ISO/IEC 27035 Lead Incident Manager

ISO/IEC 27035 Lead Incident Manager training enables you to acquire the necessary expertise to support an organization in implementing an Information Security Incident Management plan based on ISO/IEC 27035. During this training course, you will gain a comprehensive knowledge of a process model for designing and developing an organizational incident management plan. The compatibility of this training course with ISO/IEC 27035 also supports the ISO/IEC 27001 by providing guidance for Information Security Incident Management.

Course description:

After mastering all the necessary concepts of Information Security Incident Management, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27035 Lead Incident Manager” credential. By holding a PECB Lead Incident Manager Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to support and lead a team in managing Information Security Incidents.

Course objectives:

  • Master the concepts, approaches, methods, tools and techniques that enable an effective Information Security Incident Management according to ISO/IEC 27035
  • Acknowledge the correlation between ISO/IEC 27035 and other standards and regulatory frameworks
  • Acquire the expertise to support an organization to effectively implement, manage and maintain an Information Security Incident Response plan
  • Acquire the competence to effectively advise organizations on the best practices of Information Security Incident Management
  • Understand the importance of establishing well-structured procedures and policies for Incident Management processes
  • Develop the expertise to manage an effective Incident Response Team


  • Information Security Incident managers
  • IT Managers
  • IT Auditors
  • Managers seeking to establish an Incident Response Team (IRT)
  • Managers seeking to learn more about operating effective IRTs
  • Information Security risk managers
  • IT system administration professionals
  • IT network administration professionals
  • Members of Incident Response Teams
  • Individuals responsible for Information Security within an organization


A fundamental understanding of ISO/IEC 27035 and comprehensive knowledge of Information Security. 

Course outline:

Introduction to Information Security Incident Management concepts as recommended by ISO/IEC 27035

  1. Course objectives and structure
  2. Standards and regulatory frameworks
  3. Information Security Incident Management
  4. ISO/IEC 27035 core processes
  5. Fundamental principles of Information Security
  6. Linkage to business continuity
  7. Legal and ethical issues



Designing and preparing an Information Security Incident Management plan

  1. Initiating an Information Security IncidentManagement Process
  2. Understanding the organization and clarifying the information security incident management objectives
  3. Plan and prepare
  4. Roles and functions
  5. Policies and procedures

Roles and functions
Policies and procedures

Enacting the Incident Management process and handling Information Security incidents

  1. Communication planning
  2. First implementation steps
  3. Implementation of support items
  4. Detecting and reporting
  5. Assessment and decisions
  6. Responses
  7. Lessons learned
  8. Transition to operations

Monitoring and continual improvement of the Information Security Incident Management plan

  1. Further analysis
  2. Analysis of lessons learned
  3. Corrective actions
  4. Competence and evaluation of incident managers

Certification Exam

  1. Preparation for exam
  2. Exam

The exam is will take place at the end of the course on onsite classroom courses

For Virtual courses we will send out a voucher that gives you access to an online exam. This can be booked and taken home monitored by a proctor via camera. More information about the exam rules will be send from PECB.

Exam details:

  • The exam duration is three (3) hours. Non-native speakers receive an additional half an hour.
  • The exam contains essay type questions.

As the exam is “open book”, candidates are authorized to use:

  • A copy of the standard
  • Course notes from the Participant Handout;
  • Any personal notes made by the student during the course; and
  • A hard copy dictionary


Examination rules and policies

Other relevant courses

14. October
5 days
Classroom Virtual
19. August
5 days
Classroom Virtual Guaranteed to run
5 days
Classroom Virtual
7. October
5 days
Classroom Virtual