Professional Documents
Culture Documents
Page 1 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
The objective of the “Certified ISO/IEC 27001 Lead Implementer” examination is to ensure that
the candidate has the knowledge and the skills to support an organization in implementing and
managing an Information Security Management System (ISMS) based on ISO 27001.
Page 2 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
1. Understand and explain the operations of 1. Knowledge of the application of the eight ISO
the ISO organization and the development management principles to information security
of information security standards 2. Knowledge of the main standards in information
2. Ability to identify, analyze and evaluate the security
information security compliance 3. Knowledge of the different sources of information
requirements for an organization security requirement for an organization: laws,
3. Ability to explain and illustrate the main regulations, international and industry standards,
concepts in information security and contracts, market practices, internal policies
information security risk management 4. Knowledge of the main information security
4. Ability to distinguish and explain the concepts and terminology as described in ISO
difference between information asset, data 27000
and record 5. Knowledge of the concept of risk and its
5. Understand, interpret and illustrate the application in information security
relationship between the concepts of asset, 6. Knowledge of the relationship between the
vulnerability, threat, impact and controls concepts of asset, vulnerability, threat, impact and
controls
7. Knowledge of the difference and characteristics of
security objectives and controls
8. Knowledge of the difference between preventive,
detective and corrective controls and their
characteristics
1. Ability to identify, understand, classify and 1. Knowledge of Information Security Policy Controls
explain the 11 clauses, 39 security Best Practices
categories and 133 controls of ISO 27002 2. Knowledge of Organizing Information Security
2. Ability to detail and illustrate the security Controls Best Practices
controls best practices by concrete 3. Knowledge of Asset Management Controls Best
Page 3 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
examples Practices
3. Ability to compare possible solutions to a 4. Knowledge of Human Resources Security Controls
real security issue of an organization and Best Practices
identify/analyze the strength and weakness 5. Knowledge of Physical and Environmental Security
of each solution Physical and Environmental Security Controls Best
4. Ability to select and demonstrate the best Practices
security controls in order to address 6. Knowledge of Communications and Operations
information security control objectives Management Controls Best Practices
stated by the organization 7. Knowledge of Access Control Controls Best
5. Ability to create and justify a detailed action Practices
plan to implement a security control by 8. Knowledge of Information Systems Acquisition,
listing the activities related Development and Maintenance Controls Best
6. Ability to analyze, evaluate and validate Practices
action plans to implement a specific control 9. Knowledge of Information Security Incident
Management Controls Best Practices
10. Knowledge of Business Continuity Management
Controls Best Practices
11. Knowledge of Compliance Controls Best Practices
1. Ability to manage an ISMS implementation 1. Knowledge of the main project management concepts,
project following project management best terminology, process and best practice as described in
practices ISO 10006
2. Ability to gather, analyze and interpret the 2. Knowledge of the principal approaches and
methodology frameworks to implement an ISMS
necessary information to plan the ISMS 3. Knowledge of the main concepts and terminology
implementation related to organizations
3. Ability to observe, analyze and interpret the 4. Knowledge of an organization’s external and internal
external and internal environment of an environment
organization 5. Knowledge of the main interested parties related to an
4. Ability to perform a gap analysis and clarify organization and their characteristics
the information security objectives of an 6. Knowledge of techniques to gather information on an
organization organization and to perform a gap analysis of a
5. Ability to state and justify an ISMS scope management system
adapted to the security objectives of a 7. Knowledge of the characteristics of an ISMS scope in
specific organization terms of organizational, technological and physical
boundaries
6. Ability to select and justify the selected
8. Knowledge of the different approaches and main
approach and methodology adapted to the methodology characteristics to perform a risk
needs of the organization assessment
7. Ability to perform the different steps of the 9. Knowledge of the main activities of the risk identification,
risk assessment and risk treatment phases estimation, evaluation related to the assets included in
8. Ability to state and justify a Statement of the ISMS of an organization
Applicability for a specific organization 10. Knowledge of the main activities of the risk treatment
related to the assets included in the ISMS of an
organization
11. Knowledge of the characteristics of a statement of
applicability
Page 4 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
1. Ability to understand, analyze needs and 1. Knowledge of the roles and responsibilities of the key
provide guidance on the attribution of roles actors during the implementation of an ISMS and in its
and responsibilities in the context of the operation after the end of the implementation project
implementation and management of an 2. Knowledge of the main organizational structures
applicable for an organization to manage information
ISMS security
2. Ability to define the document and record 3. Knowledge of the best practices on document and
management processes needed to support record management processes and the document
the implementation and the operations of an management life cycle
ISMS 4. Knowledge of the characteristics and the differences
3. Ability to define and design security controls between the different documents related to ISMS: policy,
& processes and document them procedure, guideline, standard, baseline, worksheet, etc.
