Get in Touch

Course Outline

ISO/IEC 27002:2022 represents the latest international standard, offering practical guidelines for information security controls in conjunction with ISO/IEC 27001 to establish, implement, and enhance an Information Security Management System (ISMS). This updated outline reflects the 2022 revision and integrates current HR and recruitment terminology found in information security job descriptions.

Foundations of Information Security, Cybersecurity, and Privacy

  • Core principles of information security: confidentiality, integrity, and availability (CIA triad) within modern enterprise environments
  • The evolution of cybersecurity threats: ransomware, nation-state attacks, insider threats, and supply chain compromises
  • Privacy by design and regulatory alignment with GDPR, CCPA, and global data protection frameworks
  • Information governance: establishing ownership, accountability, and stakeholder alignment across departments
  • Trust management and the zero-trust architecture paradigm in hybrid and cloud-infrastructure environments

The ISO/IEC 27001–27002 Framework and ISMS Governance

  • ISO/IEC 27001 ISMS lifecycle: Plan-Do-Check-Act (PDCA) and certification pathways
  • The relationship between ISO/IEC 27001 and the updated ISO/IEC 27002:2022 control catalog
  • Development of information security policies and top-level governance structures
  • Regulatory compliance mapping: strategies for aligning with NIST CSF, CIS Controls, SOC 2, and HIPAA
  • Information security metrics, key performance indicators (KPIs), and continuous improvement reporting

Organizational Controls — The Control Group 5 Framework

  • Information security roles, responsibilities, and segregation of duties across organizational tiers
  • Threat intelligence programs and security information management platforms (SIEM, SOAR)
  • Cloud security posture management (CSPM) and infrastructure-as-code compliance
  • Security for social media, BYOD, and remote work: mobile device management and endpoint protection
  • Monitoring, incident detection, and third-party risk management in complex IT ecosystems

People Controls — The Security Workforce

  • Security awareness, behavior-change techniques, and phishing simulation programs
  • Background vetting, and employment lifecycle security controls for onboarding and offboarding
  • Resilience of the remote workforce and secure-access policies for flexible working arrangements
  • Competency frameworks: aligning information security training with roles at all levels
  • Fostering a security-first culture and cross-functional collaboration in risk management

Physical Controls — Facility and Asset Security

  • Secure facility design: perimeter security, surveillance systems, and physical access controls
  • Equipment maintenance, supply chain assurance, and asset lifecycle management
  • Data center security: environmental controls, power redundancy, and disaster recovery readiness
  • Secure disposal methods for sensitive media: sanitization standards and supply-chain integrity
  • Emerging physical threats: IoT device security and smart-building attack surfaces

Technological Controls and Advanced Security Domains

  • Cryptographic controls: key lifecycle management, PKI, and AI-driven encryption optimization
  • Application security: secure SDLC, API security, DevSecOps integration, and SAST/DAST tooling
  • Network architecture controls: segmentation, micro-segmentation, firewalls, and next-gen IDS/IPS
  • Email security: anti-phishing, DMARC/SPF/DKIM, and Business Email Compromise (BEC) defense
  • Artificial intelligence and machine learning in cybersecurity: automated threat detection and adversarial AI mitigation

Information Security Risk Assessment and Compliance

  • ISO/IEC 27005-aligned risk assessment methodologies: identification, analysis, and evaluation
  • Risk treatment planning and the statement of applicability (SOA)
  • Compliance audit readiness: internal/external audit coordination and evidence-based auditing
  • Penetration testing methodologies and vulnerability management lifecycle
  • Emerging threats: quantum computing risk, environmental sustainability (green IT), and privacy-enhancing technologies (PETs)

PECB Exam Preparation and Real-World Application

  • PECB ISO/IEC 27002 Foundation exam structure, competency domains, and preparation strategies
  • Sample case studies: information security implementation in financial services, healthcare, and technology sectors
  • Building an information security awareness and culture within your organization post-certification
  • Certification maintenance, professional development, and career pathways for information security roles

Summary of Research

The previous two-day outline was heavily condensed and omitted the substantial scope of ISO/IEC 27002:2022, which introduced 93 controls grouped into four themes (Organizational, People, Physical, Technological) — an increase from 114 controls across 14 categories in the 2013 version. Key trends in information security recruitment for 2024–2026 include zero-trust architecture, AI-driven security operations, cloud security posture management, DevSecOps integration, supply chain security, privacy-enhancing technologies, quantum-ready cryptography, and third-party risk management. Job postings for roles such as Information Security Analyst, ISMS Lead, Compliance Officer, Cybersecurity Specialist, and Risk Manager consistently require these competencies.

