Training Module
Information Security Fundamentals I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
Training Module
Information Security Fundamentals I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
Training Module
Information Security Fundamentals I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
How do preventive controls actually prevent incidents?
Understand the core concepts behind access management, cryptography, secure configuration, and protective design within an integrated control system.
How do preventive controls actually prevent incidents?
Understand the core concepts behind access management, cryptography, secure configuration, and protective design within an integrated control system.
How do preventive controls actually prevent incidents?
Understand the core concepts behind access management, cryptography, secure configuration, and protective design within an integrated control system.
Training module overview
Training module overview
Training module overview
This module explains how organizations prevent security incidents by reducing exposure and limiting attack opportunities before harm occurs.
Participants learn how authentication and authorization mechanisms, cryptographic safeguards, secure configuration, and protective system design work together within an integrated control architecture. The module clarifies the intent and limitations of these preventive safeguards and how they contribute to confidentiality, integrity, and availability.
Concepts are anchored in ISO/IEC 27001 Annex A. The focus is on structural understanding rather than operational implementation or tool configuration.
This module explains how organizations prevent security incidents by reducing exposure and limiting attack opportunities before harm occurs.
Participants learn how authentication and authorization mechanisms, cryptographic safeguards, secure configuration, and protective system design work together within an integrated control architecture. The module clarifies the intent and limitations of these preventive safeguards and how they contribute to confidentiality, integrity, and availability.
Concepts are anchored in ISO/IEC 27001 Annex A. The focus is on structural understanding rather than operational implementation or tool configuration.
Applicable environments
This module applies to organisations for which information security is relevant. It supports professionals who need a solid understanding of information security-specific concepts, terminology, and context in order to effectively implement, manage, or audit related management system requirements.
Target audience
Target audience
Target audience
Information security managers and ISMS implementers
CIOs, CTOs, CISOs, and other technology executives
IT service, platform, and application owners
Compliance, risk, and governance professionals (ISO/IEC 27001)
Security consultants and client-facing advisors
Product, engineering, and operations leads
Information security managers and ISMS implementers
CIOs, CTOs, CISOs, and other technology executives
IT service, platform, and application owners
Compliance, risk, and governance professionals (ISO/IEC 27001)
Security consultants and client-facing advisors
Product, engineering, and operations leads
Decision support
Is this module for you?
It is a good fit if you…
want to understand how preventive controls reduce risk.
need clarity on the intent and limits of ISO/IEC 27001 preventive controls.
implement or assess access control, cryptography, or secure configuration.
need a shared control vocabulary across security, IT, risk, and audit.
want to apply control requirements consistently in practice.
want to understand how preventive controls reduce risk.
need clarity on the intent and limits of ISO/IEC 27001 preventive controls.
implement or assess access control, cryptography, or secure configuration.
need a shared control vocabulary across security, IT, risk, and audit.
want to apply control requirements consistently in practice.
If most of the points above apply, this module is likely a good fit.
It may not be the best fit if you…
are primarily interested in detection, response, or recovery controls.
expect tool-specific configuration or hardening training.
want a clause-by-clause Annex A walkthrough.
already design and assess preventive controls confidently.
are primarily interested in detection, response, or recovery controls.
expect tool-specific configuration or hardening training.
want a clause-by-clause Annex A walkthrough.
already design and assess preventive controls confidently.
Agenda
Agenda
Agenda
What prevention actually means
Identity and access management fundamentals
Access governance patterns without process overhead
Cryptography as a preventive control
Protective configuration and secure build concepts
Network and platform protection fundamentals
Information handling and loss prevention basics
Case-based workshop
Show detailed agenda...
What prevention actually means
Identity and access management fundamentals
Access governance patterns without process overhead
Cryptography as a preventive control
Protective configuration and secure build concepts
Network and platform protection fundamentals
Information handling and loss prevention basics
Case-based workshop
Show detailed agenda...
What prevention actually means
Identity and access management fundamentals
Access governance patterns without process overhead
Cryptography as a preventive control
Protective configuration and secure build concepts
Network and platform protection fundamentals
Information handling and loss prevention basics
Case-based workshop
Show detailed agenda...
