ISO/IEC 27002


ISO/IEC 27002



Course Description

The EXIN Information Security qualification program is a must, particularly for any organization that deals with confidential information. Due to globalization of networks and data exchange, information is prey to fraudsters and hackers. At the same time, many employees and managers themselves are unaware of the threats and risks. One tiny, seemingly insignificant human error can have enormous consequences for your company

The risks from loss of information, theft and abuse are great. But the measures to promote information security get in people’s way in doing their jobs. “Why do I have to use a password to be able to print? Why do I have to shut my computer down when I leave my workplace?” By increasing awareness of the risks, the sense of responsibility also grows. The EXIN Information Security qualification program aims to increase awareness and offers certification on three levels: Foundation, Professional and Expert.

The three levels are based on the standard guidelines of ISO/IEC 27002. The minimum requirements for information security are described in this ISO norm

The Foundation level is for any employee who deals with information, particularly information of a confidential nature, and is therefore suitable for users of IT as well as IT professionals. Awareness of the vulnerability of information, threats, risks and the need for appropriate measures is key. They learn practical skills in order to promote information security. The Foundation certificate is also the first step for professionals starting in information security.

The Professional level trains for management roles such as Information Security Manager/Officer, line manager, project manager and team leader. These managers are not personally responsible, but are indeed involved in (parts of) the management system for information security. Or they manage people who deal with information security on a daily basis.

Professionals at the Expert level provide the organization with more certainty about information security. Upon completion of the exam, they are able to set up, implement and monitor an information security management system. They learn to develop plans for information security at the operational, tactical and strategic level. The overall security level within your organization increases when you certify your employees with the EXIN Information Security qualification program.

Target group

The examination for EXIN Information Security Foundation based on ISO/IEC 27002 is intended for everyone in the organization who is processing information. The module is also suitable for entrepreneurs of small independent businesses for whom some basic knowledge of information security is necessary.

This module can be a good start for new information security professionals.

Prerequisites – none
Examination type – Computer based multiple-choice questions
Indication study load – 60 hours
In-course assessment – Not applicable
Time allotted for examination – 60 minutes
Examination details
Number of questions: 40
Pass mark: 65% (26 of 40)
Open book/notes: no
Electronic equipment permitted: no


There are no reviews yet.

Be the first to review “ISO/IEC 27002”


PRINCE2® is a registered trade mark of AXELOS Limited. The Swirl logo™ is a trade mark of AXELOS Limited. MoR® is a registered trade mark of AXELOS Limited. The Swirl logo™ is a trade mark of AXELOS Limited. ITIL® is a registered trade mark of AXELOS Limited. The Swirl logo™ is a trade mark of AXELOS Limited. Pearson vue authorized center.