EXIN Foundation Course in Information Security (ISFS)

Request info

The EXIN Information Security Foundation (ISFS) is a practical, interactive, program based upon ISO/IEC 27002.

This short 1½ day course prepares delegates for the EXIN ISFS examination. An emphasis is placed upon employee awareness of security issues within the organisation. The goal is to promote a security awareness culture by creating a sense of ownership and personal responsibility when it comes to dealing with information in the workplace. This is because all employees must help to secure information assets in order for the Information Security program to operate effectively. The EXIN Information Security Foundation provides the greatest return on investment, and has the most significant positive impact on a company’s security. Furthermore, costs are quickly realised when tools and procedures are followed, and employees understand how to be more secure.


Who should attend

Anyone involved in the handling or management of information must understand the principles and risks surrounding its security along with an acceptance of their role in its protection:

  • Information Security, Assurance & Governance Personnel
  • IT, IT Security & IT Service Management Personnel
  • Information Asset Owners, Information Asset Accreditors
  • Information Risk Officers
  • Data Protection officers, Records Management Officers
  • Project Managers
  • Remote Workers
  • Call Centre Personnel, Team Leaders
  • Heads of Department, Senior Managers & Small Business Owners

Course Outline


  • A look through ISO/IEC 27002 – the Code of Practice, its layout and relationship to ISO/IEC 27001

Roles and Responsibilities

  • An overview of the various Roles and Responsibilities with a view to finding common ground

Information and Data Relationships

  • Information Security
  • Information Governance
  • Information Assurance

Risk Management

  • Section 4 – ISO/IEC 27002
  • Introduction to ISO/IEC 27005
  • Defining Threats and Vulnerabilities

Risk Analysis

  • Quantitative & Qualitative
  • Relationships to Confidentiality, Integrity and Assurance
  • Impacts, Likelihood and Probability


  • A look at types of Policies (T1,T2 and T3)
  • Information Security Plan

External Relationships

  • A look at 3rd Party Relationships

Information Architecture

  • Information Architecture
  • Data Flows

Protective Marking

  • Protective Marking and relationship to Impact (Risk)

Course Format

Information Security Foundation (ISFS) – 1½ Day Course / 60 minute exam

SELECT wp_posts.*, wp_p2p.* FROM wp_posts INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id ) INNER JOIN wp_p2p WHERE 1=1 AND ( ( wp_postmeta.meta_key = 'start_date' AND CAST(wp_postmeta.meta_value AS DATE) >= '2024-04-12' ) ) AND ((wp_posts.post_type = 'schedule' AND (wp_posts.post_status = 'publish' OR wp_posts.post_status = 'acf-disabled'))) AND (wp_p2p.p2p_type = 'schedule_to_courses' AND wp_posts.ID = wp_p2p.p2p_from AND wp_p2p.p2p_to IN ( SELECT wp_posts.ID FROM wp_posts WHERE 1=1 AND wp_posts.ID IN (2033) AND ((wp_posts.post_type = 'courses' AND (wp_posts.post_status = 'publish' OR wp_posts.post_status = 'acf-disabled'))) ORDER BY wp_posts.post_date DESC )) GROUP BY wp_posts.ID ORDER BY CAST(wp_postmeta.meta_value AS DATE) ASC