Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.



Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

Course Information

ISO 27002 Foundation Training​ Course Outline

Module 1: Introduction to ISO 27002

  • Scope
  • Terms and Definitions
  • Abbreviated Terms

Module 2: Information Security

  • What is Information Security?
  • CIA
  • Principles of Information Security
  • Need for Information security
  • Threats
  • Active and Passive Attacks

Module 3: Cybersecurity

  • What is Cybersecurity?
  • Cybersecurity Domains
  • Dangerous Cybersecurity Myths
  • Common Cyber Threats
  • Key Cybersecurity Technologies and Best Practices
  • Zero Trust Security Strategy
  • Difference Between Cybersecurity and Information Security 
  • Roles and Responsibilities of Cybersecurity Professionals

Module 4: Information Security Management System (ISMS)

  • Introduction to ISMS
  • Need
  • What Does an ISMS Do?
  • Benefits

Module 5: Themes and Controls

  • Control Type
  • Information Security Properties
  • Cybersecurity Concepts
  • Operational Capabilities
  • Security Domains
  • Control Layout

Module 6: Organisational Controls

  • Policies for Information Security
  • Information Security Roles and Responsibilities
  • Segregation of Duties
  • Management Responsibilities
  • Contact with
    • Authorities
    • Special Interest Groups
  • Threat Intelligence
  • Information Security in Project Management
  • Inventory of Information and Other Associated Assets
  • Acceptable Use of Information and Other Associated Assets
  • Return of Assets
  • Classification of Information
  • Labelling of Information
  • Information Transfer
  • Access Control
  • Identity Management
  • Authentication Information
  • Access Rights
  • Information Security in Supplier Relationships
  • Addressing Information Security within Supplier Agreements
  • Managing Information Security in the ICT Supply Chain
  • Monitoring, Review, and Change Management of Supplier Services
  • Information Security for Use of Cloud Services
  • Information Security Incident Management Planning and Preparation
  • Assessment and Decision on Information Security Events
  • Response to Information Security Incidents
  • Learning from Information Security Incidents
  • Collection of Evidence
  • Information Security During Disruption
  • ICT Readiness for Business Continuity
  • Legal, Statutory, Regulatory, and Contractual Requirements
  • Intellectual Property Rights
  • Protection of Records
  • Privacy and Protection of PII
  • Independent Review of Information Security
  • Compliance with Policies, Rules, and Standards for Information Security
  • Documented Operating Procedures

Module 7: People Controls

  • Screening
  • Terms and Conditions of Employment
  • Information Security Awareness, Education, and Training
  • Disciplinary Process
  • Responsibilities After Termination or Change of Employment
  • Confidentiality or Non-Disclosure Agreements
  • Remote Working
  • Information Security Event Reporting

Module 8: Physical Controls

  • Physical Security Perimeters
  • Physical Entry
  • Securing Offices, Rooms, and Facilities
  • Physical Security Monitoring
  • Protecting Against Physical and Environmental Threats
  • Working in Secure Areas
  • Clear Desk and Clear Screen
  • Equipment Siting and Protection
  • Security of Assets Off-Premises
  • Storage Media
  • Supporting Utilities
  • Cabling Security
  • Equipment Maintenance
  • Secure Disposal or Re-use of Equipment

Module 9: Technological Controls

  • User Endpoint Devices
  • Privileged Access Rights
  • Information Access Restriction
  • Access to Source Code
  • Secure Authentication
  • Capacity Management
  • Protection Against Malware
  • Management of Technical Vulnerabilities
  • Configuration Management
  • Information Deletion
  • Data
    • Masking
    • Leakage Prevention
  • Information Backup
  • Redundancy of Information Processing Facilities
  • Logging
  • Monitoring Activities
  • Clock Synchronisation
  • Use of Privileged Utility Programs
  • Installation of Software on Operational Systems
  • Networks Security
  • Security of Network Services
  • Segregation of Networks
  • Web Filtering
  • Use of Cryptography
  • Secure Development Life Cycle
  • Application Security Requirements
  • Secure System Architecture and Engineering Principles
  • Secure Coding
  • Security Testing in Development and Acceptance
  • Outsourced Development
  • Separation of Development, Test, and Production Environments
  • Change Management
  • Test Information
  • Protection of Information Systems During Audit Testing

Show moredowndown


There are no formal prerequisites to attend this ISO 27002:2022 Foundation Training course.


