Training Module
Mechanisms of Information Security Controls
Understand how preventive, detective and corrective controls work together across access, cryptography, monitoring, incident response, backup and recovery
Overview
This module explains how information security controls work together to prevent incidents, detect suspicious activity, limit impact and restore secure operation.
Participants learn how access management, cryptography, secure configuration, logging, monitoring, incident response, backup and recovery mechanisms connect within an integrated control architecture. The module clarifies the purpose, dependencies and limits of preventive, detective and corrective safeguards, and shows how they support confidentiality, integrity and availability.
Concepts are anchored in ISO/IEC 27001 Annex A. The focus is on structural understanding and decision-ready control logic rather than operational tool configuration or a clause-by-clause walkthrough.
Applicable environments
This module applies to organisations for which information security is relevant. It supports professionals who need a solid understanding of information security-specific concepts, terminology, and context in order to effectively implement, manage, or audit related management system requirements.
Target audience
Information security managers and ISMS implementers
CIOs, CTOs, CISOs, and other technology executives
IT service, platform, and application owners
Compliance, risk, and governance professionals (ISO/IEC 27001)
Security consultants and client-facing advisors
Product, engineering, and operations leads
Decision support
Is this module for you?
Agenda
How information security controls work as a system
Preventive control logic and exposure reduction
Identity and access management fundamentals
Cryptography and information protection
Logging foundations and observability
Monitoring, alerting and detection approaches
Incident response and containment
Backup, continuity and recovery
Case-based control-chain workshop
Show detailed agenda...
Learning outcomes
Key outcomes
Explain how preventive, detective and corrective controls work together as an integrated information security control system
Describe access, cryptography, configuration, logging, monitoring, incident response, backup and recovery as complementary safeguards
Relate information security control mechanisms to ISO/IEC 27001 Annex A and to confidentiality, integrity and availability
Additional capabilities
Identify dependency gaps, visibility gaps and common failure points across information security control chains
Assess whether detection, response and recovery mechanisms meaningfully complement preventive safeguards
Communicate control logic and control limitations across technical, governance, risk and audit roles
Select proportionate questions and evidence targets when reviewing information security controls
Materials
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
IAM policy, identity governance concept and access management process
Cryptography policy and key and certificate management process
Secure configuration and baseline concept
Logging and monitoring policy and process
Incident management process
Backup and recovery policy and process
Information classification and handling policy
AI prompt collection for artifact adjustment
Confirmation
Certificate of completion
Module ID
HAM-IS-DF-01
Discipline
Public delivery
Live virtual
Duration
16 h
List price
CHF 1,450
Excl. VAT. VAT may apply depending on customer location and status.
Delivery
Live virtual delivery
This module is delivered live online and combines conceptual framing, discussion, case work and direct interaction with the instructor.
A public cohort is currently not scheduled. If you register your interest, we will notify you when a new public cohort is scheduled or suitable delivery options become available.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
For an optimal learning experience
Prerequisites & preparation
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
This module assumes general professional familiarity with organisational IT and basic information security terminology. No prior ISO/IEC 27001 clause knowledge is required.
Helpful background includes:
Basic understanding of users, systems, networks and common enterprise services; familiarity with operational realities such as access requests, incidents, alerts, outages and configuration changes; and comfort reading simple technical diagrams or control descriptions.