Requirements

There are no specific requirements to participate in this course.

 14 Hours

Number of participants


Price per participant

Open Training Courses require 5+ participants.

Testimonials (4)

Theory followed by practical examples and exercices. Job well done!

Vincenzo Delle Donne - Department of National Defence
Course - ISO 37301 Compliance Management System

the expertise & knowledge of the trainer

Erica DeRosa DeRosa - Aecon Group INc.
Course - ISO 37001 Anti-Bribery Management System

With both my 2022 ISO 9001 audit prep-related training & the recently completed ISO 9001 audit prep refresher course; Dereck has helped me significantly with regards to gaining a new & practical perspective of the ISO 9001:2015 clauses & sections & how they apply to our business. Dereck has also helped me with both training courses --- to improve my ISO-related communications both with our company's employees and the external ISO Auditors .

Dana Foster - Corrigan Oil Company
Course - ISO 9001 Foundation

Speed of response and communication

Bader Bin rubayan - Lean Business Services
Course - ISO/IEC 27001 Lead Implementer

Upcoming Courses

PECB ISO/IEC 27002 Foundation

2026-07-13 09:30
14 hours
Toluca - Samara Shops Tower A
76,450 MXN (Online)
96,450 MXN (Classroom)

PECB ISO/IEC 27002 Foundation

2026-07-27 09:30
14 hours
Cuautitlàn Izcalli - Perinorte
76,450 MXN (Online)
96,450 MXN (Classroom)

PECB ISO/IEC 27002 Foundation

2026-08-10 09:30
14 hours
Ciudad Juárez - Bulevar Tomás Fernández
76,450 MXN (Online)
96,450 MXN (Classroom)

PECB ISO/IEC 27002 Foundation

2026-08-24 09:30
14 hours
Aguascalientes - Aldea Galerìas
76,450 MXN (Online)
96,450 MXN (Classroom)

PECB ISO/IEC 27002 Foundation

2026-09-07 09:30
14 hours
Puebla - Triangulo Las Animas
76,450 MXN (Online)
96,450 MXN (Classroom)

Related Courses

PECB CISO

35 Hours

Through the PECB CISO training course, you will acquire the essential expertise to supervise and manage information security. This ensures the deployment of robust security measures, the identification and mitigation of information security risks, and the creation of effective security strategies customized to the specific needs of the organization.

Read more...

ISO 13485 Foundation

 14 Hours

This instructor-led, live session in Mexico (online or in-person) is designed for beginner-level quality assurance professionals, regulatory compliance staff, medical device engineers, and any professionals involved in medical device manufacturing who seek a foundational understanding of ISO 13485. This knowledge helps them implement and sustain a compliant quality management system and ensure regulatory compliance within their organizations.

By the end of this training, participants will be able to:

  • Understand the structure, purpose, and requirements of ISO 13485:2016.
  • Learn about the quality management principles specific to medical devices.
  • Gain insights into key processes and documentation required for compliance.
  • Understand the steps to implement and maintain an ISO 13485 quality management system (QMS).
Read more...

ISO 22301 Foundation

 14 Hours

Why should you attend?

This training program is designed to help participants grasp the fundamental concepts and principles underlying a business continuity management system (BCMS) aligned with ISO 22301. By participating in this course, attendees will gain a deeper understanding of the standard’s structure and requirements, including the BCMS policy, top management’s commitment, internal audits, management reviews, and the process of continual improvement.

Upon completing the training, you will be eligible to take the exam. If you pass, you can apply for the “PECB Certificate Holder in ISO 22301 Foundation” credential. This PECB Foundation certificate demonstrates your knowledge of the core concepts, principles, methodologies, requirements, frameworks, and management approaches essential to business continuity.

Who should attend?

  • Professionals involved in business continuity
  • Individuals seeking to learn about the key processes of business continuity management systems (BCMS)
  • Those interested in building a career in business continuity

Learning objectives

  • Recognize the relationship between ISO 22301 and other standards and regulatory frameworks
  • Understand the components and operations of a BCMS based on ISO 22301 and its principal processes
  • Comprehend the concepts, approaches, methods, and techniques used to implement and manage a BCMS

Educational approach

  • Lecture sessions incorporate discussion questions and real-world examples.
  • Exercises feature multiple-choice quizzes.
  • Participants are encouraged to interact, engage in discussions, and complete quizzes.
  • Quizzes are modeled after the format of the certification exam.
Read more...

ISO 22301 Introduction: Business Continuity Management System (BCMS)

 7 Hours

The ISO 22301 Introduction training course allows you to grasp the fundamental concepts of a Business Continuity Management System (BCMS).

