Information Security Management Expert based on ISO/IEC 27002:2013

Information Security Management Expert based on ISO/IEC 27002:2013


Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet. Furthermore, activities of many companies now rely on IT, and information has become a valuable asset. Protection of information is crucial for the continuity and proper functioning of the organization: information must be reliable.


The module Information Security Management Expert based on ISO/IEC 27002:2013 (ISMES.EN) tests specialized knowledge, understanding and skills in structuring, maintaining and optimizing the security of information within an organization. The international standard, the Code of Practice for Information Security ISO/IEC 27002:2013 structures the organization of information security. For that reason, it is an important point of departure for this module.


Target group

IT professionals responsible for the partial or overall set up and development of structural information security, like the Chief Information Security Officer, CISO, the Information Security Manager, ISM, or the Business Information Security Architect, BISA.



The ISMES module is the continuation of Information Security Foundation (ISFS.EN) and Information Security Management Advanced (ISMAS.EN).


e-Competence Framework (e-CF)

The mapping of this certificate against the e-Competence Framework.


e-CF Area e-Competence e-1 e-2 e-3 e-4 e-5
PLAN A.7. Technology Trend Monitoring
RUN C.2. Change Support
C.3. Service Delivery
ENABLE D.1. Information Security Strategy Development
D.9. Personnel Development
D.10. Information and Knowledge Management
MANAGE E.3. Risk Management
E.4. Relationship Management
E.5. Process Improvement
E.8. Information Security Management
E.9. IS Governance

Legend for coverage:

General - The competence is covered at the level indicated
Partial - The competence is covered to some extent
Superficial - Relevant knowledge is covered to some extent
The competence level is available in the framework
The competence level is not available in the framework



  • The Information Security Foundation Certificate.
  • The Information Security Management Advanced Certificate.
  • The participant has to have at least 2 years of tangible practical experience at the management level in at least two of the main topic areas (examination requirements) of this module.


Requirements for the certificate

  • The Information Security Management Expert training course or coaching track with an EXIN accredited training provider (ATP).
  • Successful completion of the exam Information Security Management Expert.


Exam content

  1. Organization of information security (establishing Information Security Management System, ISMS) 20% 
  2. Information security policy 10% 
  3. Risk analysis 10% 
  4. Organizational change and –development pertaining to Information Security 40% 
  5. Standards and norms 10% 
  6. Audits and certification 10%


Exam Details

Number of questions: Not relevant
Pass mark: 55%
Open book: No
Electronic equipment permitted: For presentation


Print print Follow us facebook twitter linkedin youtube
Open sitemap

EXIN International

Arthur van Schendelstraat 650


The Netherlands


Contact »