Information security best practice for COBIT and ITIL implementation


Ely, England, 15 June 2011IT Governance Ltd, the global leader in ISO27001 information, standards, books, tools and training, has announced that it is taking last-minute bookings on its Information Security Foundation based on ISO/IEC 27002 training course in June. Designed to meet the needs of staff responsible for the security of information assets, the course is particularly suitable for the managers of organisations that are adopting the COBIT IT governance framework and/or the ITIL Suite of service management best practice.

In close alignment with ISO27001, the ISO/IEC 27002:2005 Standard serves as a practical guideline for all members of staff as they initiate, implement and maintain information security. An understanding of the best practice guidance, as outlined in ISO27002, is essential to achieving the goals of COBIT and ITIL service management programmes.

Alan Calder, CEO of IT Governance explains, “COBIT is an IT governance control framework that helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals. Although information security is one of these goals, COBIT does not supply a how-to route map. This is ably provided by the ISO27002 Standard which draws on the experience of practitioners in over 40 countries to set out best practice for the delivery of an effective information security programme.”

“The ITIL security management process describes the structured integration of security in an organisation. ITIL security management is of course based on the ISO27002 best practice and its adoption in the ITIL Lifecycle provides the foundation for effective IT governance. The security management process has relations with almost all other ITIL-processes but is most associated with service level management, incident management and change management.”

The one-day Information Security Foundation based on ISO/IEC 27002 training course, is designed for anyone responsible for the information assets within an organisation. This includes Information Security, IT Service Management, Data Protection Officers, and all Heads of Department. This course is based on the EXIN Information Security Foundation syllabus, and prepares delegates for the end of the day EXIN ISFS examination. Successful candidates will be awarded the EXIN Information Security Foundation Certificate.

The Information Security Foundation based on ISO/IEC 27002 training course delivers a comprehensive education in ISO27002 best practice and can be booked immediately at

This website uses cookies. View our cookie policy