By participating in the ISO 22301 Introduction course, you will comprehend the significance of a Business Continuity Management System and the advantages that organizations, communities, and government entities can achieve.

Who is this course for?

  • Professionals with an interest in Business Continuity Management.
  • Individuals looking to acquire knowledge about the core processes of a Business Continuity Management System (BCMS).

Learning objectives

  • Grasp the concepts, approaches, methods, and techniques employed to implement a Business Continuity Management System.
  • Understand the fundamental components of a Business Continuity Management System.
Read more...

ISO 22301 Lead Implementer

 35 Hours

Upon completing the training course, you are eligible to take the exam. If you pass, you can apply for the "Certified ISO 22301 Lead Implementer" credential. This internationally recognized certificate validates your professional capabilities and practical knowledge in implementing a Business Continuity Management System (BCMS) in accordance with ISO 22301 requirements.

Who should attend?

  • Project managers and consultants working in business continuity
  • Expert advisors aiming to master the implementation of a business continuity management system
  • Professionals responsible for maintaining BCMS compliance within an organization
  • Members of the BCMS team

Learning objectives

  • Develop a thorough understanding of the concepts, approaches, methods, and techniques used to implement and effectively manage a BCMS
  • Learn to interpret and apply ISO 22301 requirements within the specific context of an organization
  • Understand the operation of the business continuity management system and its processes based on ISO 22301
  • Acquire the necessary knowledge to support an organization in effectively planning, implementing, managing, monitoring, and continuously improving a BCMS

Educational approach

  • This training course is grounded in theory, implementation best practices, and the ISO 22301 requirements essential for BCMS implementation.
  • Lectures are enhanced with practical exercises based on case studies, including role-playing and discussions.
  • Participants are encouraged to interact, engage in discussions, and participate in exercises.
  • The exercises mirror the format of the certification exam.

General Information

  • Certification fees are included in the exam price. After completing the course, you can book the exam.
  • Participants will receive training materials containing over 450 pages of explanatory content and practical examples.
  • An Attendance Record worth 31 CPD (Continuing Professional Development) credits will be issued to participants who complete the training course.
  • Candidates who do not pass the exam can retake it within 12 months of the initial attempt at no additional cost.
Read more...

PECB ISO/IEC 27001 Foundation

 14 Hours

Why participate in this course?

The ISO/IEC 27001 Foundation training equips you with the essential knowledge to implement and manage an Information Security Management System (ISMS) in accordance with ISO/IEC 27001 standards. Throughout this course, you will gain a comprehensive understanding of the various ISMS components, including ISMS policies, procedures, performance metrics, leadership commitment, internal auditing, management reviews, and continuous improvement practices.

Upon completion of the course, you will be eligible to take the examination and apply for the "PECB Certified ISO/IEC 27001 Foundation" credential. Earning a PECB Foundation Certificate demonstrates that you have mastered the fundamental methodologies, requirements, framework, and management approaches associated with ISO/IEC 27001.

Who is this course for?

  • Professionals currently involved in Information Security Management
  • Individuals looking to acquire knowledge about the core processes of Information Security Management Systems (ISMS)
  • Aspiring professionals interested in building a career in Information Security Management

Te methodology

  • Lectures are enhanced with practical questions and real-world examples
  • Hands-on exercises incorporate illustrative examples and group discussions
  • Practice tests mirror the format and difficulty of the official Certification Exam
Read more...

ISO 27002 Lead Manager

 35 Hours

The ISO/IEC 27002 Lead Manager training program is designed to equip you with the essential expertise and knowledge required to support your organization in implementing and managing Information Security controls, as outlined in ISO/IEC 27002.

Upon completing this course, you will be eligible to take the exam and apply for the "PECB Certified ISO/IEC 27002 Lead Manager" credential. This PECB Lead Manager Certification demonstrates your mastery of the principles and techniques for implementing and managing Information Security Controls in accordance with ISO/IEC 27002.

Who should attend?

