ISO/IEC 27035 Lead Incident Manager – Self-Study

About the course

Why should you take this training course?

ISO/IEC 27035 Lead Incident Manager training enables you to acquire the necessary expertise to support an organization in implementing an Information Security Incident Management plan based on ISO/IEC 27035. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an organizational incident management plan. The compatibility of this training course with ISO/IEC 27035 also supports the ISO/IEC 27001 by providing guidance for Information Security Incident Management.

Training done in collaboration with


Course Outlines

Course Agenda

Day 1: Introduction to Information Security Incident Management concepts as recommended by ISO/IEC 27035

  • Course objectives and structure
  • Standards and regulatory frameworks
  • Information Security Incident Management
  • ISO/IEC 27035 core processes
  • Fundamental principles of Information Security
  • Linkage to business continuity
  • Legal and ethical issues

Day 2: Designing and preparing an Information Security Incident Management plan

  • Initiating an Information Security Incident Management Process
  • Understanding the organisation and clarifying the information security incident management objectives
  • Plan and prepare
  • Roles and functions
  • Policies and procedures

Day 3: Enacting the Incident Management process and handling Information Security incidents

  • Communication planning
  • First implementation steps
  • Implementation of support items
  • Detecting and reporting
  • Assessment and decisions
  • Responses
  • Lessons learned
  • Transition to operations

Day 4: Monitoring and continual improvement of the Information Security Incident Management plan

  • Further analysis
  • Analysis of lessons learned
  • Corrective actions
  • Competence and evaluation of incident managers
  • Closing the training

Day 5 Certification Exam (3-hours)

The exam complies with the PECB Examination and Certification Program (ECP) requirements. The exam covers the following competency domains:

Domain 1: Fundamental principles and concepts of Information Security Incident Management

Domain 2: Information Security Incident Management best practices based on ISO/IEC 27035

Domain 3: Designing and developing an Organisational Incident Management process based on ISO/IEC 27035

Domain 4: Preparing for Information Security incidents and implementing an Incident Management Plan

Domain 5: Enacting the Incident Management Process and handling Information Security Incidents

Domain 6: Performance measurement and monitoring

Domain 7: Improving the Incident Management processes and activities

Course Details

Duration: Up to 6 months

Starts: Upon Registration

Ends: After Examination

You'll be signed up for our PECB platform KATE where you will have access to all training procedures.

  • Certification fees are included on the exam price
  • Training material containing over 450 pages of information and practical examples will be distributed
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued
  • In the event of exam failure, you can retake the exam within 12 months for free

Learning Objectives

  • Master the concepts, approaches, methods, tools and techniques that enable effective Information Security Incident Management according to ISO/IEC 27035
  • Acknowledge the correlation between ISO/IEC 27035 and other standards and regulatory frameworks
  • Acquire the expertise to support an organisation to effectively implement, manage and maintain an Information Security Incident Response plan
  • Acquire the competence to effectively advise organisations on the best practices of Information Security Incident Management
  • Understand the importance of establishing well-structured procedures and policies for Incident Management processes
  • Develop the expertise to manage an effective Incident Response Team

Frequently Asked Questions

What are the prerequisites?

A fundamental understanding of ISO/IEC 27035 and comprehensive knowledge of Information Security.

Can I retake an exam?

In case of exam failure, the candidate can retake the exam once for free within 12 months following the initial exam date.

Which Audit Activities are Considered Valid Experience?

  1. Drafting an Information Security Incident Management plan
  2. Implementing Information Security Incident Management processes
  3. Managing Information Security Incident processes
  4. Conducting forensics investigation
  5. Monitoring and analyzing security events
  6. Identifying potential threats and security trends
  7. Vulnerabilities assessment
  8. Monitoring and managing risks
  9. Implementing corrective or preventive actions
  10. Performing internal controls
  11. Managing an Incident Response Team

ISO/IEC 27035 Lead Incident Manager – Self-Study


Master the Information Security Incident Management based on ISO/IEC 27035

Self-Study Course: €1,000 + VAT