the implementation of information security controls in an ISMS based on ISO/IEC 27001
• Individuals responsible for maintaining information security, compliance, risk, or governance in an organization
• IT professionals or consultants seeking to enhance their knowledge in information security
• Members of an ISMS implementation or information security team

Training course structure

Module 1: Introduction to ISO/IEC 27002

• Training course objectives and structure
• Standards and regulatory frameworks
• Fundamental concepts of information security, cybersecurity, and privacy
• Information security management system (ISMS) and ISO/IEC 27002
• Analyzing the organization’s existing security architecture
• Understanding information security risks

Module 2: Roles and responsibilities, assets, policies, and people controls

• Selection and design of controls
• Information security policies, procedures, and roles and responsibilities
• Information assets and access controls
• People controls

Module 3: Physical controls and protection of information systems and networks

• Physical controls
• Operational security controls
• Protection of information systems and network controls

Module 4: Information security incident management and testing and monitoring of information security controls based on ISO/IEC 27002

• Supplier relationships and ICT supply chain
• Information security incident management
• Information security testing
• Monitoring information security controls
• Continual improvement
• Closing of the training course

Certification Exam

Learning objectives

Upon successfully completing the training course, you will be able to:

• Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
• Acknowledge the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
• Interpret the ISO/IEC 27002 information security controls in the specific context of an organization
• Support an organization in effectively determining, implementing, and managing information security controls based on ISO/IEC 27002 
• Explain the approaches and techniques used for the implementation and effective management of information security controls

Examination

The “PECB Certified ISO 28000 Lead Auditor” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains:

Domain 1: Fundamental principles and concepts of information security, cybersecurity, and privacy

Domain 2: Information security management system (ISMS) and initiation of ISO/IEC 27002 information security controls implementation

Domain 3: Implementation and management of organizational and people controls based on ISO/IEC 27002

Domain 4: Implementation and management of physical and technological controls based on ISO/IEC 27002

Domain 5: Performance measurement, testing, and monitoring of ISO/IEC 27002 information security controls

Duration: 3 hours
Location: Online through the PECB app OR in person in one of the PECB exam centers
Preparation: PECB Exam Preparation Guides
Language: The exam is available in multiple other languages and does not need to be taken in the same language as the training material. Additional time can be requested when your native language is not available in your mother tongue (to be requested by candidates on the exam day)
Retake: In case you fail the exam, you can retake it within 12 months following the initial attempt for free

For specific information about the exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.

Certification? 

After successfully completing the exam, you can apply for one of the credentials shown on the table below. You will receive a certificate as soon as you fulfill all the requirements related to the selected credential.

Credential	Exam	Professional experience	ISCMS project experience	Other requirements
PECB Certified ISO/IEC 27002 Provisional Manager	PECB Certified ISO/IEC 27002 Lead Manager Exam, or equivalent	None	None	Signing the PECB Code of Ethics
PECB Certified ISO/IEC 27002 Manager	PECB Certified ISO/IEC 27002 Lead Manager Exam, or equivalent	Two years: One year of work experience in Information Security Management	Information Security Management activities: a total of 200 hours	Signing of the PECB Code of Ethics
PECB Certified ISO/IEC 27002 Lead Manager	PECB Certified ISO/IEC 27002 Lead Manager Exam, or equivalent	Five years: Two years of work experience in Information Security Management	Information Security Management activities: a total of 300 hours	Signing of the PECB Code of Ethics
PECB Certified ISO/IEC 27002 Senior Lead Manager	PECB Certified ISO/IEC 27002 Lead Manager Exam, or equivalent	Ten years: Seven years of work experience in Information Security Management	Information Security Management activities: a total of 1,000 hours	Signing of the PECB Code of Ethics

The information security activities should follow best implementation and management practices and include the following:

• 1. Drafting an ISMS implementation plan
  2. Managing an information security implementation project
  3. Implementing information security processes
  4. Selecting information security processes
  5. Implementing information security controls

For more information about the ISO 28000 certifications and the PECB certification process, please refer to theCertification Rules and Policies..

Contact us on [email protected] if you have other questions