Learning outcomes
Learning outcomes
Learning outcomes
Key outcomes
Explain the purpose and limits of preventive controls in practice
Describe identity, cryptography, and configuration controls as complementary safeguards
Interpret network, platform, and information handling controls in terms of exposure reduction
Explain the purpose and limits of preventive controls in practice
Describe identity, cryptography, and configuration controls as complementary safeguards
Interpret network, platform, and information handling controls in terms of exposure reduction
Additional capabilities
Identify structural weaknesses and dependency gaps in preventive controls
Relate preventive controls to ISO/IEC 27001 Annex A
Communicate preventive control logic across technical and governance roles
Identify structural weaknesses and dependency gaps in preventive controls
Relate preventive controls to ISO/IEC 27001 Annex A
Communicate preventive control logic across technical and governance roles
Additional benefits
Additional benefits
Additional benefits
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
IAM policy, identity governance concept, and access management process
Cryptography policy and key & certificate management process
Secure configuration & baseline concept
Segmentation & boundary control concept
Information classification & handling policy
AI prompt collection for artifact adjustment
IAM policy, identity governance concept, and access management process
Cryptography policy and key & certificate management process
Secure configuration & baseline concept
Segmentation & boundary control concept
Information classification & handling policy
AI prompt collection for artifact adjustment
Confirmation
Certificate of completion
Module ID
HAM-IS-DF-01
Domain
Audience
Auditor
Manager
Language
English
Delivery
Live virtual
Duration
7 h
List price
CHF 750
Excl. VAT. VAT may apply depending on customer location and status.
Delivery & learning format
Delivery & learning format
Delivery & learning format
Virtual live teaching
This module is delivered live, with a strong focus on discussion, practical application, and direct interaction with the instructor.
Sessions work through realistic examples, clarify concepts in context, and apply methods directly to participants’ organisational realities.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
Not sure if this module is right for you?
Not sure if this module is right for you?
Not sure if this module is right for you?
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
This module assumes general professional with organisational IT and information handling. No prior ISO/IEC 27001 clause knowledge is required.
Helpful background includes:
Basic understanding of users, systems, networks, and common enterprise tooling
Familiarity with operational realities (access requests, admin roles, configuration changes)
Comfort reading simple technical diagrams or control descriptions
This module assumes general professional with organisational IT and information handling. No prior ISO/IEC 27001 clause knowledge is required.
Helpful background includes:
Basic understanding of users, systems, networks, and common enterprise tooling
Familiarity with operational realities (access requests, admin roles, configuration changes)
Comfort reading simple technical diagrams or control descriptions
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
Continuous learning
Follow-up modules
After completion of this module, the following modules are ideal to further deepen your competence. If you are looking for a structured learning path, modules can also be taken as part of a professional track.
Information Security Fundamentals II
Understand the core concepts behind detective and corrective controls, including logging and monitoring, incident response, backup, and recovery
Duration
7 h
List price
CHF 750
View module
Information Security Fundamentals II
Understand the core concepts behind detective and corrective controls, including logging and monitoring, incident response, backup, and recovery
Duration
7 h
List price
CHF 750
View module
Information Security Fundamentals II
Understand the core concepts behind detective and corrective controls, including logging and monitoring, incident response, backup, and recovery
Duration
7 h
List price
CHF 750
View module
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
Duration
7 h
List price
CHF 550
View module
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
Duration
7 h
List price
CHF 550
View module
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
Duration
7 h
List price
CHF 550
View module
ISMS Scope, Boundaries & Statement of Applicability
Understand how to define an ISO/IEC 27001 ISMS scope and boundaries and document a Statement of Applicability (SoA)
Duration
7 h
List price
CHF 550
View module
ISMS Scope, Boundaries & Statement of Applicability
Understand how to define an ISO/IEC 27001 ISMS scope and boundaries and document a Statement of Applicability (SoA)
Duration
7 h
List price
CHF 550
View module
ISMS Scope, Boundaries & Statement of Applicability
Understand how to define an ISO/IEC 27001 ISMS scope and boundaries and document a Statement of Applicability (SoA)
Duration
7 h
List price
CHF 550
View module
Operational Control in Information Security
Understand operational planning, controlled change, and day-to-day control operation in an ISO/IEC 27001 ISMS
Duration
7 h
List price
CHF 550
View module
Operational Control in Information Security
Understand operational planning, controlled change, and day-to-day control operation in an ISO/IEC 27001 ISMS
Duration
7 h
List price
CHF 550
View module
Operational Control in Information Security
Understand operational planning, controlled change, and day-to-day control operation in an ISO/IEC 27001 ISMS
Duration
7 h
List price
CHF 550
View module
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.
Ready to improve your management systems?
We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.