Training Module
Information Security Fundamentals II
Understand the core concepts behind detective and corrective controls, including logging and monitoring, incident response, backup, and recovery
Training Module
Information Security Fundamentals II
Understand the core concepts behind detective and corrective controls, including logging and monitoring, incident response, backup, and recovery
Training Module
Information Security Fundamentals II
Understand the core concepts behind detective and corrective controls, including logging and monitoring, incident response, backup, and recovery
Can you clearly explain how detection, response, and recovery controls work together?
Develop a structured understanding of monitoring, incident response, backup, and disaster recovery within an integrated control system.
Can you clearly explain how detection, response, and recovery controls work together?
Develop a structured understanding of monitoring, incident response, backup, and disaster recovery within an integrated control system.
Can you clearly explain how detection, response, and recovery controls work together?
Develop a structured understanding of monitoring, incident response, backup, and disaster recovery within an integrated control system.
Training module overview
Training module overview
Training module overview
This module explains how organizations detect security incidents, limit their impact, and restore systems and data to a secure state.
Participants learn how monitoring, alerting, incident response, backup, and disaster recovery mechanisms work together within an integrated control system. The module clarifies the role and limitations of these safeguards and how they complement preventive controls introduced in the Information Security Fundamentals I module.
Concepts are anchored in ISO/IEC 27001 Annex A. The focus is on structural understanding rather than operational tooling.
This module explains how organizations detect security incidents, limit their impact, and restore systems and data to a secure state.
Participants learn how monitoring, alerting, incident response, backup, and disaster recovery mechanisms work together within an integrated control system. The module clarifies the role and limitations of these safeguards and how they complement preventive controls introduced in the Information Security Fundamentals I module.
Concepts are anchored in ISO/IEC 27001 Annex A. The focus is on structural understanding rather than operational tooling.
Applicable environments
This module applies to organisations for which information security is relevant. It supports professionals who need a solid understanding of information security-specific concepts, terminology, and context in order to effectively implement, manage, or audit related management system requirements.
Target audience
Target audience
Target audience
Information security managers and ISMS implementers
CIOs, CTOs, CISOs, and other technology executives
IT service, platform, and application owners
Compliance, risk, and governance professionals (ISO/IEC 27001)
Security consultants and client-facing advisors
Product, engineering, and operations leads
Information security managers and ISMS implementers
CIOs, CTOs, CISOs, and other technology executives
IT service, platform, and application owners
Compliance, risk, and governance professionals (ISO/IEC 27001)
Security consultants and client-facing advisors
Product, engineering, and operations leads
Decision support
Is this module for you?
It is a good fit if you…
want to understand what detection, response, and recovery mean conceptually.
need clarity on what should be observable, measurable, and actionable in a security context.
struggle to assess whether monitoring and response capabilities are coherent.
want shared terminology across technical, governance, and advisory roles.
need to judge whether detection and recovery mechanisms are meaningful or merely formal.
want to understand what detection, response, and recovery mean conceptually.
need clarity on what should be observable, measurable, and actionable in a security context.
struggle to assess whether monitoring and response capabilities are coherent.
want shared terminology across technical, governance, and advisory roles.
need to judge whether detection and recovery mechanisms are meaningful or merely formal.
If most of the points above apply, this module is likely a good fit.
It may not be the best fit if you…
are primarily looking for preventive controls rather than detection and recovery.
expect tool configuration training (e.g., SIEM setup or hands-on log analysis).
want a detailed incident response or crisis management playbook.
already have a clear, shared conceptual understanding of detection and recovery controls.
are primarily looking for preventive controls rather than detection and recovery.
expect tool configuration training (e.g., SIEM setup or hands-on log analysis).
want a detailed incident response or crisis management playbook.
already have a clear, shared conceptual understanding of detection and recovery controls.
Agenda
Agenda
Agenda
Detective and corrective controls: purpose and limits
Logging foundations
Monitoring and alerting
Detection approaches and their constraints
Incident management fundamentals
Containment, continuity, and recovery
Case-based workshop
Show detailed agenda...
Detective and corrective controls: purpose and limits
Logging foundations
Monitoring and alerting
Detection approaches and their constraints
Incident management fundamentals
Containment, continuity, and recovery
Case-based workshop
Show detailed agenda...
Detective and corrective controls: purpose and limits
Logging foundations
Monitoring and alerting
Detection approaches and their constraints
Incident management fundamentals
Containment, continuity, and recovery
Case-based workshop
Show detailed agenda...