  • Managers or consultants aiming to implement an Information Security Management System (ISMS) based on ISO/IEC 27001 and ISO/IEC 27002
  • Project managers or consultants who wish to master the implementation process for Information Security Management Systems
  • Professionals responsible for information security, compliance, risk, and governance within an organization
  • Members of information security teams
  • Expert advisors in information technology
  • Information Security officers
  • Privacy officers
  • IT professionals
  • CTOs, CIOs, and CISOs

Learning objectives

  • Master the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002
  • Gain a comprehensive understanding of the concepts, approaches, standards, methods, and techniques necessary for the effective implementation and management of Information Security controls
  • Understand the relationships between components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behavior
  • Appreciate the significance of information security for organizational strategy
  • Master the implementation of information security management processes
  • Master the formulation and implementation of security requirements and objectives

Educational approach

  • This training combines both theory and practice
  • Lecture sessions illustrated with examples from real-world cases
  • Practical exercises based on case studies
  • Review exercises to assist with exam preparation
  • Practice tests similar to the certification exam

General Information

  • Certification fees are included in the exam price
  • Training materials containing over 500 pages of information and practical examples will be distributed to participants
  • A participation certificate granting 31 CPD (Continuing Professional Development) credits will be issued to participants
  • In the event of an exam failure, you may retake the exam within 12 months at no additional cost
Read more...

PECB ISO 27005 Risk Manager

 21 Hours

This training course demonstrates how to conduct information security risk assessments by integrating insights from ISO/IEC 27005:2022 and ISO/IEC 27001. Combining theoretical knowledge with practical exercises, quizzes, and case studies, this course delivers an engaging and interactive learning experience.

Read more...

PECB ISO/IEC 27001 Lead Implementer

 35 Hours

Information security threats and attack methods are constantly evolving and becoming more sophisticated. The most effective way to counter these risks is through the proper implementation and management of information security controls and industry best practices. Furthermore, robust information security is a critical expectation and mandate from customers, regulators, and other stakeholders.

This training course is structured to equip participants with the skills needed to implement an Information Security Management System (ISMS) in accordance with ISO/IEC 27001. It provides a thorough understanding of ISMS best practices and establishes a framework for its ongoing management and enhancement.

Upon completion of the training, you are eligible to sit for the examination. If you pass, you can pursue the “PECB Certified ISO/IEC 27001 Lead Implementer” credential, which validates your practical knowledge and ability to implement an ISMS based on ISO/IEC 27001 requirements.

Who Can Attend?

  • Project managers and consultants engaged in or interested in the implementation of an ISMS
  • Expert advisors looking to master ISMS implementation
  • Professionals responsible for ensuring organizational conformity with information security requirements
  • Members of an ISMS implementation team

General information

  • Certification fees are included in the exam price
  • Participants will receive training materials comprising over 450 pages of content and practical examples
  • A participation certificate granting 31 CPD (Continuing Professional Development) credits will be issued

  • In the event of an exam failure, a free retake is available within 12 months

Educational approach

  • The course features essay-type exercises, multiple-choice quizzes, real-world examples, and best practices for ISMS implementation.
  • Participants are encouraged to interact and engage in discussions during quizzes and exercises.
  • Exercises are grounded in a case study.
  • The format of the quizzes mirrors that of the certification exam.

Learning objectives

This training course will help you:

  • Gain a comprehensive understanding of the concepts, approaches, methods, and techniques for implementing and effectively managing an ISMS
  • Recognize the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
  • Understand how an ISMS and its processes operate in accordance with ISO/IEC 27001
  • Learn to interpret and apply ISO/IEC 27001 requirements within a specific organizational context
  • Acquire the necessary knowledge to support an organization in planning, implementing, managing, monitoring, and maintaining an ISMS effectively
Read more...

ISO 28000 Lead Implementer

 35 Hours

The ISO 28000 Lead Implementer training equips you with the essential expertise to help an organization establish, implement, manage, and maintain a Supply Chain Security Management System (SCSMS) in accordance with ISO 28000. Throughout this course, you will gain a deep understanding of best practices for SCSMS and learn how to enhance the efficiency of managing potential security risks and their impacts on your organization's supply chain.

Once you have mastered the key concepts of Supply Chain Security Management Systems, you will be eligible to take the exam and apply for the "PECB Certified ISO 28000 Lead Implementer" credential. Earning a PECB Lead Implementer Certificate demonstrates that you possess the practical knowledge and professional skills required to implement ISO 28000 within an organization.

Who should attend?

  • Managers or consultants involved in Supply Chain Security Management
  • Expert advisors aiming to master the implementation of a Supply Chain Security Management System
  • Individuals responsible for ensuring conformance with SCSMS requirements
  • Members of an SCSMS team

Learning objectives

  • Understand the relationship between ISO 28000 and other standards and regulatory frameworks
  • Master the concepts, approaches, methods, and techniques used for implementing and effectively managing an SCSMS
  • Learn how to interpret ISO 28000 requirements within the specific context of an organization
  • Gain the ability to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an SCSMS
  • Acquire the expertise to advise organizations on implementing best practices for Supply Chain Security Management Systems

Educational approach

  • This training combines theory with best practices used in SCSMS implementation
  • Lectures are supported by examples from case studies
  • Practical exercises are based on a case study involving role-playing and discussions
  • Practice tests mirror the format of the Certification Exam

General Information

  • Certification fees are included in the exam price
  • Training materials, comprising over 450 pages of information and practical examples, will be provided
  • A participation certificate awarding 31 CPD (Continuing Professional Development) credits will be issued
  • If the exam is not passed on the first attempt, you can retake it within 12 months at no additional cost
Read more...

