The EXIN Information Security Foundation (ISFS) is a practical, interactive, program based upon ISO/IEC 27002.
This short 1½ day course prepares delegates for the EXIN ISFS examination. An emphasis is placed upon employee awareness of security issues within the organisation. The goal is to promote a security awareness culture by creating a sense of ownership and personal responsibility when it comes to dealing with information in the workplace. This is because all employees must help to secure information assets in order for the Information Security program to operate effectively. The EXIN Information Security Foundation provides the greatest return on investment, and has the most significant positive impact on a company’s security. Furthermore, costs are quickly realised when tools and procedures are followed, and employees understand how to be more secure.
Who should attend
Anyone involved in the handling or management of information must understand the principles and risks surrounding its security along with an acceptance of their role in its protection:
- Information Security, Assurance & Governance Personnel
- IT, IT Security & IT Service Management Personnel
- Information Asset Owners, Information Asset Accreditors
- Information Risk Officers
- Data Protection officers, Records Management Officers
- Project Managers
- Remote Workers
- Call Centre Personnel, Team Leaders
- Heads of Department, Senior Managers & Small Business Owners
Course Outline
Standards
- A look through ISO/IEC 27002 – the Code of Practice, its layout and relationship to ISO/IEC 27001
Roles and Responsibilities
- An overview of the various Roles and Responsibilities with a view to finding common ground
Information and Data Relationships
- Information Security
- Information Governance
- Information Assurance
Risk Management
- Section 4 – ISO/IEC 27002
- Introduction to ISO/IEC 27005
- Defining Threats and Vulnerabilities
Risk Analysis
- Quantitative & Qualitative
- Relationships to Confidentiality, Integrity and Assurance
- Impacts, Likelihood and Probability
Policies
- A look at types of Policies (T1,T2 and T3)
- Information Security Plan
External Relationships
- A look at 3rd Party Relationships
Information Architecture
- Information Architecture
- Data Flows
Protective Marking
- Protective Marking and relationship to Impact (Risk)
Course Format
Information Security Foundation (ISFS) – 1½ Day Course / 60 minute exam