EXIN Information Security Management Professional based on ISO/IEC 27001 (ISMP.EN)
The module Information Security Management Professional based on ISO/IEC 27001 (ISMP.EN)
tests understanding of the organizational and managerial aspects of information security.
The subjects of this module are:
• Information security perspectives: business, customer, service provider/supplier
• Risk Management: analysis, controls, remaining risks
• Information security controls: organizational, technical, physical.
Information security is the preservation of confidentiality, integrity and availability of information
(ISO/IEC 27000 definition).
Information security is gaining importance in the Information Technology (IT) world. Globalization
of the economy is leading to an ever-increasing exchange of information between organizations
(their staff, customers and suppliers) and an explosion in the use of networked computers and
The core activities of many companies completely rely on IT. Enterprise resource planning (ERP)
management systems, the control systems that govern how a building runs or a manufacturing
machine functions, day-to-day communications - everything - runs on computers. The vast majority
of information - the most valuable commodity in the world - passes through IT. Information is
crucial for the continuity and proper functioning of both individual organizations and the economies
they fuel; this information must be protected against access by unauthorized people, protected
against accidental or malicious modification or destruction and must be available when it is
needed. Companies and individual users of technology are also beginning to understand how
important security is and are beginning to make choices based on the security of the technology or
There are other trends that are increasing the importance of the Information Security discipline:
• Compliance requirements are increasing. Most countries have multiple laws or regulations
governing the use and requiring protection of various types of data. These laws are
increasing in number and their requirements are growing.
• Many industries, particularly the financial world, have regulations in addition to those
imposed by a government. These are growing in number and complexity too.
• Security standards are being developed and refined at industrial, national and international
• Security certifications and auditable proof that an organization is complying with security
standards and/or best practices are sometimes being demanded as a condition of doing
The international standard for Information Security Management, ISO/IEC 27001:2013 is a widely
respected and referenced standard and provides a framework for the organization and
management of an information security program. Implementing a program based on this standard
will serve an organization well in its goal of meeting many of the requirements faced in today’s
complex operating environment. A strong understanding of this standard is important to the
personal development of every information security professional.
In EXIN’s Information Security modules the following definition is used: Information Security deals
with the definition, implementation, maintenance, compliance and evaluation of a coherent set of
controls which safeguard the availability, integrity and confidentiality of the (manual and
automated) information supply.
The EXIN Information Security Management Professional based on ISO/IEC 27001 certification is
part of the EXIN Information Security Management based on ISO/IEC 27001 qualification program
Security professionals. This module is intended for everyone who is involved in the implementation,
evaluation and reporting of an information security program, such as an Information Security
Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project
Manager with security responsibilities.
Basic knowledge of Information Security is recommended, for instance through the EXIN
Information Security Foundation based on ISO/IEC 27001 certification.
Requirements for Certification
• Successful completion of the EXIN Information Security Management Professional based
on ISO/IEC 27001 exam.
• Accredited EXIN Information Security Management Professional based on ISO/IEC
27001 training, including completion of the Practical Assignments.
|Examination type:||Multiple-choice Questions|
|Number of questions:||30|
|Pass mark:||65% (20/30 questions)|
|Electronic equipment/aides permitted:||No|
|Exam duration:||90 minutes|