Certified Lead Security Incident Professional | Course

Mastering the Incident Management Process based on ISO 27035


Next GUARANTEED DATES       Contact us for new dates | Entre em contacto connosco para novas datas

course evaluation     4.3 in 5


This course is available to be delivered in a classroom and Live-Training model. Live Training brings you the dynamic environment of the classroom, to your desk. Using your computer, you interact with the trainer and the trainees as if you were with them in the classroom. Percurso Certified Lead Security Incident Professional In this course participants develop the competence to master a model for implementing an incident management process throughout their organization using the ISO 27035 standard as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to manage information security incidents in time by being familiar with their life cycle. During this training, we will present the ISO 27035 information security incident management standard, a process model for designing and developing an organizational incident management process, and how companies may use the standard. This training is also fully compatible with ISO 27035 which supports ISO 27001 by providing guidance for incident management. The course material has also taken into consideration leading industry standards, such as NIST SP 800-61.

Training Methodology
This training is based on both theory and practice:
  • Sessions of lectures illustrated with examples based on real cases;
  • Practical exercises based on a full case study including role playing and oral presentations;
  • Review exercises to assist the exam preparation;
To benefit from the practical exercises, the number of training participants is limited

  • Incident managers;
  • Business Process Owners;
  • Information Security Risk Managers;
  • Regulatory Compliance Managers;
  • Members of Incident Response Team;
  • Persons responsible for information security or conformity within an organization;
  • Business Continuity Managers;
  • Security and Business Process consultants;

Participants should understand English as the course documentation is in this language.

Duration (days)
5 days

Learning Objectives
At the end of the course students should be able to:
  • understand the concepts, approaches, methods, tools and techniques allowing an effective information security incident management according to ISO 27035;
  • understand, interpret and provide guidance on how to implement and manage incident management processes based on best practices of ISO 27035 and other relevant standards;
  • acquire the competence to implement, maintain and manage an ongoing information security incident management program according to ISO 27035;
  • acquire the competence to effectively advise organizations on the best practices in information security management;

  1. Introduction, incident management framework according to ISO 27035
    • Section 2 Information security incident management
    • ISO 27035 core processes
    • Fundamental principles of information security
    • Linkage to business continuity
    • Legal and ethical issues

  2. Planning the implementation of an Organizational Incident Management Process based on ISO 27035
    • Initiating a Security Incident Management Process
    • Understanding the organization and clarifying the objectives
    • Plan and prepare
    • Roles and functions
    • Policies and procedures

  3. Implementing an Incident Management Process
    • Communication planning
    • First implementation steps
    • Implementation support items
    • Implementing Detecting and Reporting
    • Implementing Assessment and Decision
    • Implementing Responses
    • Implementing Lessons Learned
    • Transition to Operations

  4. Monitoring, measuring and improving an Incident Management Process
    • Further Analysis
    • Analysis of Lessons Learned
    • Corrective actions
    • Competence and evaluation of incident managers

  5. Certified Lead Security Incident Professional Exam

  • The Certified Lead Security Incident Professional exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts in incident management
    • Domain 2: Incident management best practice based on ISO 27035
    • Domain 3: Designing and developing an organizational incident management process based on ISO 27035
    • Domain 4: Preparing for incident management and implementing an incident management process
    • Domain 5: Enacting the incident management process and handling security incidents
    • Domain 6: Performance monitoring and measuring
    • Domain 7: Improving the incident management process

  • The Certified Lead Privacy Implementer exam is available in English language.
  • Duration: 3 hours
  • The exam result is sent via email to the candidate within eight weeks after the examination, being the exam result graduated in qualitative note: "Pass or Fail".
  • In the case of a failure, the result will be accompanied with the list of domains in which you had a mark lower than the passing grade.
If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

After successfully completing the exam, participants can apply for the credentials: "Certified Provisional Lead Security Incident Professional " or "Certified Lead Security Incident Professional", depending on their level of experience.
A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential.
Certified Lead Security Incident Professional program is aligned with ISO 17024 standard.

Requirements for “Implementer” certifications:
CertificationExamProfessional ExperienceIncident Management Experience
Certified Provisional Lead Security Incident ProfessionalCertified Lead Security Incident Professional ExamNoneNone
Certified Lead Security Incident ProfessionalCertified Lead Security Incident Professional ExamTwo years
One year of Incident Management related work experience
Incident Management activities totaling 200 hours

Our specialists are renowned consultants and auditors, with several years of experience in the areas of implementation, auditing and training in different ISO standards
Some of our experts work directly in the improvement of these standards through its participation in the committees responsible for these standards in various countries.

General Information
  • Training in English language.
  • Course manual in English, containing over 450 pages of information and practical examples.
  • Behaviour Participation Certificate of 31 CPD (Continuing Professional Development) credits.
  • ISO 27035 standard provides guidance for incident management to which organizations cannot get certified against
  • Certification Exam in English.
  • Certification Diploma after successful examination and formal process registration. This process has no associated cost.
  • Coffee break in the morning and afternoon (Applies to all training that take place in Behaviour facilities)
  • If the candidate fails the exam, he is entitled to one free retake within a 12 month period from the initial exam date.

  • Certified Lead Security Incident Professional (CLSIP) exam is conducted at the end of the course, on the last day of training, which focuses on development questions and case studies allowing the certifying entity to measure, more effectively, the knowledge of the candidates.

  • Certified Lead Security Incident Professional (CLSIP) course bases its pedagogical model in a certification program aligned with ISO 17024 standard, which defines the requirements for certification of people, fulfilling the recommendations of ISO.

  • Certification exam is monitored by an official Behaviour administrator.

  • Upon success in the exam, professional will achieve one of the CLSIP certifications levels. In case of failure, professional may repeat the exam at no additional cost, within 1 year after the date of the 1st examination.

  • Behaviour Pedagogical Model aims to provide a learning environment conducive to acquisition of competences, in accordance with objectives of each training program. Promoting interaction, participation and appreciation of experiences, we contribute to meaningful learning, certification and international recognition but, above all to the development of critical thinking and autonomy.

  • Behaviour is an organization accredited by DGERT (Portuguese Government Entity) and certified on ISO 9001. Behaviour has its Quality Management System (QMS) implemented in accordance with the requirements of ISO 9001, the requirements of DGERT, the requirements of the European standard NP 4512 and the standard ISO 10015.

Dates and Price

Contact us for new dates | Entre em contacto connosco para novas datas

Guaranteed Dates Program
All dates of this course are guaranteed.
At Behaviour, all courses take place regardless of the number of trainees on each course. The concept of setting up classes does not exist in our educational model, which is why all public dates, presented on the website, are guaranteed. So if you're in Portugal or anywhere else in the world, you can prepare your week or your trip, as long as you ensure your registration in the course.

Volume Discounts
For companies, Behaviour offer discounts, between 10% and 40% of the value of training, starting from the registration of the 2nd participant, in the same course and on the same date.
Simulate the prices for the number of participants you want to register to training@behaviour-group.com or contact us via chat.

Hotels and Useful Information
Know where you can stay in Lisbon, near Behaviour. For more information please see >> Booking <<