Information Security Controls Foundation (ISO/IEC 27002)

Earners of the Information Security Controls Foundation (ISO/IEC 27002:2013) certification have demonstrated foundational knowledge of the ISO/IEC 27002:2013. This certification confirms that the professional has the knowledge to implement information security controls in accordance with the ISO/IEC 27002:2013 standard. The exam covers topics such as terms and definitions, normative references, Information security policies, Organization of information security, Human resource security, Asset management, Access control, Cryptography, Physical and environmental security, Operations security, Communications security, System acquisition, development and maintenance, Supplier relationships, Information security incident management, Information security aspects of business continuity management, and Compliance. Earning criteria: To earn the Information Security Controls Foundation (ISO/IEC 27002:2013) certification candidates must successfully pass the ITC-056: Information Security Controls Foundation (ISO/IEC 27002:2013) exam - Foundational level. A score of 70% or higher is required to pass the exam. The ITC-056: Information Security Controls Foundation (ISO/IEC 27002:2022) exam is a closed-book and remotely proctored exam. ITCERTS recommends that candidates have at least 6 months of work experience in Information Security before sitting for the exam. This certification is considered good-for-life and does not expire.