EXAM PREPARATION GUIDE

Similar documents
EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

Master the Audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001

Master the implementation and management of a Cybersecurity Program based on ISO/IEC 27032

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

Professional Evaluation and Certification Board Frequently Asked Questions

PECB Certified ISO Lead Auditor. Master the Audit of Occupational Health and Safety Management System (OHSMS) based on ISO 45001

PECB Certified ISO/IEC Lead Auditor

ISO Lead Auditor Program Risk Management System (RMS) Training Program

ISO LEAD AUDITOR TRAINING

ISO Lead Auditor Program Environmental Management System Training Program

Master the Audit of Information Security Management Systems (ISMS) based on ISO/IEC 27001

Implementation of Business Continuity Management System (BCMS) based on ISO 22301:2012 requirements

ISO 9000:2015 LEAD AUDITOR

Candidate s Handbook

Candidate s Handbook

Training Catalog. Decker Consulting GmbH Birkenstrasse 49 CH 6343 Rotkreuz. Revision public. Authorized Training Partner

Course Fees: 850 euro

Introduction to CPIP

ISO9001:2015 LEAD IMPLEMENTER & LEAD AUDITOR

Candidate s Handbook

Introduction to CPIP

When Recognition Matters INTRODUCING NEW PECB CERTIFICATION SCHEMES.

Candidate s Handbook ISO/TS MASTER. PECB c-PECB Candidate Handbook-ISO-TS29001Master_v1.3 Page 1 of 15

TIPA Lead Assessor for ITIL

Candidate s Handbook ISO/IEC LEAD IMPLEMENTER. PECB-810-3b-PECB Candidate Handbook-ISO-IEC 20000LI_v1.3 Page 1 of 16

PECB Certified ISO Lead Implementer

EVALUATION AND APPROVAL OF AUDITORS. Deliverable 4.4.3: Design of a governmental Social Responsibility and Quality Certification System

Certified ISO Lead Auditor

_isms_27001_fnd_en_sample_set01_v2, Group A

Information Security Management System (ISMS) ISO/IEC 27001:2013

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

Certified information Systems Security Professional(CISSP) Bootcamp

Advent IM Ltd ISO/IEC 27001:2013 vs

IPC Certification Scheme IPC Management Systems Auditors

Program Description Council-certified Environmental Infection Control Consultant

South Carolina Association of School Business Officials. Certification Program Guidelines

Introduction to ISO/IEC 27001:2005

Application for Certification

Wolfpack Cyber Academy Training Catalogue

CANDIDATE S HANDBOOK

Certificate Software Asset Management Essentials Syllabus. Version 2.0

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05

When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.

Candidate s Handbook

CANDIDATE S HANDBOOK ISO LEAD AUDITOR

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

Master the implementation and management of a Cybersecurity Program based on ISO/IEC 27032

CA Service Desk Manager r12.x Implementation Proven Professional Exam

IPC Certification Scheme IPC QMS/EMS Auditors

CBCI Certification Course (GPG)

European Risk Management Certification. Candidate Information Guide

Candidate s Handbook

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

PMP Exam Prep Classroom Course Fact Sheet

CERTIFICATION RENEWAL APPLICATION CERTIFIED HEALTHCARE ENVIRONMENTAL SERVICES PROFESSIONAL

QAD Certification Program Guide

BUILD YOUR CYBERSECURITY SKILLS WITH TRASYS INTERNATIONAL

Program Description Council-certified Moisture Control Consultant

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

PECB Change Log Form

ITIL - Lifecycle Service Design Course

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Certified Manager Certification

BCS Practitioner Certificate in Information Risk Management Syllabus

GRADUATE CERTIFICATE IN MANAGEMENT SYSTEMS ADMINISTRATION

Document Control Information

Candidate Exam Briefing

GRADUATE CERTIFICATE IN BUSINESS CONTINUITY MANAGEMENT

MANAGING PROJECTS USING PMI S STANDARDS. Facilitated by Mr. Andreas Solomou. 12, 19, 26 November and 3, 10 December :30 17:00

Certification Commission of NAMSS Policies and Procedures

ISO/IEC INTERNATIONAL STANDARD

InsideNGO Certificate

ARCHITECTS REGISTRATION COUNCIL PROFESSIONAL EXAMINATION RULES AND GUIDELINES JUNE 2017

BEng (Hons) Civil Engineering E410 (Under Review)

John Snare Chair Standards Australia Committee IT/12/4

GENERAL CONDITIONS FOR POWER ENGINEERING EXAMINATIONS AND REFRIGERATION OPERATORS A AND B AND COMPRESSOR OPERATORS

Personnel Certification Program

Transcription:

