+de 71 mil alunos

EXIN Information Security Management ISO/IEC 27001 Foundation (2022) – ISFS

Official preparatory course for the EXIN exam

Build your package:

Online CourseLessons, support material, and mock exams

Official Certification ExamVoucher for the official exam

Rated 5 out of 5

Reviews

Taxa de Aprovação 97%

💡 Dica de Economia: Adicione o Curso e pague apenas R$ 1,00 nele!

💡 Dica de Economia: Adicione o Exame e leve este Curso por apenas R$ 1,00!

✅ Melhor Escolha:
Com este pacote, o Curso sai por apenas R$ 1,00.

......

Select Course Language

Select Certification Country

Add to Cart

*Promoção válida apenas para PF e residentes no Brasil
** Preço com desconto apenas para Pessoas Físicas. Faturamento para PJ, confira a nossa política de preço

Sobre o Curso

This EXIN Information Security Management ISO/IEC 27001 Foundation | ISFS Course and Exam are based on the latest version of ISO/IEC 27001:2022. They are official, accredited, and approved by EXIN, aiming to present the fundamental requirements of the ISO/IEC 27001 standard for an Information Security Management System (ISMS). It provides IT professionals with an understanding of the basic principles of information security management, in addition to preparing the candidate for the Information Security Foundation based on ISO/IEC 27001:2022 (ISFS) certification exam.

This course is part of the DPO Track. To become an EXIN Data Protection Officer, you must take this course + EXIN PDPF + PDPP.

The EXIN Certified Data Protection Officer certification naturally begins with the EXIN Privacy & Data Protection Foundation certification. Information security is very important for aspiring DPOs (ISFS). Therefore, the second domain of the Certified Data Protection certification has Information Security as a mandatory discipline.

In combination with the EXIN Privacy & Data Protection Foundation and Professional certifications, this gives candidates a broad understanding of security as a whole. See the image below:

DPOs play a vital role in organizations that process large amounts of data. Business digitalization means that the vast majority of companies are processing increasingly larger volumes of data. To protect customers and themselves, these organizations need to ensure they take the appropriate measures to handle data responsibly.

Público Alvo

For anyone who wishes to have a basic understanding of information security. This is important knowledge for all personnel in a company or government, as everyone works with information.

Exame e Certificação

This course is preparatory for the official EXIN ISFS certification exam.

Exam languages: Portuguese, Spanish, and English
Number of questions: 40 questions
Exam duration: 1 hour
Passing score: 65% (26/40)
Difficulty level: Easy
Prerequisites: EXIN strongly recommends the ISFS preparatory course
Open book exam: No
Exam format: Online

Sobre o Instrutor

15 anos de excelência em treinamento com mais de 71.000 alunos aprovados.

Adriano é um ITIL Master, consultor e autor de 6 livros, trazendo 25 anos de experiência e mais de 50 certificações em Gestão de TI, Segurança e Governança. Como líder da maior comunidade de ITSM e DPSM (mais de 220 mil inscritos no YouTube), ele combina seu MBA pela FGV — uma das melhores escolas de negócios do mundo — com uma especialização em Neurociência para orientar uma rede global de mais de 71.000 alunos. Sua missão é clara: desmistificar a gestão complexa e transformar conhecimento técnico em valor tangível e impacto no mercado.

Adriano Martins Antonio, ITIL 4 Master

Tradutor oficial do Guia ITIL Foundation (Versão 5)

Conteúdo

About the Official Course
About the Training
About the General Syllabus
About the Exam
Change in the Standard’s Name
Size of the Standard
Control Themes
New Control Attributes
Examples of New Control Attributes
Does a Standard Mean Quality?
Related Standards
Importance of ISO/IEC 27001:2022

How Security is Managed
Starting from the Beginning
Information Architecture
TOGAF
Definitions for Information Architecture
Information Security Overview
Availability, Integrity, and Confidentiality
Confidentiality
Example of Confidentiality Measures
Integrity
Example of Integrity Measures
Availability
Characteristics of Availability
Example of Availability Measures
Accountability and Auditability
NIST Beyond CIA
Measures in the Incident Lifecycle
Control Attributes
Exercises

Risk Assessment Mathematics
Risk Assessment
Risk Management
Risk
Examples of Risks
Threat
Vulnerability
Exposure
Relationship Between Threat and Risk
Security Measures
Risk Analysis
Objectives and Purpose of Risk Analysis
Types of Risk Analysis
Risk Analysis Type: Quantitative
Risk Analysis Type: Qualitative
Combined Analysis
SLE, ALE, EF, and ARO
Measures in the Incident Lifecycle
Measures to Reduce Incidents
Prevention
Detection
Avoidance
Insurance
Acceptance
Repression (Suppression)
Correction
Human Threats
Non-Human Threats
Types of Damage
Types of Risk Strategies
Exercises

Information Security Focus
The Information Security Organization
Context of the Organization
Information Security Management System (ISMS)
ISO 27001 Domains
Information Security Policy
Hierarchical Content of a Policy
Information Security Policy Assessment
PDCA Model for the ISMS
PDCA for the ISMS
PDCA Cycle
Ownership or Control
Authenticity
Utility
Diligence and Due Care
Value of Data and Information
Information Analysis
Information System
Information Management
Interdisciplinary Field of Information Management
Distributed Computing
Management Type
Operational Processes and Information
Information Security Process
Exercises

About Information Security Policy
Information Security Roles and Responsibilities
Roles
Segregation of Duties
Management Responsibilities
Contact with Authorities
Threat Intelligence
Information Security in Project Management
Exercises

Information Asset
Inventory
Inventory of Information Assets
Acceptable Use of Information and Other Assets
Return of Assets
Information Classification
Classification
Labeling
Examples of Classification and Labels
Information Transfer
Exercises

