ISO 27035 Essentials Course introduces the fundamentals of information security incident management, framing the process from preparation and detection through to response and continual improvement. The training establishes a clear basis for structuring incident response in an organisational context, aligned with good practices and governance requirements.
Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration
Upcoming dates
Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.
Live Online • next edition
Live Online • base price
Language: available in Portuguese or English
Training: requirements-understanding oriented
Exam: 30 min
ESSENTIAL LEVEL — structured and solid knowledge that supports any career.
Why this course exists
To create a solid foundation and a common language in ISO/IEC 27035, incident management and operational response.
Many organisations operate with inconsistent incident response processes, or with excessive dependence on tacit knowledge and informal practices, without a common basis of concepts, terminology and understanding of international principles, phases and guidelines.
This course establishes the necessary foundations so that professionals from any area can understand and begin applying the guidelines of ISO/IEC 27035-1, either in the context of an ISMS or as an independent Incident Management Programme.
What this course enables you to do
Understand
Master concepts, terms and definitions related to information security incident management and frame ISO/IEC 27035-1 in the context of an ISMS or a dedicated programme.
Interpret
Read ISO/IEC 27035-1 with method: recognise its structure, identify clauses and annexes and understand the topics and guidelines.
Relate
Select relevant standards from the ISO/IEC 27035 subfamily and understand how they connect with ISO/IEC 27001 and ISO/IEC 27002, including integration and mappings.
Frame
Contextualise the principles, phases, processes and artefacts required for incident response, including investigation recommendations and forensic techniques.
Frameworks, standards and best practices addressed throughout the course
5 clauses + annexes
Incident and response concepts
Principles, phases and process
Artefacts and evidence
ISO/IEC 27035-2
ISO/IEC 27035-3
Integration with ISO/IEC 27001
Interconnection with ISO/IEC 27002
Correlated international good practices
Investigation and forensic techniques
Value for the organisation
- Common knowledge base for teams involved in incident management and response, reducing dependence on ad hoc practices.
- Improved understanding of ISO/IEC 27035-1 guidelines and their practical application in a real context, whether integrated or independent.
- Ability to articulate incident management with the ISMS, including alignment with ISO/IEC 27001 and mappings with ISO/IEC 27002.
- Solid preparation to support the structuring of an incident management programme, including principles, phases, processes and essential artefacts.
Introduction
In this course, participants will acquire the essential knowledge required to work with the international standard ISO/IEC 27035-1.
The course presents the concepts, terms and definitions related to information security incident management, as well as the structure and topics related to the standard’s guidelines, including the 5 main clauses and a summary of the topics included in the various Annexes.
During the course, a summary is also presented of the most relevant standards in the ISO/IEC 27035 subfamily, particularly the relationship between ISO/IEC 27035-1, ISO/IEC 27035-2 and ISO/IEC 27035-3, and their interconnection with ISO/IEC 27001 and ISO/IEC 27002.
Throughout the course, the applicability of the standard is presented in the context of an Information Security Management System (ISMS), as well as recommendations for its use in the context of an independent Information Security Incident Management Programme, should the organisation so require.
This course prepares participants for the Information Security 27035 Essentials personal certification.
This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.
General Objectives
At the end of this course, participants will be able to:
- Understand and use the essential knowledge, namely the concepts, terms and definitions related to information security incident management, including, but not limited to, types of incidents, attacks and information collection in the context of ISO/IEC 27035-1.
- Understand the essential concepts of information security incident management in the context of management systems, including integration examples.
- Understand the structure of ISO/IEC 27035-1 and know how to identify the various clauses and annexes of the standard.
- Know and select the most appropriate standards from the ISO/IEC 27035 subfamily to support the implementation and operation of an Information Security Incident Management Programme, either independent or integrated with an ISO/IEC 27001 ISMS.
- Know how to interconnect the ISO/IEC 27035 subfamily of standards with the ISO/IEC 27000 family, including the mapping of ISO/IEC 27002 controls with the clauses of ISO/IEC 27035-1.
- Know how to identify other international information security incident management practices, including investigation practices and forensic techniques that may be used together with ISO/IEC 27035.
- Understand and know how to frame, in the context of their organisation, the guidelines and topics included in the clauses of ISO/IEC 27035, including the principles, phases, process and remaining artefacts required for information security incident management and response.
- Understand the essential concepts related to the organisation of capabilities and the forensic process.
- Possess the knowledge required to successfully take the Information Security 27035 Essentials certification exam.
Target Audience
- Professionals involved in the operation of processes related to Information Security Incident Management, whether in the context of an ISMS or within a programme already established or to be established independently.
- Anyone wishing to acquire the essential knowledge required to work with the ISO/IEC 27035 standard.
Prerequisites
There are no mandatory formal prerequisites. However, other specific requirements may apply, where relevant, depending on the quotation or proposal presented. Please consult the applicable proposal.