When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27002 Manager www.pecb.com

The objective of the PECB Certified ISO/IEC 27002 Manager examination is to ensure that the candidate has the knowledge for implementing information security controls and the skills to support an organization in managing information security controls according to ISO/IEC 27002:2013. The target population for this examination is: Managers or consultants wanting to implement an Information Security Management System (ISMS) Project managers or consultants wanting to master the Information Security Management System implementation process Persons responsible for the information security or conformity in an organization Members of the information security team Expert advisors in information technology Technical experts wanting to prepare for an information security audit function The exam content covers the following domains: 1. Fundamental Principles and Concepts in Information Security 2. Information Security Control Best Practice based on ISO/IEC 27002 Page 2 of 9

The content of the exam is divided as follows: Domain 1: Fundamental Principles and Concepts in Information Security Main objective: To ensure that the ISO/IEC 27002 Lead Manager candidate can understand, interpret and illustrate the main information security concepts and standard requirements. Competencies 1. Understand and explain the operations of the ISO organization and the development of information security standards. 2. Ability to identify, analyze and evaluate the information security compliance requirements for an organization. 3. Ability to explain and illustrate the main concepts in information security and information security risk management. 4. Ability to distinguish and explain the difference between information asset, data and record. 5. Understand, interpret and illustrate the relationship between the concepts of asset, vulnerability, threat, impact and controls. Knowledge statements 1. Knowledge of the main standards in information security 2. Knowledge of the different sources of information security requirement for an organization: laws, regulations, international and industry standards, contracts, market practices, internal policies 3. Knowledge of the main information security concepts and terminology as described in ISO/IEC 27000 4. Knowledge of the concept of risk and its application in information security 5. Knowledge of the relationship between the concepts of asset, vulnerability, threat, impact and controls 6. Knowledge of the difference and characteristics of security objectives and controls 7. Knowledge of the difference between preventive, detective and corrective controls and their characteristics Page 3 of 9

Domain 2: Information Security Control Best based on ISO/IEC 27002 Main objective: To ensure that the ISO/IEC 27002 Lead Manager candidate can understand, interpret and provide guidance on how to implement and manage information security controls best practices based on ISO/IEC 27002. Competencies 1. Ability to identify, understand, classify and explain the clauses, security categories and controls of ISO/IEC 27002 2. Ability to detail and illustrate the security controls best practices by concrete examples 3. Ability to compare possible solutions to a real security issue of an organization and identify/analyze the strength and weakness of each solution 4. Ability to select and demonstrate the best security controls in order to address information security control objectives stated by the organization 5. Ability to create and justify a detailed action plan to implement a security control by listing the activities related 6. Ability to analyze, evaluate and validate action plans to implement a specific control. Knowledge statements 1. Knowledge of Information Security Policy Controls Best 2. Knowledge of Organizing Information Security Controls Best 3. Knowledge of Human Resources Security Controls Best 4. Knowledge of Asset Management Controls Best 5. Knowledge of Access Control Controls Best 6. Knowledge of Cryptography Controls Best 7. Knowledge of Physical and Environmental Security Physical Controls Best 8. Knowledge of Operations Security Controls Best 9. Knowledge of Communications Security Controls Best 10. Knowledge of Information Systems Acquisition, Development and Maintenance Controls Best 11. Knowledge of Supplier Management Controls Best 12. Knowledge of Information Security Incident Management Controls Best 13. Knowledge of Business Continuity Management Controls Best 14. Knowledge of Compliance Controls Best Page 4 of 9

Competency Domains PECB-820-12-ISO 27002M Exam Preparation Guide Based on these 2 domains and their relevance, fifty (50) questions are included in the exam, as summarized in the following table: Fundamental principles and concepts in information security Information Security Control Best based on ISO 27002 Points per Question Total points Number of Questions per level of understanding % of Test Devoted to each level of understanding (cognitive/taxonomy) Level of Understanding (Cognitive/Taxonomy) Required Questions that measure Comprehension, Application and Analysis Questions that measure Synthesis and Evaluation 50 24 26 48.00 52.00 Number of Questions per competency domain % of test devoted to each competency domain Number of Points per competency domain 21 42 21 % of Points competency domain 29 58 29 58 42 The passing score is established at 70%. After successfully passing the exam, candidates will be able to apply for the credentials of PECB Certified ISO/IEC 27002 Manager, depending on their level of experience. Page 5 of 9