Access Control
Logical Access Control
Activities in Access Management
Identity Management
Authentication Information
Access Rights
Type of Access Control
Security at Access Points
Exercises

Supplier Relationships
ICT Supply Chains
Examples of ICT Supply Chains
Monitoring, Review, and Change Management of Supplier Services
Information Security for Use of Cloud Services
Exercises

Planning and Preparation for Information Security Incident Management
Assessment and Decision on Information Security Events
Considerations in the Assessment and Decision on IS Events
Example of IS Incidents
Example of Procedure in Case of IS Incidents
Severity Level
Information Security Incident Response
Learning from Information Security Incidents
Evidence Collection
Information Security During Disruption
Business Continuity Management Principles
ICT Readiness for Business Continuity
Exercises

Legal, Statutory, Regulatory, and Contractual Requirements
Intellectual Property Rights
Considerations on Intellectual Property Rights
Protection of Records
Definition of Personal Data
Privacy and Protection of Personal Data
Territorial Scope
Restrictions on Data Use
Additional Duties for Companies
Increased Fines
Information Security Review
Rules for Information Security Review
Compliance with Information Security Policies and Standards
Information Security Organizations and Standards
Documented Operating Procedures
Exercises

People Controls
Control: Screening
Terms and Conditions of Employment
Awareness, Education, and Training
Information Security Awareness, Education, and Training
Disciplinary Process
Responsibilities After Termination or Change of Employment
Confidentiality or Non-Disclosure Agreements
Remote Working
Elements Considered in Remote Working
Information Security Event Reporting
Exercises

Physical Security Measures
Protection Rings
Outer Ring
Building
Rooms and Vaults
Physical Security Perimeters
Physical Access Controls
Access Management
Electronic Access Management
Other Physical Security Measures
Securing Offices, Rooms, and Facilities
Physical Security Monitoring
Protection Against Physical and Environmental Threats
Working in Secure Areas
Exercises

Clear Desk and Clear Screen
Equipment Siting and Protection
Special Rooms
Protection of Special Rooms
Fire-Resistant Cabinets and Security Cabinets
Protection Against Moisture
Fire Protection
Signage
Fire Extinguishing Agents
Security of Assets Off-Premises
Storage Media
Secure Disposal
Secure Disposal or Reuse of Equipment
Secure Transport
Emergency Power
Cooling
Cabling Security
Equipment Maintenance
Exercises

Endpoint Devices
User Endpoint Devices
Considerations for User Endpoint Devices
Remote Working Policy
Software Installation on Operating Systems
Utility Programs
Utility Program Tasks
Use of Privileged Utility Programs
Exercises

Special Access Privileges
Restriction of Access to Information
Access to Source Code
Secure Authentication
Secure Password Tips
Password Manager
Exercises

Malware: Malicious Software
Phishing
Protection Against Phishing
Ransomware
Example: Clop Ransomware
Example: Hidden Ransomware
Example: Zeus Gameover
Example: News
Example: IoT Devices
Spam
Virus
Measures Against Viruses
Worm
Measures Against Worms
Trojan Horse
Measures Against Trojan Horses
Hoax
Measures Against Hoaxes
Logic Bomb
Spyware
Measures Against Spyware
Botnet
Measures Against Botnets
Rootkit
Measures Against Rootkits
Exercises

Network Security
Network Security Controls
Network Services
Security of Network Services
Network Segregation
Types of Networks
Web Filtering
Exercises

Cryptography
Use of Cryptography
Cryptography Policy
Key Management
Examples of Cryptographic Systems
Symmetric Cryptography
Asymmetric System
Asymmetric Cryptography
Public Key Infrastructure (PKI)
Components of PKI Solutions
Digital Signatures
One-Way Cryptography (Hash)
Exercises

Information Deletion
Data Masking (Obfuscation)
Data Masking Techniques
Anonymization or Pseudonymization
Data Leakage Prevention (DLP)
Data Leakage
Preventing Data Leakage
Exercises

Logging
Use of Logging
Log Content
Log Considerations
Activity Monitoring
Monitoring
Clock Synchronization
Exercises

Information Backup
Redundancies
Types of Redundancies
Redundant Site
On-Demand Emergency Site
Personnel Measures
Exercises

Capacity Management
Vulnerability
Technical Vulnerability Management
Configuration
Managing Configuration
Configuration Management
Change Management
Protection of Information Systems During Audit Testing
Exercises

Secure Development Lifecycle
Systems Development Life Cycle (SDLC)
Security by Design (SbD)
Benefits of Integrating Security into SDLC
Application Security Requirements
E-commerce Services
Publicly Available Information
Security Architecture
Secure Systems Architecture and Engineering Principles
Secure Coding
Security Testing in Development and Acceptance
Outsourced Development
Separation of Development, Testing, and Production Environments
Test Information
Exercises

Suporte e Contato

Converse conosco

Email

Enviar mensagem

FAQ

Common questions

Há mais de 15 anos, a PMG Academy mantém um dos SLAs de resposta mais rápidos do mercado. Seja você um aluno em potencial ou já matriculado, nosso tempo médio de resposta é de apenas 15 minutos!

* Horário de atendimento: de segunda a sexta, das 9h às 18h (horário de Brasilia/ GMT-3)

Reviews

Lucas El-moor Pereira

BBTS Banco do brasil Tecnologia e serviços

November 30, 2025

Today I successfully completed the "Information Security Management based on ISO/IEC 27001" course promoted by PMG Academy. During the training, I acquired fundamental knowledge about the requirements for implementing and maintaining an Information Security Management System (ISMS), including risk assessment and treatment, definition and application of controls, asset management, access control, physical and logical security, as well as governance and regulatory compliance.