Course Code



35 Hours


A fundamental understanding of ISO/IEC 27002 and comprehensive knowledge of Information Security.



ISO/IEC 27002 Lead Manager training enables you to develop the necessary expertise and knowledge to support an organization in implementing and managing Information Security controls as specified in ISO/IEC 27002

After completing this course, you can sit for the exam and apply for the “PECB Certified ISO/IEC 27002 Lead Manager” credential.  A PECB Lead Manager Certification, proves that you have mastered the principles and techniques for the implementation and management of Information Security Controls based on ISO/IEC 27002.

Who should attend?

  • Managers or consultants seeking to implement an Information Security Management System (ISMS) based on ISO/IEC 27001 and ISO/IEC 27002
  • Project managers or consultants seeking to master the Information Security Management System implementation process
  • Individuals responsible for the information security, compliance, risk, and governance, in an organization
  • Members of information security teams
  • Expert advisors in information technology
  • Information Security officers
  • Privacy officers
  • IT professionals
  • CTOs, CIOs and CISOs

Learning objectives

  • Master the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002
  • Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective implementation and management of Information Security controls
  • Comprehend the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behavior
  • Understand the importance of information security for the strategy of the organization
  • Master the implementation of information security management processes
  • Master the formulation and implementation of security requirements and objectives

Educational approach

  • This training is based on both theory and practice
  • Sessions of lectures illustrated with examples based on real cases
  • Practical exercises based on case studies
  • Review exercises to assist the exam preparation
  • Practice test similar to the certification exam

General Information

  • Certification fees are included on the exam price
  • Training material containing over 500 pages of information and practical examples will be distributed to the participants
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants
  • In case of exam failure, you can retake the exam within 12 months for free

     Course Outline

Day 1:

  • Introduction to Information Security controls as recommended by ISO/IEC 27002

Day 2:

  • Security requirements and objectives based on ISO/IEC 27002 

Day 3:

  • Monitoring, measurement, analysis, and evaluation of Information Security controls

Day 4:

  • Continual improvement of an organization's information security performance

Day 5:

Certification Exam

The “PECB Certified ISO/IEC 27002 Lead Manager” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competence domains:

  • Domain 1: Fundamental principles and concepts for Information Security Controls
  • Domain 2: Information Security Control based on ISO/IEC 27002
  • Domain 3: Planning and evaluating the need and applicability of information security controls
  • Domain 4: Implementation and management of information security controls
  • Domain 5: Monitoring and measurement of information security controls
  • Domain 6: Continual improvement

     Feedback (33)

Ann is very knowledgeable on the subject. She is constantly varying pace according to the feedback. There is a lot of room for discussing attendee's own experiences. It was a great joy !.

Sjoerd Hulzinga - KPN p/a Bloomville

It was quite informal.

- Capita Business Services Ltd

Trainer covered a lot of ground over a relatively short period.

- Capita Business Services Ltd

I found it very interesting to learn all about what happens behind the scenes when it comes to IT systems. I also enjoyed learning about security and what hackers do as ethical hacking is an avenue I'm very keen in pursuing.

- Knowledge Pool/ DVLA

Richard was very knowledgeable in his field.

- Knowledge Pool/ DVLA

It was pitched at the right level - challenging but understandable & informative.

Louise Voisey - Capita Business Services Ltd


Mohalmald Salim - PSO

Level of expertise from the trainer Use case examples

Pierre Maillot - Bosch

His deep knowledge of the IoT topic.


Ron's experience on how to successfully implement IoT projects and the deep technical subjects covered.


relevance of content to our I4.0 business environment


Very knowledgeable trainer, was able to adjust to audience knowledge, excellent industry experience and ability to relate to audience needs Excellent content preparation , tailored to needs discussed beforehand. Good supplement reading materials prepared by trainer

Oliver Steinig - Bosch

Ron was very mindful of his audience and addressed everyone's questions. He checked his audience for clarity and was willing to spend the time to review a topic until everyone understood the topic. He gauged the audience for energy levels and suggested a break when he saw that the energy from the group was waning. This was much appreciated.


The pace of training delivery.

Ian McInally - KnowledgePool

the exercises and group discussions.


The trainer was very knowledgeable and was happy to go at the pace of the attendees. He was polite and respectful to all those in attendance. I felt I learnt a lot from the course as the trainer was very succinct in his delivery when going through the PP slides. A really good, worth while course from my personal point of view.

Julie Price - KnowledgePool

The environment was really relaxed and open so everyone could ask questions or put across points of view or experience. David the trainer was a SME on the subject and his style was very good.




The example and exercise


I got more information regarding the web applications' security issues, the different tools that could be used to cope with these issues, and more advice from the trainer to handle all these issues.


the list of tools


how it was broken into the technical and security mindset aspects.




he is very knowledgeable and comprehensive.


Matthew was very knowledge and has lot experience to share with us. it was very pleasant, as he take the time to listen to us and answer to our questions. Thank you Matthew, it was awesome.


The second day, scenarios exercises.

Christina Hutchings - KnowledgePool

The real life examples Ron gave.


I liked the trainer's introduction and anecdotes to make the learning more real


David's in depth knowledge. His relationship building skills with the audience. I really enjoyed the way he managed to make us (as a collective audience) enjoy the quite dry and uninteresing subject matter. He had anecdotes and knowledge of specific examples of security failings - hacker attacks - BCP 'breakdowns' etc which put flesh on the bones to the piece of legislation or 'best practice' for BCP that he was trying to teach us about. A really engaging, down to earth and personable man: A very good listener and a fabulous, charismatic trainer.

Cris Bollin - KnowledgePool

All is excellent

Manar Abu Talib - Dubai Electronic Security Center

- Understanding that ATT&CK creates a map that makes it easy to see, where an organization is protected and where the vulnerable areas are. Then to identify the security gaps that are most significant from a risk perspective. - Learn that each technique comes with a list of mitigations and detections that incident response teams can employ to detect and defend. - Learn about the various sources and communities for deriving Defensive Recommendations.

CHU YAN LEE - PacificLight Power Pte Ltd

He took his time to make sure everyone understood and were on the same wave length

Tina Hopkins - Capita Business Services Ltd

I found the training too in depth for IT beginners. There was too many high level subjects that i felt were too advanced for a beginner level.

Capita Business Services Ltd

The course could be tailored to suit your needs and objectives. It can also be delivered on your premises if preferred.



Online Price per participant 6000 AED


Classroom Price per participant 6000 AED





  Workday courses take place between 9:30 and 16:30


  Show venue details

Number of Participants

Related Courses

Total Courses 4

Certificate of Cloud Security Knowledge

  14 hours


Comprehensive C# and .NET Application Security

  21 hours

C/C++ Secure Coding

  21 hours

Advanced Java Security

  21 hours

Standard Java Security

  14 hours

Java and Web Application Security

  21 hours

Advanced Java, JEE and Web Application Security

  28 hours

.NET, C# and ASP.NET Security Development

  14 hours

Advanced C#, ASP.NET and Web Application Security

  21 hours

Microsoft SDL Core

  14 hours

Security Testing

  14 hours

Web Application Security

  14 hours


Fundamentals of Corporate Cyber Warfare

  14 hours

Open Source Intelligence (OSINT)

Open Source Intelligence (OSINT)

What is Open Source Intelligence (OSINT)?

Open Source Intelligence (OSINT) Advanced

  21 hours

Open Source Cyber Intelligence - Introduction

  7 hours

Discounted Public Courses

This site in other countries/regions