GSDC's Certified Information Security Management (ISO 27001) Foundation Certification has an end goal to share the knowledge about controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. By extension, ISM includes information risk management, a process that involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders. This requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets. As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001 standards on information security. The Information Security Management (ISO 27001) Foundation is specially curated to shape the professionals in a way that they can handle threats, vulnerabilities, and mitigation. This certification empowers the participants to create, implement, communicate and evaluate any organization's security policies, procedures, and objectives in order to achieve a better guarantee of an organization's overall information security.
Certified Information Security Management (ISO 27001) Foundation Certification's main objective is to provide the participants with an understanding of:
ISMS auditors, such as those employed/contracted by third-party certification/registration bodies and those involved in first or second-party ISMS audits.
Information security practitioners, such as information security consultants, IT security managers and IT personnel.
Employees conducting ISMS audits within their own organization (internal audits).
After the completion of this certification, the participants will have access to:
Practical knowledge of information security.
Better job opportunities with enhanced credibility and marketability.
Valuable resources like peer networking and idea exchange.
A network of globally accredited industries and subject matter experts.
Security information resources.
Business and technology orientation to risk management.
There is no such recommended experience required for getting this certification, only five years of direct full-time security professional work experience is required.
There will be multiple-choice exam of 40 marks.
You need to acquire 26+ marks to clear the exam.
If you fail, you can retake the exam after one day.
In case Participant does not score passing percentage then they will be granted a 2nd attempt at no additional cost. Re-examination can be taken up to 30 days from the date of the 1st exam attempt.
1. What is Information Security?