Training Module
Training Module
Information Security Foundations II
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
Understand
Implement
Manage
Audit
Training module overview
Many organisations invest in monitoring and incident response capabilities, yet still discover incidents late, escalate inconsistently, or collect data that is not usable under pressure. The problem is rarely the absence of tools; it is a weak shared understanding of what should be detected, what constitutes a credible signal, and what “response” means in operational terms.
This full-day domain fundamentals module explains the concepts behind common detective and responsive controls and links them to ISO/IEC 27001 Annex A control themes. It is intentionally not a risk management module, does not define ISMS scope or the Statement of Applicability, and does not teach preventive control concepts (covered in Foundations I) or operational control implementation mechanics (covered in the operational control specialisation). It focuses on intent, typical design choices, dependencies, and common failure modes for detection and response.
Many organisations invest in monitoring and incident response capabilities, yet still discover incidents late, escalate inconsistently, or collect data that is not usable under pressure. The problem is rarely the absence of tools; it is a weak shared understanding of what should be detected, what constitutes a credible signal, and what “response” means in operational terms.
This full-day domain fundamentals module explains the concepts behind common detective and responsive controls and links them to ISO/IEC 27001 Annex A control themes. It is intentionally not a risk management module, does not define ISMS scope or the Statement of Applicability, and does not teach preventive control concepts (covered in Foundations I) or operational control implementation mechanics (covered in the operational control specialisation). It focuses on intent, typical design choices, dependencies, and common failure modes for detection and response.
Target audience
Information security managers and ISMS implementers who coordinate monitoring and incident readiness
IT operations / platform owners who must turn detection expectations into workable configurations and routines
Service owners accountable for availability and incident handling in their domain
Compliance and governance professionals who need to interpret control intent and implementation patterns (without re-teaching management-system methods)
Information security managers and ISMS implementers who coordinate monitoring and incident readiness
IT operations / platform owners who must turn detection expectations into workable configurations and routines
Service owners accountable for availability and incident handling in their domain
Compliance and governance professionals who need to interpret control intent and implementation patterns (without re-teaching management-system methods)
Agenda
Course ID:
HAM-ISF-2
Audience:
Auditor
Manager
Domain:
Information Security
Available in:
English
Duration:
7 h
List price:
CHF 550
Excl. VAT. VAT may apply depending on customer location and status.
What you get
Learning outcomes
Explain the intent and limits of detective controls, including the concepts of coverage, latency, and signal quality
Describe logging requirements that make detection and investigation feasible (sources, fields, timing, identity, integrity)
Distinguish monitoring from alerting and apply basic tuning logic to reduce noise and missed signals
Describe core incident response concepts (escalation, containment, evidence preservation, recovery) and typical coordination failure modes
Identify common breakdowns in detection/response controls (blind spots, alert fatigue, unclear roles, untestable recovery)
Relate detection and response concepts to ISO/IEC 27001 Annex A control themes to support coherent implementation discussions
Explain the intent and limits of detective controls, including the concepts of coverage, latency, and signal quality
Describe logging requirements that make detection and investigation feasible (sources, fields, timing, identity, integrity)
Distinguish monitoring from alerting and apply basic tuning logic to reduce noise and missed signals
Describe core incident response concepts (escalation, containment, evidence preservation, recovery) and typical coordination failure modes
Identify common breakdowns in detection/response controls (blind spots, alert fatigue, unclear roles, untestable recovery)
Relate detection and response concepts to ISO/IEC 27001 Annex A control themes to support coherent implementation discussions
Learning materials
Slide deck
Participant workbook
Certificate of completion
Slide deck
Participant workbook
Certificate of completion
Templates & tools
Detection concept map (signal → source → quality → escalation path)
Logging quality checklist (minimum fields, time sync, identity context, integrity considerations)
Alert design and tuning checklist (thresholds, baselines, severity, routing, suppression)
Incident response decision points canvas (containment vs. continuity, evidence, communications)
ISO/IEC 27001 Annex A crosswalk (concept → control theme references, indicative)
Detection concept map (signal → source → quality → escalation path)
Logging quality checklist (minimum fields, time sync, identity context, integrity considerations)
Alert design and tuning checklist (thresholds, baselines, severity, routing, suppression)
Incident response decision points canvas (containment vs. continuity, evidence, communications)
ISO/IEC 27001 Annex A crosswalk (concept → control theme references, indicative)
Prerequisites
This module assumes general professional familiarity with organisational IT and basic information security terminology. No prior ISO/IEC 27001 clause knowledge is required.
Helpful background includes:
Basic understanding of users, systems, networks, and common enterprise services
Familiarity with operational realities (incidents, outages, alerts, access, configuration changes)
Comfort reading simple technical diagrams or control descriptions
This module assumes general professional familiarity with organisational IT and basic information security terminology. No prior ISO/IEC 27001 clause knowledge is required.
Helpful background includes:
Basic understanding of users, systems, networks, and common enterprise services
Familiarity with operational realities (incidents, outages, alerts, access, configuration changes)
Comfort reading simple technical diagrams or control descriptions
Helpful preparatory modules
The modules below prepare for an optimal learning experience – but are not strictly necessary for participants to follow.
Information Security Foundations II: Detective & Responsive Controls
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
7 h
Information Security Foundations II: Detective & Responsive Controls
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
7 h
Information Security Foundations II: Detective & Responsive Controls
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
7 h
System Foundations: Context, Stakeholders, and System Boundaries
Understand organisational context, stakeholders, and system boundaries
7 h
System Foundations: Context, Stakeholders, and System Boundaries
Understand organisational context, stakeholders, and system boundaries
7 h
System Foundations: Context, Stakeholders, and System Boundaries
Understand organisational context, stakeholders, and system boundaries
7 h
Continuous learning
Follow-up modules
Follow-up modules
After completion of this module, the following modules are ideal to further deepen the participant's competence.
After completion of this module, the following modules are ideal to further deepen the participant's competence.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.