Professional Track
Professional Track
Information Security Manager
Develop the capability to design, operate and continuously improve an Information Security Management System aligned with ISO/IEC 27001.
Manager
Information Security
ISO/IEC 27001
Make information security part of everyday management
Make information security part of everyday management
By embedding risk-based thinking, governance and operational controls into normal management processes, this track shows how an ISMS remains effective, usable and resilient over time.
By embedding risk-based thinking, governance and operational controls into normal management processes, this track shows how an ISMS remains effective, usable and resilient over time.
By embedding risk-based thinking, governance and operational controls into normal management processes, this track shows how an ISMS remains effective, usable and resilient over time.
Overview
The Information Security Manager Track is designed for professionals who are responsible for establishing and running an Information Security Management System (ISMS) in their organisation. Rather than focusing only on “implementation projects”, this programme covers the full lifecycle: from understanding context and risk through to day-to-day operation, performance evaluation and continual improvement.
The track combines cross-standard management system modules with information-security-specific content. You learn how to interpret ISO/IEC 27001 requirements in a pragmatic way, how to translate risk assessments into operational controls, how to coordinate stakeholders and providers, and how to ensure the ISMS remains effective under change.
The modules are structured so they can be taken over several months. Most are shared with other Halderstone manager tracks, which makes it easy to add further specialisations later (for example in quality or environmental management) without repeating content. A final assessment consolidates the learning in a realistic ISMS scenario and leads to a Halderstone diploma and an information security specialisation certificate.
The Information Security Manager Track is designed for professionals who are responsible for establishing and running an Information Security Management System (ISMS) in their organisation. Rather than focusing only on “implementation projects”, this programme covers the full lifecycle: from understanding context and risk through to day-to-day operation, performance evaluation and continual improvement.
The track combines cross-standard management system modules with information-security-specific content. You learn how to interpret ISO/IEC 27001 requirements in a pragmatic way, how to translate risk assessments into operational controls, how to coordinate stakeholders and providers, and how to ensure the ISMS remains effective under change.
The modules are structured so they can be taken over several months. Most are shared with other Halderstone manager tracks, which makes it easy to add further specialisations later (for example in quality or environmental management) without repeating content. A final assessment consolidates the learning in a realistic ISMS scenario and leads to a Halderstone diploma and an information security specialisation certificate.
Learning outcomes
After completing this track, participants will be able to:
Explain the role of an ISMS and its integration into the wider management system of the organisation.
Analyse organisational context, stakeholders and scope for information security purposes.
Design and maintain an ISO/IEC 27001-aligned governance, policy and role framework.
Establish a consistent, standard-aligned risk management approach and apply it to information security risks.
Translate risk treatment decisions into practical, controlled operational processes and Annex A controls.
Build and maintain a usable documentation and knowledge backbone for the ISMS.
Set up monitoring and measurement to generate reliable information security performance data.
Evaluate ISMS performance, feed results into management review and drive targeted improvements.
Coordinate internal and external stakeholders (including suppliers) involved in information security.
After completing this track, participants will be able to:
Explain the role of an ISMS and its integration into the wider management system of the organisation.
Analyse organisational context, stakeholders and scope for information security purposes.
Design and maintain an ISO/IEC 27001-aligned governance, policy and role framework.
Establish a consistent, standard-aligned risk management approach and apply it to information security risks.
Translate risk treatment decisions into practical, controlled operational processes and Annex A controls.
Build and maintain a usable documentation and knowledge backbone for the ISMS.
Set up monitoring and measurement to generate reliable information security performance data.
Evaluate ISMS performance, feed results into management review and drive targeted improvements.
Coordinate internal and external stakeholders (including suppliers) involved in information security.
Modular architecture
Two credentials with one track
Halderstone Professional Diploma in Management Systems
The Halderstone Professional Diploma in Management Systems certifies a solid, cross-domain foundation in designing, operating and improving management systems. It focuses on the common principles that apply across standards such as ISO 9001, ISO 14001, ISO/IEC 27001, ISO 22301 and ISO/IEC 42001.
The diploma demonstrates that you can analyse organisational context, establish governance and roles, apply risk-based thinking, define objectives and controls, evaluate performance and drive continual improvement. It confirms your ability to manage systems as living organisational capabilities, not as isolated compliance initiatives.
This core diploma is shared across all Halderstone Manager tracks and forms the basis for adding further domain specialisations efficiently.
The Halderstone Professional Diploma in Management Systems certifies a solid, cross-domain foundation in designing, operating and improving management systems. It focuses on the common principles that apply across standards such as ISO 9001, ISO 14001, ISO/IEC 27001, ISO 22301 and ISO/IEC 42001.
The diploma demonstrates that you can analyse organisational context, establish governance and roles, apply risk-based thinking, define objectives and controls, evaluate performance and drive continual improvement. It confirms your ability to manage systems as living organisational capabilities, not as isolated compliance initiatives.
This core diploma is shared across all Halderstone Manager tracks and forms the basis for adding further domain specialisations efficiently.
