Information Security Management Expert based on ISO/IEC 27002:2013
Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet. Furthermore, activities of many companies now rely on IT, and information has become a valuable asset. Protection of information is crucial for the continuity and proper functioning of the organization: information must be reliable.
The module Information Security Management Expert based on ISO/IEC 27002:2013 (ISMES.EN) tests specialized knowledge, understanding and skills in structuring, maintaining and optimizing the security of information within an organization. The international standard, the Code of Practice for Information Security ISO/IEC 27002:2013 structures the organization of information security. For that reason, it is an important point of departure for this module.
Target groupIT professionals responsible for the partial or overall set up and development of structural information security, like the Chief Information Security Officer, CISO, the Information Security Manager, ISM, or the Business Information Security Architect, BISA.
The ISMES module is the continuation of Information Security Foundation (ISFS.EN) and Information Security Management Advanced (ISMAS.EN).
e-Competence Framework (e-CF)
The mapping of this certificate against the e-Competence Framework.
|PLAN||A.7.||Technology Trend Monitoring|
|ENABLE||D.1.||Information Security Strategy Development
|D.10.||Information and Knowledge Management|
|E.8.||Information Security Management|
Legend for coverage:
|General - The competence is covered at the level indicated|
|Partial - The competence is covered to some extent|
|Superficial - Relevant knowledge is covered to some extent|
|The competence level is available in the framework|
|The competence level is not available in the framework|
- The Information Security Foundation Certificate.
- The Information Security Management Advanced Certificate.
- The participant has to have at least 2 years of tangible practical experience at the management level in at least two of the main topic areas (examination requirements) of this module.
Requirements for the certificate
- The Information Security Management Expert training course or coaching track with an EXIN accredited training provider (ATP).
- Successful completion of the exam Information Security Management Expert.
- Organization of information security (establishing Information Security Management System, ISMS) 20%
- Information security policy 10%
- Risk analysis 10%
- Organizational change and –development pertaining to Information Security 40%
- Standards and norms 10%
- Audits and certification 10%
Exam DetailsNumber of questions: Not relevant
Pass mark: 55%
Open book: No
Electronic equipment permitted: For presentation