ISO 27002 Lead Manager Training Course
ISO/IEC 27002 Lead Manager training enables you to develop the necessary expertise and knowledge to support an organization in implementing and managing Information Security controls as specified in ISO/IEC 27002.
After completing this course, you can sit for the exam and apply for the “PECB Certified ISO/IEC 27002 Lead Manager” credential. A PECB Lead Manager Certification, proves that you have mastered the principles and techniques for the implementation and management of Information Security Controls based on ISO/IEC 27002.
Who should attend?
- Managers or consultants seeking to implement an Information Security Management System (ISMS) based on ISO/IEC 27001 and ISO/IEC 27002
- Project managers or consultants seeking to master the Information Security Management System implementation process
- Individuals responsible for the information security, compliance, risk, and governance, in an organization
- Members of information security teams
- Expert advisors in information technology
- Information Security officers
- Privacy officers
- IT professionals
- CTOs, CIOs and CISOs
Learning objectives
- Master the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002
- Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective implementation and management of Information Security controls
- Comprehend the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behavior
- Understand the importance of information security for the strategy of the organization
- Master the implementation of information security management processes
- Master the formulation and implementation of security requirements and objectives
Educational approach
- This training is based on both theory and practice
- Sessions of lectures illustrated with examples based on real cases
- Practical exercises based on case studies
- Review exercises to assist the exam preparation
- Practice test similar to the certification exam
General Information
- Certification fees are included on the exam price
- Training material containing over 500 pages of information and practical examples will be distributed to the participants
- A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants
- In case of exam failure, you can retake the exam within 12 months for free
Course Outline
Day 1:
- Introduction to Information Security controls as recommended by ISO/IEC 27002
Day 2:
- Security requirements and objectives based on ISO/IEC 27002
Day 3:
- Monitoring, measurement, analysis, and evaluation of Information Security controls
Day 4:
- Continual improvement of an organization's information security performance
Day 5:
Certification Exam
The “PECB Certified ISO/IEC 27002 Lead Manager” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:
- Domain 1: Fundamental principles and concepts for Information Security Controls
- Domain 2: Information Security Control based on ISO/IEC 27002
- Domain 3: Planning and evaluating the need and applicability of information security controls
- Domain 4: Implementation and management of information security controls
- Domain 5: Monitoring and measurement of information security controls
- Domain 6: Continual improvement
Requirements
A fundamental understanding of ISO/IEC 27002 and comprehensive knowledge of Information Security.
Need help picking the right course?
ISO 27002 Lead Manager Training Course - Booking
ISO 27002 Lead Manager Training Course - Enquiry
ISO 27002 Lead Manager - Consultancy Enquiry
Testimonials (5)
Emin was really engaging and enthusiastic, his knowledge succeeded expectations and allowed for questions at each portion.
Becky
Course - OSINT Practitioner Course (Advanced OSINT)
General course information
Paulo Gouveia - EID
Course - C/C++ Secure Coding
Questions, that helps me a lot to understand the characteristics of CRISC examination.
Masakazu Yoshijima - Bank of Yokohama, Ltd.
Course - CRISC - Certified in Risk and Information Systems Control
Piotr was incredibly knowledgeable and very patient. He was great at explaining things and I'd strongly recommend this course to others
Victoria Harper
Course - Open Source Cyber Intelligence - Introduction
It opens up a lot and gives lots of insight what security
Nolbabalo Tshotsho - Vodacom SA
Course - Advanced Java Security
Upcoming Courses
Related Courses
CRISC - Certified in Risk and Information Systems Control
21 HoursDescription:
This class is intended as intense and hard core exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. The latest four (4) domains of ISACA’s CRISC syllabus will be covered with a big focus on the Examination. The Official ISACA CRISC Review Manual and Question, Answer and Explanation, (Q,A&E), supplements will ALSO be provided when attending. The Q,A&E is exceptional in helping delegates understand the ISACA style of questions, the type of answers ISACA are looking for and it helps rapid memory assimilation of the material.
The technical skills and practices that ISACA promotes and evaluates within the CRISC certification are the building blocks of success in the field. Possessing the CRISC certification demonstrates your skill within the profession. With a growing demand for professionals holding risk and control expertise, ISACA’s CRISC has positioned itself to be the preferred certification program by individuals and enterprises around the world. The CRISC certification signifies commitment to serving an enterprise and the chosen profession with distinction.
Objectives:
- To help you pass the CRISC examination first time.
- Possessing this certification will signify your commitment to serving an enterprise with distinction.
- The growing demand for professionals with risk and control skills will allow holders of this certification to command better positions and salary.
You will learn:
- To help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.
- The technical skills and practices that CRISC promotes, which are the building blocks of success in the field.
CRISC - Certified in Risk and Information Systems Control - 4 Days
28 HoursThis instructor-led, live training in Malta (online or onsite) is aimed at intermediate-level IT professionals who wish to enhance their skills in identifying and managing IT risk and implementing information systems controls, and prepare for the CRISC certification exam.
By the end of this training, participants will be able to:
- Understand the governance and risk management aspects of IT.
- Conduct IT risk assessments and implement risk responses.
- Design and implement information systems controls.
- Prepare effectively for the CRISC certification exam.
IBM Qradar SIEM: Beginner to Advanced
14 HoursThis instructor-led, live training in Malta (online or onsite) is aimed at security engineers who wish to use IBM Qradar SIEM to address pressing security use cases.
By the end of this training, participants will be able to:
- Gain visibility into enterprise data across on-premise and cloud environments.
- Automate security intelligence to hunt threats and to contain risks.
- Detect, identify, and prioritize threats.