TAKE A CERTIFICATION EXAM Candidates will be required to arrive at least thirty (30) minutes before the beginning of the certification exam. Candidates arriving late will not be given additional time to compensate for the late arrival and may be denied entry to the exam room (if they arrive more than 5 minutes after the beginning of the exam scheduled time). All candidates will need to present a valid identity card with a picture such as a driver s license or a government ID to the invigilator. The exam duration is two (2) hours. The questions are multiple-choice type questions. The questions are multiple choice questions. This format has been chosen because it has proven to be effective and efficient for measuring and assessing learning outcomes. The multiple-choice exam can be used to evaluate a candidate s understanding on many subjects, including both simple and complex concepts. Even though the course contains a lot of factual information, names, dates, vocabulary, the multiple-choice questions focus on addressing complex thinking skills. The candidates will be presented with questions that require application of course principles and concepts, analysis of problems, evaluation of alternatives, combining several concepts or ideas, etc. Therefore, provided that deeper learning and retention is encouraged, the exam will be closed book and it will measure how deeply the candidate has engaged with the training material. At the end of this document, you will find a sample of exam questions. The exam is closed book. The use of electronic devices, such as laptops, cell phones, etc., is not allowed. Candidates are only authorised to use a hard copy dictionary. All attempt to copy, collude or otherwise cheat during the exam will automatically lead to the exam s failure. PECB exams are available in English. For availability of the exam in a language other than English, please contact examination@pecb.com Page 6 of 9

RECEIVE YOUR EXAM RESULTS Results will be communicated by email in a period of 2 to 4 weeks, after taking the exam. The results will not include the exact grade of the candidate, only a mention of pass or fail. Candidates who successfully complete the examination will be able to apply for a certified scheme. In the case of a failure, the results will be accompanied with the list of domains in which the candidate had a low grade, to provide guidance for exams retake preparation. Candidates who disagree with the exam results may file a complaint. For more information, please refer to www.pecb.com EXAM RETAKE POLICY There is no limit on the number of times a candidate may retake an exam. However, there are some limitations in terms of allowed time-frame in between exam retakes, such as: If a candidate does not pass the exam on the first attempt, he/she must wait 15 days for the next attempt (1 st retake). Retake fee applies. Note: Students, who have completed the full training but failed the written exam, are eligible to retake the exam once for free within a 12 month period from the initial date of the exam. If a candidate does not pass the exam on the second attempt, he/she must wait 3 months (from the initial date of the exam) for the next attempt (2 nd retake). Retake fee applies. If a candidate does not pass the exam on the third attempt, he/she must wait 6 months (from the initial date of the exam) for the next attempt (3 rd retake). Retake fee applies. After the fourth attempt, a waiting period of 12 months from the last session date is required, in order for candidate to sit again for the same exam. Regular fee applies. For the candidates that fail the exam in the 2 nd retake, PECB recommends to attend an official training in order to be better prepared for the exam. To arrange exam retakes (date, time, place, costs), the candidate needs to contact the PECB partner who has initially organized the session. Page 7 of 9

CLOSING FILES Closing a file is equivalent to rejecting a candidate s application. As a result, when candidates request that their file be reopened, PECB will no longer be bound by the conditions, standards, policies, candidate handbook or exam preparation guide that were in effect before their file was closed. Candidates who want to request that their file be reopened must do so in writing, and pay the required fees. EXAMINATION SECURITY A significant component of a successful and respected professional certification credential is maintaining the security and confidentiality of the examination. PECB relies upon the ethical behaviour of certificate holders and applicants to maintain the security and confidentiality of PECB examinations. When someone who holds PECB credentials reveals information about PECB examination content, they violate the PECB Code of Ethics. PECB will take action against individuals who violate PECB Policies and the Code of Ethics. Actions taken may include permanently barring individuals from pursuing PECB credentials and revoking certifications from those who have been awarded the credential. PECB will also pursue legal action against individuals or organizations who infringe upon its copyrights, proprietary rights, and intellectual property. Page 8 of 9

SAMPLE EXAM QUESTIONS AND ANSWERS 1. Please determine which of the following statements is true? a) Anything that adds value to the organization is considered "Asset" b) Decision to treat a risk is called "risk acceptance" c) Process of selection and implementation of measures to modify risk is called "risk treatment" d) Attack of computer virus is a vulnerability e) Attack of computer virus is a threat Correct answer: a) 2. An organization has installed a motion detector in their main building. What type of control is this? a) Detective b) Corrective c) Preventive d) All of the above e) None of the above Correct answer: c) 3. An organization that has selected clause 11.1.2 on Physical entry controls. Which of the following is explicitly required by ISO/IEC 27002:2013 standard? a) Employees should only be granted access to locations they need to access to perform their work b) Physical access rights should be regularly reviewed and updated; c) Employees should wear visible identification at all time; d) Visitors should sign a visitor's register before being granted access in work areas; e) All of the above Correct answer: e) Page 9 of 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback