Security Professionals, ICT
Edu type:
Course or training
3447gv, Online
Start date:
Study Load:
35 hrs
5 weeks
More information


Information Security Practitioner (ISP) was designed for information security professionals who aspire to progress into a management or advisory role. ISP offers you the mindset, knowledge and practical skills you need to become a successful Information Security Officer or Manager. During the course, you will draft an information security vision statement, plan and perform information security risk assessments, develop an implementation plan for the ISO/IEC 27001 standard, assess and improve strategic information security policies, develop an effective information security awareness program using behavioural theory and learning theory, and start coordinating activities in the domains of Identity and Access Management and Incident Response. The training ends with a comprehensive case study assignment, where you will review an information security audit report and propose an actionable plan that will help the audited organisation achieve ISO 27001-compliance.


This course is taught entirely in English.


Information Security Practitioner

  • 5 days
  • Information security professionals looking to progress into a security management role. (aspiring) information security officers, consultants, security managers, IT Auditors, line managers and project managers with a direct line to the information security practice.
  • Integrate information security into strategic management and organisational culture, while ensuring compliance with information security laws, regulations and standards.
  • Adopt a risk-based approach to information security. Balance interests and threats to improve organisational resilience. Apply resilience management principles. Contribute to effective information security governance. Plan and perform information security risk assessments in line with best practices. Develop an implementation plan for the ISO/IEC 27001 standard.
  • Apply best practice project management principles. Compose and lead a project team.
  • Evaluate types of information security risks posed by human behaviour. Develop an effective information security awareness action plan based on behavioural, learning and adoption theories.
  • Identify, prioritise and present key business drivers for Identity and Access Management. Evaluate user authentication methods, identity governance schemes, access governance and authorisation methods and how to achieve good accountability in IAM.
  • Evaluate organisational aspects of establishing a Computer Security Incident Response Team (CSIRT), the incident response process and fundamentals of incident response policy governance. Understand best practices for security report writing.
  • Understand how information security audits are performed and learn to interpret audit opinions. Review an audit report and create an actionable improvement plan.


What’s included

  • Official SECO-Institute course materials
  • Training from passionate instructors with exceptional skills
  • Access to the SECO member portal
  • Practice exam
  • Exam voucher
  • Membership to SECO’s Alumni Network after passing the exam



  • Day 1 – Core Values & Strategic Goals
  • Module 1 - Defining Core Values & Strategic Goals for Information Security
  • Day 2 – Developing an Information Security Management System
  • Module 2 – Developing an Information Security Management System
  • Day 3 – Human Aspects
  • Module 3 - Human Aspects I: Project Management & Leadership
  • Module 4 - Human Aspects II: Security Awareness
  • Self-study – Attacker perspectives
  • Module 5 - Methods of a Hacker, OSINT & Google Hacking
  • Day 4 – Domains of IAM and Incident Response
  • Module 6 - Identity & Access Management
  • Module 7 - Incident Response & Reporting
  • Day 5 – The Security Audit
  • Module 8 - Information Security Audit
  • Module 9 - Final Assignment
  • Module 10 - Practice exam
  • Collect your badge of honor
  • Exam
  • Join our Alumni Network