Training Module
Mechanisms of Preventive Security Controls
Core concepts in preventive controls, including access management, cryptography, secure configuration & protective design
Training module overview
This module explains how organizations prevent security incidents by reducing exposure and limiting attack opportunities before harm occurs.
Participants learn how authentication and authorization mechanisms, cryptographic safeguards, secure configuration, and protective system design work together within an integrated control architecture. The module clarifies the intent and limitations of these preventive safeguards and how they contribute to confidentiality, integrity, and availability.
Concepts are anchored in ISO/IEC 27001 Annex A. The focus is on structural understanding rather than operational implementation or tool configuration.
Applicable environments
This module applies to organisations for which information security is relevant. It supports professionals who need a solid understanding of information security-specific concepts, terminology, and context in order to effectively implement, manage, or audit related management system requirements.
Target audience
Information security managers and ISMS implementers
CIOs, CTOs, CISOs, and other technology executives
IT service, platform, and application owners
Compliance, risk, and governance professionals (ISO/IEC 27001)
Security consultants and client-facing advisors
Product, engineering, and operations leads
Decision support
Is this module for you?
It is a good fit if you…
want to understand how preventive controls reduce risk.
need clarity on the intent and limits of ISO/IEC 27001 preventive controls.
implement or assess access control, cryptography, or secure configuration.
need a shared control vocabulary across security, IT, risk, and audit.
want to apply control requirements consistently in practice.
If most of the points above apply, this module is likely a good fit.
It may not be the best fit if you…
are primarily interested in detection, response, or recovery controls.
expect tool-specific configuration or hardening training.
want a clause-by-clause Annex A walkthrough.
already design and assess preventive controls confidently.
Agenda
What prevention actually means
Identity and access management fundamentals
Access governance patterns without process overhead
Cryptography as a preventive control
Protective configuration and secure build concepts
Network and platform protection fundamentals
Information handling and loss prevention basics
Case-based workshop
Show detailed agenda...
Learning outcomes
Key outcomes
Explain the purpose and limits of preventive controls in practice
Describe identity, cryptography, and configuration controls as complementary safeguards
Interpret network, platform, and information handling controls in terms of exposure reduction
Additional capabilities
Identify structural weaknesses and dependency gaps in preventive controls
Relate preventive controls to ISO/IEC 27001 Annex A
Communicate preventive control logic across technical and governance roles
Additional benefits
Learning materials
Slide deck
Participant workbook
Templates & tools
Practical, reusable artefacts to apply the module directly to your organisation.
IAM policy, identity governance concept, and access management process
Cryptography policy and key & certificate management process
Secure configuration & baseline concept
Segmentation & boundary control concept
Information classification & handling policy
AI prompt collection for artifact adjustment
Confirmation
Certificate of completion
Module ID
HAM-IS-DF-01
Discipline
Audience
Auditor
Manager
Languages
English
Delivery
Live virtual
Duration
7 h
List price
CHF 750
Excl. VAT. VAT may apply depending on customer location and status.
Delivery & learning format
Virtual live teaching
This module is delivered live, with a strong focus on discussion, practical application, and direct interaction with the instructor.
Sessions work through realistic examples, clarify concepts in context, and apply methods directly to participants’ organisational realities.
Custom delivery options
For organisations with specific constraints or learning objectives, the module can be adapted in format or scope, including in-house delivery and contextualised case material.
For an optimal learning experience
Preparation guidance
This module is designed as part of a modular training approach. Topics are deliberately distributed across modules and are not repeated in full, in order to avoid unnecessary redundancy. Each module is self-contained and can be taken on its own. Where prior knowledge or experience is helpful, this is indicated below so you can decide whether any preparation is useful for you.
Assumed background
This module assumes general professional with organisational IT and information handling. No prior ISO/IEC 27001 clause knowledge is required.
Helpful background includes:
Basic understanding of users, systems, networks, and common enterprise tooling
Familiarity with operational realities (access requests, admin roles, configuration changes)
Comfort reading simple technical diagrams or control descriptions
