Book Reviews: Information Security Books and Product Reviews – ISO27001 Certified ISMS Foundation Course

Training Course Name:   ISO27001 Certified ISMS Foundation Course

Name of Training Provider: IT Governance

Type of Course: Classroom

Length of Course: 1 day

Date of Attendance: 10th November 2011

Price (UK or US price – full price, not discounted price): £494 including exam.

URL of Training Provider Web Site:  IT Governance

Examination and Qualification: 1 hour, 40 multiple-choice questions.  IBITGQ® ISO27001 Certified ISMS Foundation Level.

Synopsis of the Course:

The ISO27001 Foundation 1 day course is presented over 6 hours (including breaks) followed by a 1 hour examination of 40 multiple choice questions.  The examination is ‘closed book’, and the pass mark is 65%.

The course was constructed as follows:

  • The basics
    • Drivers for ISO 27001
    • Standards
  • Documentation and Management Systems
  • Certification
  • Management Commitment
  • Overview of ISO 27001
  • Implementing ISO 27001
    • Scoping, Planning, Communication
  • Risk Assessment and Security Controls
  • Summary
  • Examination


Online course registration with IT Governance was quick and easy.  Confirmation and reminder emails were sent a number of times, including clear location and travel instructions. I had bought a copy of both the ISO27001 and ISO27002 standards (IT Governance the cheapest place I could find) in preparation for the course, but as you can imagine these are a little dry!   In the end I prepared for the course by reading the IT Governance – A Manager’s Guide to Data Security and ISO27001/ISO27002 (book review to follow).

About two weeks before course, two pocket guides arrived in the post from IT Governance: plenty of time to read them before the day.  The pocket guides were: An Introduction to Information Security and ISO27001 and ISO27001 / ISO27002 A Pocket Guide.  Finally, a couple of days before the course, IT Governance sent a Good Luck email – very thoughtful!

I arrived at the venue in London at 08:45where there was plenty of tea, coffee and biscuits waiting in a break-out area.There were about four other training courses running at the venue, but at no time was it crowded since each course had its allocated (and staggered) time in the break-out area. Our classroom was spacious, with seating for about 14 students, and while there were 11 attendees in the classroom, we all had good visibility of the presentation and the flipchart which was used throughout. Copies of all the course slides were available on the desk when we arrived, together with pens, paper, water and name cards.

The presenter introduced himself and provided an overview of his impressive background.  All attendees were invited to provide a short bio, including the reasons for attending the course.  A number of attendees were preparing for the more intensive 27001 Lead Implementer or 27001 Lead Auditor courses (which also include International Board for IT Governance Qualifications).

Course attendees came from a variety of backgrounds, including the armed forces, government, private sector and financial services.  Attendees had a variety of IS experience, however, the course itself did not require a high level of knowledge.The presenter covered the topics at an easy pace and reviewed the key points at the end of each section.  Questions were asked and responses discussed.  The presenter took care to ensure that the question had all been satisfactorily answered before we moved on.  On several occasions during the day there was time for general relevant discussion regarding the attendees’ experiences in their own professional fields.There were three exercises during the day when we were invited to form into groups for discussion. During these sessions we broke out into smaller groups of three or four and discussed the pros and cons of a scenario relevant to the topic.  These were invaluable to get a different perspective on the topic from the other attendees.The course presentation finished around 15:45 and the exam coordinator joined us to hand out the exam papers.  Although an hour was allocated for the exam, I managed to finish in about 45 minutes.

I received confirmation that I had passed the exam one week to the day from the training course date: “Congratulations. You have successfully passed the examination to IBITGQ® ISO27001 Certified ISMS Foundation Level”.  The certificate is scheduled to arrive in about 6 weeks (as it comes from the examining body) and the attendance certificate is scheduled to arrive about two weeks after the course.

Closing summary:

A well presented introduction to ISO27001, complemented with a pair of useful pocket guides and clear course materials.  Exactly as advertised on the IT Governance website.

Marks: 5 out of 5*****

You don`t have permission to comment here!