Halderstone Specialist Certificate in Information Security Management
The specialisation in Information Security Management focuses on applying the generic management system concepts specifically to information security. It covers the application of risk management to information assets, threats and vulnerabilities, the design of Annex A-aligned controls, and the integration of security activities into everyday IT and business processes.
Through the specialisation modules, you learn how to operationalise security requirements in areas such as identity and access management, monitoring and logging, incident handling and supplier relationships. The aim is to move beyond policy writing and implement a living ISMS that works under real-world resource and change constraints.
The specialisation in Information Security Management focuses on applying the generic management system concepts specifically to information security. It covers the application of risk management to information assets, threats and vulnerabilities, the design of Annex A-aligned controls, and the integration of security activities into everyday IT and business processes.
Through the specialisation modules, you learn how to operationalise security requirements in areas such as identity and access management, monitoring and logging, incident handling and supplier relationships. The aim is to move beyond policy writing and implement a living ISMS that works under real-world resource and change constraints.
Modular architecture
Module recognition across tracks
Previously completed modules are recognized, avoiding duplication when pursuing additional Halderstone tracks.
Core Modules
Specialization Modules
Capstone Project
Final Exam
Core Modules
Specialization Modules
Capstone Project
Final Exam
Core Modules
Specialization Modules
Capstone Project
Final Exam
Most modules in this track are shared with other Halderstone manager tracks (for example Quality Manager or Integrated Management System Manager). This means your learning and attendance are recognised across multiple programmes.
If you later decide to extend your profile, you can earn additional credentials – for example in quality or environmental management – by completing only the corresponding specialisation modules, without repeating the common core. This allows you to build an integrated competence profile step by step with limited additional effort.
Track composition
Track composition
Track composition
Full curriculum
Core modules
Shared foundations common to all tracks
System Foundations
Understand organisational context, stakeholders, and system boundaries
7 h
System Foundations
Understand organisational context, stakeholders, and system boundaries
7 h
System Foundations
Understand organisational context, stakeholders, and system boundaries
7 h
Leadership & Policy Foundations
Understand leadership responsibilities in management systems and how top management sets clear policy direction and accountability
7 h
Leadership & Policy Foundations
Understand leadership responsibilities in management systems and how top management sets clear policy direction and accountability
7 h
Leadership & Policy Foundations
Understand leadership responsibilities in management systems and how top management sets clear policy direction and accountability
7 h
Policy Management
Build a coherent, auditable policy framework that aligns with strategy, scales across entities, and stays current without bureaucracy.
7 h
Policy Management
Build a coherent, auditable policy framework that aligns with strategy, scales across entities, and stays current without bureaucracy.
7 h
Policy Management
Build a coherent, auditable policy framework that aligns with strategy, scales across entities, and stays current without bureaucracy.
7 h
Governance Foundations
Learn the fundamentals of role design, decision rights, governance mechanisms, and escalation paths in management systems
7 h
Governance Foundations
Learn the fundamentals of role design, decision rights, governance mechanisms, and escalation paths in management systems
7 h
Governance Foundations
Learn the fundamentals of role design, decision rights, governance mechanisms, and escalation paths in management systems
7 h
Resource Management Foundations
Learn the fundamentals of resourcing management systems across people, time, budget, infrastructure, and external support
7 h
Resource Management Foundations
Learn the fundamentals of resourcing management systems across people, time, budget, infrastructure, and external support
7 h
Resource Management Foundations
Learn the fundamentals of resourcing management systems across people, time, budget, infrastructure, and external support
7 h
Documentation & Knowledge Foundations
Fundamentals of documented information control, records, and knowledge capture for management systems
7 h
Documentation & Knowledge Foundations
Fundamentals of documented information control, records, and knowledge capture for management systems
7 h
Documentation & Knowledge Foundations
Fundamentals of documented information control, records, and knowledge capture for management systems
7 h
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
7 h
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
7 h
Risk Management Foundations
Learn the fundamentals of identifying, evaluating, treating, and monitoring risks and opportunities across management systems.
7 h
Objectives & Performance Foundations
Learn the fundamentals of objective setting, KPI definition, and KPI governance for management systems
7 h
Objectives & Performance Foundations
Learn the fundamentals of objective setting, KPI definition, and KPI governance for management systems
7 h
Objectives & Performance Foundations
Learn the fundamentals of objective setting, KPI definition, and KPI governance for management systems
7 h
Process Design Foundations
Learn the fundamentals of defining process boundaries, mapping flows and handovers, and embedding controls and required evidence into usable process documentation
7 h
Process Design Foundations
Learn the fundamentals of defining process boundaries, mapping flows and handovers, and embedding controls and required evidence into usable process documentation
7 h
Process Design Foundations
Learn the fundamentals of defining process boundaries, mapping flows and handovers, and embedding controls and required evidence into usable process documentation
7 h
People & Communication Foundations
Learn the fundamentals of competence planning, awareness building, and structured communication in management systems
7 h
People & Communication Foundations
Learn the fundamentals of competence planning, awareness building, and structured communication in management systems
7 h
People & Communication Foundations
Learn the fundamentals of competence planning, awareness building, and structured communication in management systems
7 h
Operational Control Foundations
Learn the fundamentals of designing and running controlled operational processes with clear roles, controls, records, and change handling.
