Information Security Management Expert

Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet.

Furthermore, activities of many companies now rely on IT, and information has become a valuable asset. Protection of information is crucial for the continuity and proper functioning of the organization: information must be reliable.

The module Information Security Management Expert based on ISO/IEC 27002:2013 (ISMES.EN) tests specialized knowledge, understanding and skills in structuring, maintaining and optimizing the security of information within an organization. The international standard, the Code of Practice for Information Security ISO/IEC 27002:2013 structures the organization of information security. For that reason, it is an important point of departure for this module.

Target group

IT professionals responsible for the partial or overall set up and development of structural information security, like the Chief Information Security Officer, CISO, the Information Security Manager, ISM, or the Business Information Security Architect, BISA.


The ISMES module is the continuation of Information Security Foundation (ISFS.EN) and Information Security Management Advanced (ISMAS.EN)


  • The Information Security Foundation Certificate.
  • The Information Security Management Advanced Certificate.
  • The participant has to have at least 2 years of tangible practical experience at the management level in at least two of the main topic areas (examination requirements) of this module.

Requirements for the certificate

  • The Information Security Management Expert training course or coaching track with an EXIN accredited training provider (ATP).
  • Successful completion of the exam Information Security Management Expert.

Exam content

  1. Organization of information security (establishing Information Security Management System, ISMS) 20% 
  2. Information security policy 10% 
  3. Risk analysis 10% 
  4. Organizational change and –development pertaining to Information Security 40% 
  5. Standards and norms 10% 
  6. Audits and certification 10%

Exam Details

Number of questions: Not relevant 
Pass mark: 55% 
Open book: No 
Electronic equipment permitted: For presentation