You dont have javascript enabled! Please enable it!

Passed Exam: Information Security Foundation Based on ISO/IEC 27001

3 Min. Read

The increase in cyber security issues in the press seems relentless. Organizational leaders in all types of industries are looking for capable security managers to navigate them safely through the dangers of this highly connected world.

In this article, we will share with you how to prepare and pass the information security foundation exam based on ISO/IEC 27001.


Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.

Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their employees, customers, and suppliers) and an explosion in the use of networked computers and computing devices.

As I started making the shift towards information security in my day-to-day job, I decided to study and sit for the ISO 27001 Information Security Foundation exam.

The International Standard for Information Security Management ISO/IEC 27001 is a widely respected and referenced standard and provides a framework for the organization and management of an information security program. Implementing a program based on this standard will serve an organization well in its goal of meeting many of the requirements faced in today’s complex operating environment. A strong understanding of this standard is important to the personal development of every information security professional.

I am so happy and grateful now that I passed the ISFS – Information Security Foundation based on ISO/IEC 27001. I figured that I would share my experience in this article to help you prepare and tackle this exam successfully.

In this exam, I got around 45 questions, and the total time for this exam is only 60 minutes (1 hour). You have around 1.5 minutes per question to answer, otherwise, you will run out of time so be careful!!! To pass this exam, you need to answer 26 questions correctly which reflects a 65% mark. The questions do pretty much match the list of skills measured below.

Exam Target Audience

ISO/IEC 27001 certification. The Certificate EXIN Information Security Foundation based on ISO/IEC 27001 is part of the qualification program Information Security. The module is followed up by the Certificates EXIN Information Security Management Professional based on ISO/IEC 27001 and EXIN Information Security Management Expert based on ISO/IEC 27001.

The examination for EXIN Information Security Foundation based on ISO/IEC 27001 is intended for everyone in the organization who is processing information. The module is also suitable for entrepreneurs of small independent businesses for whom some basic knowledge of information security is necessary. This module can be a good start for new information security professionals.

Skills measured on this exam

This exam measures your ability to accomplish the topics listed below based on the latest update from EXIN:

Information and Security (10%)

  • The Concept of Information
  • Value of Information
  • Reliability Aspects

Threats and Risks (30%)

  • Threats and Risks
  • Relationships between Threats, Risks, and the Reliability of Information

Approach and Organization (10%)

  • Security Policy and Security Organization
  • Components
  • Incident Management

Measures (40%)

  • Importance of Measures
  • Physical Security Measures
  • Technical Measures
  • Organizational Measures

Legislation and Regulation (10%)

  • Legislation and Regulations

Microsoft Azure and ISO 27001

ISO 27001 compliance standard is highly adopted across multiple organizations. If you are using Azure today, Microsoft has already integrated ISO 27001 in various cloud services to make sure your organization meets this regulatory standard.


Microsoft announced a series of built-in Blueprints Architectures that can be leveraged during your cloud adoption journey. The ISO 27001 Shared Services Blueprint is already available to your Azure tenant. Simply navigate to the Blueprints page, click “Create blueprint”, and choose the ISO27001 Shared Services blueprint from the list as shown below. The ISO 27001 blueprint is designed to help you deploy production-ready, secure end-to-end solutions in one click.

Passed Exam: Information Security Foundation Based on ISO/IEC 27001 1

Microsoft Defender for Cloud – Regulatory compliance

Microsoft Defender for Cloud (formerly called Azure Security Center) helps streamline the process for meeting regulatory compliance requirements, using the Regulatory compliance dashboard.

In Defender for Cloud main menu, under POLICY & COMPLIANCE select Regulatory compliance dashboard.

You can see that ISO 27001 compliance is also supported as a regulatory standard. You will see the list of all controls for that standard. For the applicable controls, you can view the details of passing and failing assessments associated with that control.

Passed Exam: Information Security Foundation Based on ISO/IEC 27001 2

Please note that some controls are grayed out. These controls do not have any Security Center assessments associated with them. You need to analyze the requirements for these and assess them in your environment on your own. Some of these may be process-related and not technical.

Lessons Learned and Exam Preparation

The key success to passing this exam is to work with Information Security on a regular basis and specifically with ISO 27001 standards.

To prepare for this exam, I recommend Instructor-led classroom-based training. You can find a list of accredited training providers here. You can also order the following exam preparation book: foundations of information security based on ISO27001 and ISO27002 from Van Haren Publishing, 3rd edition.

Last but not least, I highly recommend starting to watch the free training ISO 27001 foundation course provided by here.

If you are planning to take this exam… I wish you all the best and Happy Studying!!!

Passed Exam: Information Security Foundation Based on ISO/IEC 27001 3

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect, Swiss Certified ICT Security Expert, Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT). He has over 20 years of broad IT experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems with extensive practical knowledge of complex systems build, network design, business continuity, and cloud security.

Related Posts


Storage Spaces Direct is Now Azure Stack HCI

How to Manage Windows Server Like a Boss @servermgmt @AltaroSoftware


6 thoughts on “Passed Exam: Information Security Foundation Based on ISO/IEC 27001”

Leave a comment...

  1. Hi there! I would like to prepare to take the ISO 27001 Foundations Exam. I was thinking of taking it through Advisera but noticed the exam description is a bit different from who you took it through. For example, on Advisera it states it’s only 14 questions in total and you get 45 mins to complete it. Multiple Choice and True/False in the test pool. This sounds different from how yours went. Was your exam proctored as well? Any advice would be appreciated!

  2. Hello Brittany, thanks for the comment and your interest in taking the ISO 27001 Foundation Exam.
    Please note that taking the exam directly from Advisera is not the official ISO 27001 certification exam.
    I would advise you to look at the Examination Institute APMG International here or EXIN here.
    I took it with EXIN, and if you compare the exam from APMG and EXIN, you’ll see that both stated 40 to 50 questions (duration 1 hour) and not 14 questions.
    Yes, the exam can be taken onsite and online (proctored).
    Hope it helps and good luck!

  3. Thank you so much for your reply and the insight!

    If the course and exam are not the official ISO 27001, would obtain this one still aid in my progress in your opinion? I suppose I’m curious as to how many different organizations offer the ISO 27001 Foundations Exam and why they all differ so extensively.

    Thank you so much once again!

  4. Welcome, Brittany,
    Yes, taking the training course and the short exam from Advisera will definitely help you in your progress.
    In fact, I took the training course from Advisera before I sat for the official exam with EXIN.
    Yes, that’s true and confusing, many different organizations offer the ISO 27001 Foundation, Practitioner, and Auditor Exams.
    The three world’s leading accreditation and exam institutes are APMG, PECB, and EXIN. PECB does not offer proctored online exam options.
    Once you are done with your preparation with Advisera, you can choose one of the accredited exam institutes mentioned above and take the official exam.
    After I looked at Advisera in more details, it looks like they are accredited by ASIC now for their certification exams, which is an independent, government-approved accreditation body specializing in the accreditation of schools, colleges, universities, training organizations, and online and distance education providers, both in the UK and overseas.
    From there, you can do your due diligence and check which one is more recognized worldwide.
    But again, in my opinion, I would narrow my choice to APMG or EXIN for the final official exam.
    Hope it helps!

  5. Hello! This is an awesome website. I’m considering taking the EXIN ISO 27001 Foundations test. I’m considering getting into GRC work.

Let me know what you think, or ask a question...

error: Alert: The content of this website is copyrighted from being plagiarized! You can copy from the \'Code Blocks\' in \'Black\' by selecting the Code. Thank You!