HomeCoursesInformation Security › ISO/IEC 27002 Foundation
Information Security Foundation FR · EN

ISO/IEC 27002 Foundation

Learn to master the information security controls described in ISO/IEC 27002, the practical guide that details the 93 Annex A controls organised into 4 themes: organisational, people, physical and technological. In 2 days, understand how to choose and apply the right controls to protect your organisation.

2 daysof training
Foundationfoundation level
FR · ENofficial material
OfficialPECB exam incl.

Who is this course for?

  • Consultants and professionals who need to apply security controls day to day
  • Teams responsible for implementing the Annex A controls of ISO 27001
  • Managers who want to understand which control to choose and why
  • Anyone wanting a solid foundation before Lead Implementer or Lead Manager 27002

What you'll gain

  • The PECB Certified ISO/IEC 27002 Foundation credential, recognised internationally
  • A clear view of the 93 controls and how they are organised into 4 themes
  • The ability to connect ISO 27002 with Annex A of ISO 27001
  • The ideal foundation to progress towards Lead Implementer or Lead Manager

Course programme

Day 1 · Concepts and structure of the security controls
  • Fundamental concepts and principles of information security
  • Overview of ISO/IEC 27002 and its role as a guide to controls
  • The structure of the standard and the 4 control themes: organisational, people, physical and technological
Day 2 · Detailed controls, attributes and certification exam
  • Detailed study of the controls and their implementation objectives
  • The control attributes and hashtags (type, properties, concepts, operational capabilities, security domains)
  • Link with Annex A of ISO/IEC 27001 and practical application
  • Official "PECB Certified ISO/IEC 27002 Foundation" exam (1 hour)

Exam, credits & certification

1 h
Duration of the official PECB exam, available in French and English
14 CPD
Continuing Professional Development credits granted by the course
Included
Exam, marking and first issue of the certification, included in the price

Once you pass the exam, you can apply for the "PECB Certified ISO/IEC 27002 Foundation" credential. The exam includes 2 attempts: the first plus a free retake, usable within the following 12 months. Passing first time is no longer a source of pressure. CPD credits correspond to the course level according to PECB. The exam duration is indicative; ask me for the exact details when you enrol.

Your trainer

Ricardo Coronel Lemus, PECB trainer

Ricardo Coronel Lemus

Practising GRC / vCISO consultant · PECB Certified Trainer (CT6496)

More than 20 years in cybersecurity and compliance, today a vCISO and GRC consultant with real clients in France, Spain and Mexico. I don't approach these standards theoretically: I apply them day to day with real clients — that's what I bring to the coaching and exam preparation I offer.

ISO 27001 Lead Auditor / Lead Implementer CISSPCISMCRISCCCISODORA Lead ManagerPCI DSS - PCIP

Frequently asked questions

Do I need any prerequisites?
There are no formal prerequisites. Basic familiarity with ISO 27001 (for example the Foundation level) is recommended, but not required.
What language is the exam in?
The official PECB exam for this course is available in French and English. Coaching is delivered in English to prepare you as well as possible.
What is the difference between Self-Study and Self-Study + Coaching?
Self-Study gives you the official material, the exam and the certification to progress at your own pace. The coaching option adds one-to-one sessions with me, real-world case studies and guided exam preparation: I support you until you feel ready to get certified.
What if I don't pass the exam?
The PECB exam includes 2 attempts: the first plus a free retake usable within the following 12 months. So a failure doesn't leave you stranded. What's more, with the coaching option we prepare for the exam together with mock exams so that you arrive with confidence.
How does it differ from ISO 27001?
ISO/IEC 27001 defines the requirements of the Information Security Management System (ISMS): what your organisation must do to be certifiable. ISO/IEC 27002 is the practical guide to the controls: it details the 93 Annex A controls, their objectives and how to implement them. The two standards are complementary: 27002 helps you apply in practice what 27001 requires.

Ready to get certified?

Choose your option above and enrol online. A question or need some advice? Write to me or book a call.