ISO 37001 Anti-Bribery Management System

 14 Hours

ISO 37001:2025 is an international standard for Anti-Bribery Management Systems (ABMS) that provides requirements and guidance for preventing, detecting, and addressing bribery risks across organizations of any size or sector.

This instructor-led, live training (online or onsite) is aimed at beginner-level to intermediate-level professionals who wish to understand and support the implementation or auditing of an anti-bribery management system based on ISO 37001:2025.

By the end of this training, participants will be able to:

  • Understand the structure and intent of ISO 37001:2025.
  • Apply anti-bribery requirements in real-world organizational contexts.
  • Develop and monitor effective internal controls and reporting systems.
  • Support an organization’s efforts toward regulatory compliance and ethical integrity.

Format of the Course

  • Interactive lecture and discussion.
  • Real-world case studies and examples.
  • Scenario-based exercises and group work.

Course Customization Options

  • To request a customized training for this course, please contact us to arrange.
Read more...

ISO 37301 Compliance Management System

 14 Hours

ISO 37301 is an international standard that outlines the requirements for creating, developing, implementing, evaluating, maintaining, and enhancing an effective Compliance Management System (CMS).

This instructor-led, live training (available online or onsite) is designed for beginner to intermediate-level professionals who want to understand, implement, or audit a compliance management system based on ISO 37301.

By the end of this training, participants will be able to:

  • Understand the structure, purpose, and scope of ISO 37301.
  • Implement the key elements of a Compliance Management System (CMS).
  • Identify compliance risks and opportunities across the organization.
  • Integrate the ISO 37301 CMS with existing governance, risk, or ISO systems.

Course Format

  • Interactive lecture and discussion.
  • Hands-on exercises and real-world case studies.
  • Group activities and compliance scenario simulations.

Course Customization Options

  • To request customized training for this course, please contact us to arrange.
Read more...

ISO/IEC 42001 Foundation

 14 Hours

This training course on ISO/IEC 42001 Foundation provides you with the essential principles required to establish and manage an Artificial Intelligence Management System (AIMS) in compliance with ISO/IEC 42001. Designed to give you a solid understanding of the basics, the course lays a strong groundwork for building expertise in AIMS.

Read more...

PECB ISO/IEC 42001 Lead Auditor

 35 Hours

Earning the ISO/IEC 42001 Lead Auditor certification demonstrates your mastery of the frameworks required to evaluate compliance with AI management systems. This course explores core principles covering artificial intelligence governance, audit preparation, conformance assessment methodologies, and the audit closure process, all aligned with ISO 19011 and ISO/IEC 17021-1 standards. It equips professionals with the necessary skills to plan field activities, manage AI management system audit programs, and verify that intelligent technology implementations adhere to international governance requirements.

Read more...

PECB ISO 9001 Foundation

 14 Hours

The ISO 9001 Foundation training allows you to master the core components needed to implement and manage a Quality Management System (QMS) in accordance with ISO 9001 standards. Throughout this course, you will gain a comprehensive understanding of the various modules that comprise a QMS, such as QMS policy, procedures, performance metrics, management commitment, internal audits, management reviews, and continual improvement.

Upon finishing this course, you will be eligible to take the exam and apply for the “PECB Certified ISO 9001 Foundation” credential. This PECB Foundation Certificate demonstrates that you have grasped the fundamental methodologies, requirements, framework, and management approaches associated with ISO 9001.

Who should attend?

  • Professionals involved in Quality Management
  • Individuals looking to acquire knowledge about the primary processes of Quality Management Systems (QMS)
  • Those interested in pursuing a career in Quality Management

The “PECB Certified ISO 9001 Foundation” exam fully complies with the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains: Domain 1: Fundamental principles and concepts of a Quality Management System (QMS); Domain 2: Quality Management System (QMS).

After successfully completing the exam, you can apply for the “PECB Certified ISO 9001 Foundation” credential.

General Information

Certification fees are included in the exam price.

Training materials containing over 200 pages of information and practical examples will be provided.

A participation certificate awarding 14 CPD (Continuing Professional Development) credits will be issued.

In the event of an exam failure, you may retake the exam within 12 months at no additional cost.

Read more...

Related Categories

PECB
PECB