7 h
Operational Control Foundations
Learn the fundamentals of designing and running controlled operational processes with clear roles, controls, records, and change handling.
7 h
Operational Control Foundations
Learn the fundamentals of designing and running controlled operational processes with clear roles, controls, records, and change handling.
7 h
Supplier Management Foundations
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
7 h
Supplier Management Foundations
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
7 h
Supplier Management Foundations
Learn the fundamentals of selecting, qualifying, and controlling suppliers and outsourced processes across their lifecycle
7 h
Monitoring & Measurement Foundations
Learn the fundamentals of measurement methods, data quality checks, and measurement registers for consistent performance data.
7 h
Monitoring & Measurement Foundations
Learn the fundamentals of measurement methods, data quality checks, and measurement registers for consistent performance data.
7 h
Monitoring & Measurement Foundations
Learn the fundamentals of measurement methods, data quality checks, and measurement registers for consistent performance data.
7 h
Performance Evaluation Foundations
Learn the fundamentals of analysing performance results, interpreting trends and deviations, and summarising evaluation outputs for management decisions
7 h
Performance Evaluation Foundations
Learn the fundamentals of analysing performance results, interpreting trends and deviations, and summarising evaluation outputs for management decisions
7 h
Performance Evaluation Foundations
Learn the fundamentals of analysing performance results, interpreting trends and deviations, and summarising evaluation outputs for management decisions
7 h
Internal Audit Foundations
Understand the purpose of internal audits, role responsibilities, independence expectations, and how audit results are used in governance and improvement
7 h
Internal Audit Foundations
Understand the purpose of internal audits, role responsibilities, independence expectations, and how audit results are used in governance and improvement
7 h
Internal Audit Foundations
Understand the purpose of internal audits, role responsibilities, independence expectations, and how audit results are used in governance and improvement
7 h
Management Review Foundations
Learn the fundamentals of planning, conducting, and documenting management reviews using integrated inputs and decision-focused outputs
7 h
Management Review Foundations
Learn the fundamentals of planning, conducting, and documenting management reviews using integrated inputs and decision-focused outputs
7 h
Management Review Foundations
Learn the fundamentals of planning, conducting, and documenting management reviews using integrated inputs and decision-focused outputs
7 h
Improvement Management
Understand corrective actions, root cause analysis, action tracking, and effectiveness verification in management systems
7 h
Improvement Management
Understand corrective actions, root cause analysis, action tracking, and effectiveness verification in management systems
7 h
Improvement Management
Understand corrective actions, root cause analysis, action tracking, and effectiveness verification in management systems
7 h
Specialization modules
Role-specific modules that deepen your expertise in Information Security Management
Information Security Foundations I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
7 h
Information Security Foundations I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
7 h
Information Security Foundations I
Understand the core concepts behind preventive controls, including access management, cryptography, secure configuration, and protective design
7 h
Information Security Foundations II
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
7 h
Information Security Foundations II
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
7 h
Information Security Foundations II
Understand the fundamentals of detection, logging, monitoring, alerting, and responsive control concepts in information security
7 h
ISMS Scope, Boundaries & Statement of Applicability
Understand how to define an ISO/IEC 27001 ISMS scope and boundaries and document a Statement of Applicability
7 h
ISMS Scope, Boundaries & Statement of Applicability
Understand how to define an ISO/IEC 27001 ISMS scope and boundaries and document a Statement of Applicability
7 h
ISMS Scope, Boundaries & Statement of Applicability
Understand how to define an ISO/IEC 27001 ISMS scope and boundaries and document a Statement of Applicability
7 h
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
7 h
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
7 h
Information Security Risk Management
Understand ISO/IEC 27001 requirements for information security risk assessment, risk treatment, and traceable risk decisions
7 h
Operational Control in Information Security
Understand operational planning, controlled change, and day-to-day control operation in an ISO/IEC 27001 ISMS
7 h
Operational Control in Information Security
Understand operational planning, controlled change, and day-to-day control operation in an ISO/IEC 27001 ISMS
7 h
Operational Control in Information Security
Understand operational planning, controlled change, and day-to-day control operation in an ISO/IEC 27001 ISMS
7 h
Capstone project and final exam
Practical and theoretical demonstration of your acquired competence in Information Security Management
The track concludes with a combined assessment consisting of:
a written examination covering the key concepts of management systems and information security management, and
a capstone project in which participants design or improve an ISMS for a chosen organisation or scenario (including context, risk approach, governance, controls and performance evaluation).
The assessment is designed to test not only knowledge of ISO/IEC 27001 requirements, but also the ability to apply them in a pragmatic, organisation-specific way. Successful participants receive the Halderstone Professional Diploma in Management Systems Management and the Halderstone Specialist Certificate in Information Security Management.
Continuous learning
Other tracks
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.
Ready to achieve mastery?
Bring ISO requirements into everyday practice to reduce avoidable issues and strengthen the trust of your customers and stakeholders.