ISO/IEC 27035 Lead Incident Manager

ISO/IEC 27035 Lead Incident Manager training enables you to acquire the necessary expertise to support an organization in implementing an Information Security Incident Management plan based on ISO/IEC 27035. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an organizational incident management plan. The compatibility of this training course with ISO/IEC 27035 also supports the ISO/IEC 27001 by providing guidance for Information Security Incident Management.

After mastering all the necessary concepts of Information Security Incident Management, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27035 Lead Incident Manager” credential. By holding a PECB Lead Incident Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing Information Security Incidents.

Course objectives:

  • Master the concepts, approaches, methods, tools and techniques that enable an effective Information Security Incident Management according to ISO/IEC 27035
  • Acknowledge the correlation between ISO/IEC 27035 and other standards and regulatory frameworks
  • Acquire the expertise to support an organization to effectively implement, manage and maintain an Information Security Incident Response plan
  • Acquire the competence to effectively advise organizations on the best practices of Information Security Incident Management
  • Understand the importance of establishing well-structured procedures and policies for Incident Management processes
  • Develop the expertise to manage an effective Incident Response Team

Audience:

  • Information Security Incident managers
  • IT Managers
  • IT Auditors
  • Managers seeking to establish an Incident Response Team (IRT)
  • Managers seeking to learn more about operating effective IRTs
  • Information Security risk managers
  • IT system administration professionals
  • IT network administration professionals
  • Members of Incident Response Teams
  • Individuals responsible for Information Security within an organization

Prerequisites:

A fundamental understanding of ISO/IEC 27035 and comprehensive knowledge of Information Security.
 
 

Day 1 – Introduction to Information Security Incident Management Concepts and ISO/IEC 27035

The course begins with an introduction to the foundational concepts of information security incident management, as recommended by ISO/IEC 27035. Participants explore the purpose and structure of the standard, overviewing key terms, principles and how incident management fits within broader information security frameworks. The session also covers how incident management links to organisational context, business continuity and ethical considerations, setting the stage for subsequent planning and implementation discussions.

Day 2 – Designing and Preparing an Information Security Incident Management Plan

On the second day, the focus shifts to designing and preparing an incident management plan tailored to organisational needs. Participants examine how to initiate management processes, clarify objectives, identify stakeholders, define roles and functions, and establish policies and procedures. Emphasis is placed on building a structured and documented plan that supports both readiness and response.

Day 3 – Enacting the Incident Management Process

This day is dedicated to the practical implementation of the incident management process. Topics include communication planning, first implementation steps, support item setup, incident detection and reporting, assessment and decision-making, response actions, lessons learned and transitioning to ongoing operations. Participants learn how to manage incidents methodically from initial detection through response and documentation.

Day 4 – Monitoring, Measuring and Improving Incident Management

Day four covers monitoring, measuring and improving incident management activities to ensure sustained effectiveness. Participants explore techniques for tracking performance, developing metrics and performance indicators, conducting management reviews, proposing corrective and preventive actions, and embedding continual improvement programs. The importance of structured review and ongoing enhancement is emphasised.

Day 5 – Certification Exam

The final day is dedicated to the certification examination. Participants complete the exam in accordance with the certification body’s procedures, demonstrating their understanding of the principles, processes and practical competencies covered throughout the training.

After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential. For more information about ISO/IEC 27001 certifications and the PECB certification process, please refer to the Certification Rules and Policies.

Exam

The exam is will take place at the end of the course on onsite classroom courses

For Virtual courses we will send out a voucher that gives you access to an online exam. This can be booked and taken home monitored by a proctor via camera. More information about the exam rules will be send fromPECB.

Test details:

  • The exam duration is three (3) hours. Non-native speakers receive an additional half an hour.
  • The exam contains essay type questions. 

As the exam is an Multiple Choice, candidates are authorized to use:

  • A copy of the ISO 27035 Standard
  • Course notes from the Participant Handout;
  • Any personal notes made by the student during the course; and
  • A hard copy dictionary

Examination rules and policies

RECEIVE YOUR EXAM RESULTS

Results will be communicated by email in a period of 6 to 8 weeks, after taking the exam. The results will not include the exact grade of the candidate, only a mention of pass or fail.