Programme
Introduction to the course
- Training and certification framework
- Objectives, structure and pedagogical approach
- Course dynamics and learning approach
Introduction to information security incident management and management systems
- Concepts, terms and definitions of information security incident management
- Essential concepts and terminology related to management systems
- Integration framework with an ISMS
The ISO/IEC 27035 standard, the standards subfamily and its integration within the ISO/IEC 27000 family
- Presentation of ISO/IEC 27035-1 and its structure
- ISO/IEC 27035 subfamily: relationship between 27035-1, 27035-2 and 27035-3
- Interconnection with ISO/IEC 27001 and ISO/IEC 27002, including mappings
Presentation and applicability of ISO/IEC 27035-1 topics, guidelines and annexes
- Guidelines and topics by clause: 5 clauses
- Principles, phases and process for incident management and response
- Required artefacts: records, evidence and reporting
- Applicability in the context of an ISMS and in independent programmes
- Annexes of the standard: summary and applicability
Good practices and investigation and forensic capabilities
- Organisational capabilities for investigation
- Preservation and collection of evidence
- Techniques and essential notions of the forensic process
Exam(s) and Certification
Exam “Certified Information Security 27035 Essentials”
The exam covers the following competence domains:
- Domain 1: Concepts related to information security incident management and management systems
- Domain 2: ISO/IEC 27035 subfamily, guidelines and applicability of ISO/IEC 27035-1, including integration with ISO/IEC 27001/27002
Language(s): Portuguese and English.
Duration: 30 minutes.
Format: Multiple choice.
Pass mark: 120/200 points.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the result of the initial exam.
Certification
After successfully completing the exam and accepting or signing the applicable agreement and Code of Ethics, the candidate achieves the credential Certified Information Security 27035 Essentials, issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.
A Behaviour® professional certification, as a proprietary certification scheme, with international market recognition. The scheme is designed and operated based on good practices for personal certification, principles of impartiality and exam quality, and applicable international references, including the principles of ISO/IEC 17024.
A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying.
Certification programmes are valid only for individuals, not companies, and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement and Code of Ethics.
If the professional does not comply with the agreement or the Code of Ethics, the certification is not granted or is revoked.
Other Information
General Information
- Training available in Portuguese or English.
- Training materials available in Portuguese and/or English, with online access, in accordance with the awarded conditions.
- Behaviour digital Training Attendance Certificate with 7 CPD/CPE credits.
- Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date.
- If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result.
- Digital Certification Diploma and Digital Certification Badge after passing the exam and completing the application process. This process has no associated cost.
Trainer(s)
The trainers are consultants and auditors with experience in implementation, auditing and training in the ISO/IEC 27000 family of standards, with focus on incident response and incident management, including integration with an ISMS and correlated good practices.
Benefits
View benefits
- ISO/IEC 27035 provides internationally recognised guidelines to structure an information security incident management and response programme.
- Improves the ability to understand and align the organisation for operational response, integration with the ISMS and continual improvement.
- The course is based on the BEHAVIOUR pedagogical model, with a personal certification programme in accordance with ISO/IEC 17024, which defines requirements for personal certification.
- Objective preparation for the Certified Information Security 27035 Essentials exam, in multiple-choice format.
- The exam is supervised by an official BEHAVIOUR administrator.
- In case of failure, there is 1 free retake within a maximum period of 2 months after the initial exam result.
Logistics
Useful information
- Live Online (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- Classroom (synchronous time): 09h30–13h00 and 14h00–17h30 (Lisbon time), with short breaks
- 7 hours of synchronous training, 1 training day
- Requirements: computer with stable internet, updated browser, PDF reader and audio/video
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.
Frequently Asked Questions
Objective answers to the most common questions about the Essentials level and the framework of this course.
Do I need previous experience or previous certifications to participate?
No. the Essentials course was designed as an entry point and does not require previous experience or previous certifications.
What is the difference between the Essentials and Foundation levels?
The Essentials level focuses on the structured understanding of fundamental concepts and principles.
The Foundation level deepens the requirements and normative structure, preparing the participant to integrate and support implementation initiatives based on a more detailed understanding.
Is this course suitable for management or leadership roles?
Yes. The course enables participants to understand organisational impacts, responsibilities and strategic framing, making it suitable for management and leadership roles that need a structured view without excessive technical detail.
What can I do in practice after this course?
After the course, the participant can interpret the logic of the standard or framework, understand concepts and terminology, and participate with confidence in conversations, meetings and decisions where the topic is discussed, even without assuming implementation or audit roles.
What does this course not cover and when should I progress to another level?
This course does not go deeper into system design, project execution or formal audits.
Whenever there is a need to implement a management system, lead organisational initiatives or conduct audits, the recommended path is to progress to Lead Implementer or Lead Auditor, depending on the intended role.
The Foundation level provides the preparatory basis for this progression, already enabling participants to integrate and support projects under guidance, with a structured understanding of requirements and of the system logic.
Is this course sufficient to participate in a real incident response?
The course enables participants to understand the incident management cycle and support coordination and communication, but it does not replace advanced technical training in operational incident response.
For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.
Registration
Complete the form to request your registration for the preferred edition. Check the upcoming dates.
Request more information
If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Companies: request a proposal
For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
This course may be attended by individual professionals. It may also be integrated into team capacity-building initiatives that need to strengthen Information Security incident management throughout its organisational cycle.