This course is ideal for anyone who wants to attain an understanding of the main processes of an Information Security Management System and Information Security Controls. However, this course is much more beneficial for:

  • Information Security Managers
  • ISMS Auditors and Consultants
  • Information Security Management Practitioners
  • Cybersecurity and Privacy Practitioners

ISO 27002 Foundation Training​ Course Overview

ISO 27002 is the international standard and is recognised as an information security control system designed to benefit an organisation's development of any size. Information security controls help to lower risks like hacks, data theft, and unauthorised alterations to digital data. This training will help learners to establish and improve the information security infrastructure. This training will help organisations to implement, maintain, and improve their information security management. Holding these effective skills and knowledge of ISO 27002: 2022 helps individuals to get expertise in monitoring information security and successfully kick start their careers in ISMS.

This 1-day ISO 27002:2022 Foundation Training course is designed to teach delegates about managing system information security. During this course, delegates will learn about the principles of information security along with its differences from cybersecurity. Delegates will get familiar with the information security incident management plans and preparations to detect and react to the risks accordingly. Furthermore, they will get an understanding of the responsibilities after termination or change of employment. Our highly expert trainer with years of teaching experience will conduct this training and equip delegates with the knowledge of various controls to secure information.

Course Objectives:

  • To get familiar with the roles and responsibilities of cybersecurity professionals
  • To understand the information security in supplier relationships
  • To gain knowledge of the redundancy of information processing facilities
  • To follow policies, rules, and standards for information security
  • To learn the importance and benefits of managing information security system
  • To manage the technical vulnerabilities to keep the network safe

After completing this training, delegates will be able to implement information security management in an organisation. Delegates will be able to determine and identify the risks and act accordingly.

Show moredowndown

  • Delegate pack consisting of course notes and exercises
  • Courseware
  • Experienced Instructor

Show moredowndown

Why choose us

Ways to take this course

Our easy to use Virtual platform allows you to sit the course from home with a live instructor. You will follow the same schedule as the classroom course, and will be able to interact with the trainer and other delegates.

Our fully interactive online training platform is compatible across all devices and can be accessed from anywhere, at any time. All our online courses come with a standard 90 days access that can be extended upon request. Our expert trainers are constantly on hand to help you with any questions which may arise.

This is our most popular style of learning. We run courses in 1200 locations, across 200 countries in one of our hand-picked training venues, providing the all important ‘human touch’ which may be missed in other learning styles.


Highly experienced trainers

All our trainers are highly qualified, have 10+ years of real-world experience and will provide you with an engaging learning experience.


State of the art training venues

We only use the highest standard of learning facilities to make sure your experience is as comfortable and distraction-free as possible


Small class sizes

We limit our class sizes to promote better discussion and ensuring everyone has a personalized experience


Great value for money

Get more bang for your buck! If you find your chosen course cheaper elsewhere, we’ll match it!

This is the same great training as our classroom learning but carried out at your own business premises. This is the perfect option for larger scale training requirements and means less time away from the office.


Tailored learning experience

Our courses can be adapted to meet your individual project or business requirements regardless of scope.


Maximise your training budget

Cut unnecessary costs and focus your entire budget on what really matters, the training.


Team building opportunity

This gives your team a great opportunity to come together, bond, and discuss, which you may not get in a standard classroom setting.


Monitor employees progress

Keep track of your employees’ progression and performance in your own workspace.

What our customers are saying

ISO 27002 Foundation Training​ FAQs


Information security controls are measures taken to reduce information security risks such as information systems breaches, data theft, and unauthorised changes to digital information or systems.
There are no formal prerequisites to attend this ISO 27002:2022 Foundation Training course.
This course is ideal for anyone who wants to attain an understanding of the main processes of an Information Security Management System and Information Security Controls.
Usernames and passwords, two-factor authentication, antivirus software, and firewalls are all examples of digital security controls. Cybersecurity measures, such as DDoS mitigation and intrusion prevention systems, are anything specifically created to stop attacks on data.
There are basically three types of information security controls such as technical, administrative, and physical.
Web filtering is a technology that stops users' browsers from loading pages from specific URLs or websites, preventing them from being viewed by users. Web filters can be created in a variety of ways and offer a range of benefits.
In this ISO 27002:2022 Foundation Training course, you will learn about the principles of information security, security testing in development and acceptance, clock synchronisation, physical security perimeters, organisational controls, and many other essential concepts.
The price for ISO 27002 Foundation Training​ certification in Australia starts from AUD1795
The Knowledge Academy is the Leading global training provider for ISO 27002 Foundation Training​.

Why choose us


Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.


Many delivery methods

Flexible delivery methods are available depending on your learning style.


High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo

Looking for more information on ISO 27002 Training?

backBack to course information

Get a custom course package

We may not have any package deals available including this course. If you enquire or give us a call on +61 272026926 and speak to our training experts, we should be able to help you with your requirements.