Candidates who successfully complete the examination will be able to apply for a certified scheme which is explained in the course description.

In the case of a failure, the results will be accompanied with the list of domains in which the candidate had failed to provide guidance for exams’ retake preparation.

Candidates, who disagree with the exam results, may file a complaint by writing to examination@pecb.com or through PECB ticketing system.

EXAM RETAKE POLICY

There is no limit on the number of times a candidate may retake an exam. However, there are some limitations in terms of allowed time-frame in between exam retakes, such as:

  • Students, who have completed the full training but failed the written exam, are eligible to retake the exam once for free within a 12 month period from the initial date of the exam.
  • If a candidate does not pass the exam on the second attempt, he/she must wait 3 months (from the initial date of the exam) for the next attempt (2nd retake). Retake fee applies.
  • If a candidate does not pass the exam on the third attempt, he/she must wait 6 months (from the initial date of the exam) for the next attempt (3rd retake). Retake fee applies.

After the fourth attempt, a waiting period of 12 months from the last session date is required, in order for candidate to sit again for the same exam. Regular fee applies.

For the candidates that fail the exam in the 2nd retake, PECB recommends to attend an official training in order to be better prepared for the exam.

To arrange exam retakes (date, time, place, costs), the candidate needs to contact Glasspaper.

Practical information

Duration: 5 days
Price: 27 900
Language: English
Format: Open course and corporate training

FAQ

Hva lærer jeg på dette kurset?
Du lærer hvordan du planlegger, implementerer, leder og forbedrer et informasjonssikkerhetshåndteringssystem for hendelser i tråd med ISO/IEC 27035, inkludert roller, planlegging, kommunikasjon og responshåndtering.

Hva kreves for å delta?
Det kreves grunnleggende forståelse av ISO/IEC 27035 og informasjonssikkerhet, slik at du kan jobbe med mer avanserte temaer om planlegging og implementering.

Hvordan gjennomføres eksamen?
Eksamen tas enten fysisk på kursstedet eller online med voucher og online eksamensvakt, avhengig av kursformatet.

Hva skjer hvis jeg ikke består første eksamen?
Normalt får du mulighet til et nytt eksamensforsøk online, i tråd med sertifiseringsregler.

Hva er sertifiseringen?
Etter godkjent eksamen oppnår du PECB Certified ISO/IEC 27035 Provisional Incident Manager sertifisering. For å få full sertifisering kan det også stilles krav til dokumentert arbeidserfaring. Sjekk tabellen under sertifisering for mer informasjon.

Får jeg ekstra tid på eksamen?
Ja, ekstra tid gis ofte dersom engelsk ikke er ditt morsmål, i tråd med sertifiseringsorganets regler.

Får jeg ISO-standarden?
Nei, du får tilgang til kursmateriell og rammeverksreferanser som brukes under kurset og eksamen.

Hva er forskjellen på dette og Foundation?
Lead Incident Manager går dypere inn i planlegging og ledelse av hendelseshåndteringsprosesser, mens Foundation gir grunnleggende kunnskap om begreper og viktige prinsipper.

Er dette kurset relevant for ledere?
Ja, det er relevant for ledere, IT-ansvarlige, compliance-roller og alle som jobber med å etablere eller lede hendelseshåndtering.

Kan jeg ta dette kurset som e-læring?
Nei, det er ikke mulig å ta dette kurset som e-læring, men mulig med selvstudie. Send en mail til prosjekt@glassper.no for mer informasjon og bestilling.

See other relevant courses:

Other subject areas:

Other relevant courses

PECB Certified Lead Cybersecurity Manager
5 days
Classroom Virtual
ISO/IEC 27001 Lead Implementer
2. March
5 days
Classroom Virtual Guaranteed to run
ISO/IEC 27005 Lead Risk Manager
23. March
5 days
Classroom Virtual
ISO/IEC 27001 Lead Auditor
13. April
5 days
Classroom Virtual