Learning outcomes
Learning outcomes
Learning outcomes
Key outcomes
Explain the purpose, structure, and limits of detective and corrective controls
Distinguish logging, monitoring, alerting, escalation, and incident management as separate control functions
Describe containment and recovery concepts and their role in restoring secure operations
Explain the purpose, structure, and limits of detective and corrective controls
Distinguish logging, monitoring, alerting, escalation, and incident management as separate control functions
Describe containment and recovery concepts and their role in restoring secure operations
Additional capabilities
Identify structural gaps and common failure points in detection and response chains
Relate detective and corrective controls to ISO/IEC 27001 Annex A
Assess whether detection and recovery mechanisms are coherent or merely formal
Communicate detection and recovery requirements to technical and non-technical stakeholders
Identify structural gaps and common failure points in detection and response chains
Relate detective and corrective controls to ISO/IEC 27001 Annex A
Assess whether detection and recovery mechanisms are coherent or merely formal
Communicate detection and recovery requirements to technical and non-technical stakeholders
Additional benefits
Additional benefits
Additional benefits
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
Incident management policy and process
Logging & monitoring policy and process
Backup policy and process
BCM concept
Incident management policy and process
Logging & monitoring policy and process
Backup policy and process
BCM concept
Confirmation
Certificate of completion
Module ID
HAM-IS-DF-02
Domain
Audience
Auditor
Manager
Language
English
Delivery
Live virtual
Duration
7 h
List price
CHF 750
Excl. VAT. VAT may apply depending on customer location and status.
Delivery & learning format
Delivery & learning format
Delivery & learning format
Virtual live teaching
This module is delivered live, with a strong focus on discussion, practical application, and direct interaction with the instructor.
Sessions work through realistic examples, clarify concepts in context, and apply methods directly to participants’ organisational realities.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
Not sure if this module is right for you?
Not sure if this module is right for you?
Not sure if this module is right for you?
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
This module assumes general familiarity with organisational IT and basic information security terminology. No prior ISO/IEC 27001 clause knowledge is required.
Helpful background includes:
Basic understanding of users, systems, networks, and common enterprise services
Familiarity with operational realities (incidents, outages, alerts, access, configuration changes)
Comfort reading simple technical diagrams or control descriptions
This module assumes general familiarity with organisational IT and basic information security terminology. No prior ISO/IEC 27001 clause knowledge is required.
Helpful background includes:
Basic understanding of users, systems, networks, and common enterprise services
Familiarity with operational realities (incidents, outages, alerts, access, configuration changes)
Comfort reading simple technical diagrams or control descriptions
Preparatory modules
Supporting modules (optional)
Helpful if you want to deepen related skills, but not required to participate effectively.
Information Security Fundamentals II
Understand the core concepts behind detective and corrective controls, including logging and monitoring, incident response, backup, and recovery
7 h
Information Security Fundamentals II
Understand the core concepts behind detective and corrective controls, including logging and monitoring, incident response, backup, and recovery
7 h
Information Security Fundamentals II
Understand the core concepts behind detective and corrective controls, including logging and monitoring, incident response, backup, and recovery
7 h
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
After completion of this module, the following modules are ideal to further deepen your competence. If you are looking for a structured learning path, modules can also be taken as part of a professional track.
Information Security Fundamentals I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
Duration
7 h
List price
CHF 750
View module
Information Security Fundamentals I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
Duration
7 h
List price
CHF 750
View module
Information Security Fundamentals I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
Duration
7 h
List price
CHF 750
View module
Operational Control in Information Security
Understand operational planning, controlled change, and day-to-day control operation in an ISO/IEC 27001 ISMS
Duration
7 h
List price
CHF 550
View module
Operational Control in Information Security
Understand operational planning, controlled change, and day-to-day control operation in an ISO/IEC 27001 ISMS
Duration
7 h
List price
CHF 550
View module
Operational Control in Information Security
Understand operational planning, controlled change, and day-to-day control operation in an ISO/IEC 27001 ISMS
Duration
7 h
List price
CHF 550
View module
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
Duration
7 h
List price
CHF 550
View module
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
Duration
7 h
List price
CHF 550
View module
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
Duration
7 h
List price
CHF 550
View module
ISMS Scope, Boundaries & Statement of Applicability
Understand how to define an ISO/IEC 27001 ISMS scope and boundaries and document a Statement of Applicability (SoA)
Duration
7 h
List price
CHF 550
View module
ISMS Scope, Boundaries & Statement of Applicability
Understand how to define an ISO/IEC 27001 ISMS scope and boundaries and document a Statement of Applicability (SoA)
Duration
7 h
List price
CHF 550
View module
ISMS Scope, Boundaries & Statement of Applicability
Understand how to define an ISO/IEC 27001 ISMS scope and boundaries and document a Statement of Applicability (SoA)
Duration
7 h
List price
CHF 550
View module
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.