Open Source Cyber Intelligence - Introduction
7 HoursThis Introduction to Open Source Intelligence (OSINT) course will provide delegates with skills to become more efficient and effective at finding those key pieces of intelligence on the Internet and World Wide Web. The course is highly practical allowing delegates the time to explore and understand some of the hundreds of tools and websites available.
The next level with in-depth use of advanced tools that are vital for covert internet investigations and intelligence gathering. The course is highly practical allowing delegates the time to explore and understand the tools and resources covered."
OSINT Practitioner Course (Advanced OSINT)
14 HoursOpen Source Intelligence (OSINT) refers to any information that can legally be gathered from free, public sources about an individual or organization. OSINT also refers to the process of collecting this data, analyzing it, and using it for intelligence purposes.
Audience
- Researchers
- Security analysts
- Investigators
- Law enforcement
- Government and military personnel
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.
Fundamentals of Corporate Cyber Warfare
14 HoursThis instructor-led, live training in Malta (online or onsite) covers the different aspects of enterprise security, from AI to database security. It also includes coverage of the latest tools, processes and mindset needed to protect from attacks.
Cloud Computing Security Knowledge (CCSK) Preparation Course
21 HoursCloud Computing Security Knowledge (CCSK) Preparation Course
The CCSK course is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. As cloud computing is becoming the dominant IT system, CCSK is applicable to a wide variety of IT and information security jobs in virtually every organization. The CCSK is strongly recommended for IT auditors, system administrators, security professionals with at least 5 years of experience
After completing this course, the student will be able to:
- Validate their competence gained through experience in cloud security
- Prepare for the CCSK exam.
- Demonstrate their technical knowledge, skills, and abilities to effectively develop a holistic cloud security program relative to globally accepted standards
- Differentiate themselves from other candidates for desirable employment in the fast-growing cloud security market
- Gain access to valuable career resources, such as tools, networking and ideas exchange with peers
- Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure cloud business environmen
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.
Certificate of Cloud Security Knowledge (CCSK) Foundation (CSA authorized)
14 HoursThe CCSK Foundation course starts with the fundamentals, then increases in complexity as it works through all 16 domains of the CSA Security Guidance, recommendations from the European Union Agency for Network & Information Security (ENISA), and an overview of the Cloud Controls Matrix.
This is a Cloud Security Alliance (CSA) authorized course and NobleProg is an official CSA Training Partner.
This course is delivered by CSA Authorized CCSK Instructors.
All attendees receive:
- official CSA CCSK Foundation course certificates
- official CCSK Foundation Student Handbooks
- 1 CCSK exam voucher and 1 re-attempt exam voucher
This course covers the most current version of the CCSK exam - currently version 4.1.
Certificate of Cloud Security Knowledge (CCSK) Plus (CSA authorized)
21 HoursThe CCSK Plus builds on the foundation class with expanded material and offers extensive hands-on activities that reinforce classroom instruction. Students engage in a scenario of bringing a fictional organization securely into the cloud, which gives them the opportunity to apply their knowledge by performing a series of activities that would be required in a real-world environment.
The CCSK Plus Course includes all the modules in the CCSK Foundation course with additional material.
This is a Cloud Security Alliance (CSA) authorized course and NobleProg is an official CSA Training Partner.
This course is delivered by CSA Authorized CCSK Instructors.
All attendees receive:
- official CSA CCSK Plus course certificates
- official CCSK Foundation Student Handbooks
- 1 CCSK exam voucher and 1 re-attempt exam voucher
This course covers the most current version of the CCSK exam - currently version 4.1.
Microsoft SDL Core
14 HoursThe Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process.
Dealing with the development phase, the course gives an overview of the typical security relevant programming bugs of both managed and native code. Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques, all explained through a number of hands-on exercises providing live hacking fun for the participants. Introduction of different security testing methods is followed by demonstrating the effectiveness of various testing tools. Participants can understand the operation of these tools through a number of practical exercises by applying the tools to the already discussed vulnerable code.
Participants attending this course will
-
Understand basic concepts of security, IT security and secure coding
-
Get known to the essential steps of Microsoft Secure Development Lifecycle
-
Learn secure design and development practices
-
Learn about secure implementation principles
-
Understand security testing methodology
- Get sources and further readings on secure coding practices
Audience
Developers, Managers
C/C++ Secure Coding
21 HoursThis three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure code.
Standard Java Security
14 HoursDescription
The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).
The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn to use various security features of the Java development environment
- Have a practical understanding of cryptography
- Learn about typical coding mistakes and how to avoid them
- Get information about some recent vulnerabilities in the Java framework
- Get sources and further readings on secure coding practices
Audience
Developers
Java and Web Application Security
21 HoursDescription
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn client-side vulnerabilities and secure coding practices
- Learn to use various security features of the Java development environment
- Have a practical understanding of cryptography
- Learn about typical coding mistakes and how to avoid them
- Get information about some recent vulnerabilities in the Java framework
- Get practical knowledge in using security testing tools
- Get sources and further readings on secure coding practices
Audience
Developers
Advanced Java Security
21 HoursEven experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java.
The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Understand security concepts of Web services
- Learn to use various security features of the Java development environment
- Have a practical understanding of cryptography
- Understand security solutions of Java EE
- Learn about typical coding mistakes and how to avoid them
- Get information about some recent vulnerabilities in the Java framework
- Get practical knowledge in using security testing tools
- Get sources and further readings on secure coding practices
Audience
Developers
Advanced Java, JEE and Web Application Security
28 HoursBeyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn client-side vulnerabilities and secure coding practices
- Learn to use various security features of the Java development environment
- Have a practical understanding of cryptography
- Understand security concepts of Web services
- Understand security solutions of Java EE
- Learn about typical coding mistakes and how to avoid them
- Get information about some recent vulnerabilities in the Java framework
- Get practical knowledge in using security testing tools
- Get sources and further readings on secure coding practices
Audience
Developers