Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.
Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their employees, customers, and suppliers) and an explosion in the use of networked computers and computing devices.
As I started taking the shift towards information security in my day to day job, I decided to study and sit for the ISO 27001 Information Security Foundation exam.
The international standard for Information Security Management ISO/IEC 27001 is a widely respected and referenced standard and provides a framework for the organization and management of an information security program. Implementing a program based on this standard will serve an organization well in its goal of meeting many of the requirements faced in today’s complex operating environment. A strong understanding of this standard is important to the personal development of every information security professional.
I am so happy and grateful now that I passed the ISFS – Information Security Foundation based on ISO/IEC 27001. I figured that I would share my experience in this blog to help you prepare and tackle this exam successfully.
In this exam, I got 40 questions, and the total time for this exam is only 60 minutes. You have around 1.5 minutes per question to answer, otherwise, you will run out of time so be careful!!! To pass this exam, you need to answer 26 questions correctly which reflect 65% mark. The questions do pretty much match the list of skills measured below.
Exam Target Audience
The Certificate EXIN Information Security Foundation based on ISO/IEC 27001 is part of the qualification program Information Security. The module is followed up by the Certificates EXIN Information Security Management Professional based on ISO/IEC 27001 and EXIN Information Security Management Expert based on ISO/IEC 27001.
The examination for EXIN Information Security Foundation based on ISO/IEC 27001 is intended for everyone in the organization who is processing information. The module is also suitable for entrepreneurs of small independent businesses for whom some basic knowledge of information security is necessary. This module can be a good start for new information security professionals.
Skills measured on this exam
This exam measures your ability to accomplish the topics listed below based on the latest update from EXIN:
Information and Security (10%)
- The Concept of Information
- Value of Information
- Reliability Aspects
Threats and Risks (30%)
- Threats and Risks
- Relationships between Threats, Risks and the Reliability of Information
Approach and Organization (10%)
- Security Policy and Security Organization
- Incident Management
- Importance of Measures
- Physical Security Measures
- Technical Measures
- Organizational Measures
Legislation and Regulation (10%)
- Legislation and Regulations
Microsoft Azure and ISO 27001
ISO 27001 compliance standard is highly adopted across multiple organizations. If you are using Azure today, Microsoft has already integrated ISO 27001 in various cloud services to make sure your organization meets this regulatory standard.
Microsoft announced a series of built-in Blueprints Architectures that can be leveraged during your cloud-adoption journey. The ISO 27001 Shared Services Blueprint is already available to your Azure tenant. Simply navigate to the Blueprints page, click “Create blueprint”, and choose the ISO27001 Shared Services blueprint from the list as shown below. The ISO 27001 blueprint is designed to help you deploy production ready, secure end-to-end solutions in one click.
Security Center – Regulatory compliance
Azure Security Center helps streamline the process for meeting regulatory compliance requirements, using the Regulatory compliance dashboard. In the Security Center main menu, under POLICY & COMPLIANCE select Regulatory compliance dashboard.
You can see that ISO 27001 compliance is also supported as regulatory standard. You will see the list of all controls for that standard. For the applicable controls, you can view the details of passing and failing assessments associated with that control. Some controls are grayed out. These controls do not have any Security Center assessments associated with them. You need to analyze the requirements for these and assess them in your environment on your own. Some of these may be process-related and not technical.
Lessons Learned and Exam Preparation
The key success to pass this exam is to work with Information Security on a regular basis and specifically with ISO 27001 standard.
To prepare for this exam, I recommend Instructor-led classroom-based training. You can find a list of accredited training providers here. You can also order the following exam preparation book: foundations of information security based on ISO27001 and ISO27002 from Van Haren Publishing, 3rd edition.
If you are planning to take this exam… I wish you all the best and Happy Studying!!!
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.