4. Ability the define and writing a ISMS policy 5. Knowledge of model-building controls and processes
and information security policies & techniques and best practices
6. Knowledge of controls and processes deployment
procedures techniques and best practices
5. Ability to implement the required processes 7. Knowledge of techniques and best practices to write
and security controls of an ISMS information security policies, procedures and others
6. Ability to define and implement appropriate types of documents include in an ISMS
information security training, awareness and 8. Knowledge of the characteristics and the best practices
communication plans to implement information security training, awareness
7. Ability to define and implement an incident and communication plans
management process based on information 9. Knowledge of the characteristics and main processes of
security best practices an information management incident management
process based on best practices
8. Ability to transfer an ISMS project to
10. Knowledge of change management techniques best
operations and manage the change practices
management process
1. Ability to monitor and evaluate the 1. Knowledge of the techniques and best practices to
effectiveness of an ISMS in operation monitor the effectiveness of an ISMS
2. Ability to verify the extent to which identified 2. Knowledge of the main concepts and components
security requirements have been met related to an Information Security Measurement
3. Ability to define and implemented an Programme: measures, attributes, indicators,
internal audit program for ISO 27001 dashboard, etc.
4. Ability to perform regular and methodical 3. Knowledge of the characteristics and the
reviews regarding the suitability, adequacy, differences between an operational, tactical and
effectiveness and efficiency of an ISMS with strategic information security indicators and
Page 5 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
1. Ability to understand the principle and 1. Knowledge of the main concepts related to
concepts related to continual improvement continual improvement
2. Ability to counsel an organization on how to 2. Knowledge of the characteristics and the
continually improve the effectiveness and difference between the concept of effectiveness
the efficiency of an ISMS and the efficiency
3. Ability to implement ISMS continual 3. Knowledge of the concept and techniques to
improvement processes in an organization perform a benchmarking
4. Ability to determine the appropriate 4. Knowledge of the main processes, tools and
business improvement tools to support techniques used by professionals to identify the
continual improvement processes of a root-causes of nonconformities
specific organization 5. Knowledge of the characteristics and the
5. Ability to identify, analyze the root-causes of difference between corrective actions and
nonconformities and proposed action plans preventive actions
to treat them 6. Knowledge of the main processes, tools and
6. Ability to identify, analyze the root-cause of techniques used by professionals to develop and
potential nonconformities and proposed proposed the best corrective and preventive action
action plans to treat them plans
1. Ability to understand the main steps, 1. Knowledge of the Knowledge of evidence based
processes and activities related to a ISO approach in an audit
27001 certification audit 2. Knowledge of the different types of evidences:
2. Ability to understand, explain and illustrate physical, mathematical, confirmative, technical,
the audit evidence approach in the context analytical, documentary and verbal
Page 6 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
Page 7 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
Based on these seven domains and their relevance, twelve questions are included on the exam,
as summarized in the following table:
Level of Understanding
(Cognitive/Taxonomy) Required
Questions
that measure Questions that Number of % of test
Question Points per
Comprehension, measure Synthesis Questions per devoted to each
Number Question
Application and and Evaluation content area content area
Analysis
Fundamental 2 5 x
principles and 3 5 x
concepts of IS
4 10 x
IS Control
Best Practice
based on ISO
27002 1 5 x 4 33.33
Planning an
ISMS
based on ISO
27001 5 5 x
Content Area/Competence Domains
Implementing
an
ISMS based on
ISO 27001 6 10 x
Performance
evaluation,
monitoring and
measurement
of an ISMS 7 5 x
based on ISO 10 10 x
27001 11 5 x
Continual
improvement
of an
ISMS based on 8 5 x
ISO 27001 9 5 x 7 58.33
Preparation for
an ISMS
certification
audit 12 5 x 1 8.33
Total points 75 12 100
Page 8 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
After successfully passing the exam, candidates will be able to apply for the credentials of
Certified ISO/IEC 27001 Provisional Implementer, Certified ISO/IEC 27001 Implementer or
Certified ISO/IEC 27001 Lead Implementer, depending on their level of experience.
Candidates will be required to arrive at least thirty (30) minutes before the beginning of the
certification exam. Candidates arriving late will not be given additional time to compensate for
the late arrival and may be denied entry to the exam room (if they arrive more than 5 minutes
after the beginning of the exam scheduled time).
All candidates will need to present a valid identity card with a picture such as a driver’s license
or a government ID to the proctor and the exam confirmation letter.
Thirty (30) minutes of additional time can be provided to candidates taking the exam in a
language different than their mother tongue, when requested by the candidates, on the exam
day.
The questions are essay type questions. This type of format was chosen because the intent
is to determine whether an examinee can write a clear coherent answer/argument and to
assess problem solving techniques. Because of this particularity, the exam is set to be “open
book” and does not measure the recall of data or information. The examination evaluates,
instead, comprehension, application, analysis, synthesis and evaluation, which mean that even
if the answer is in the course material, candidates will have to justify and give explanations, to
show they really understood the concepts. At the end of this document, you will find sample
exam questions and their possible answers.
As the exams are “open book”; candidates are authorized to use the following reference
materials:
The use of electronic devices, such as laptops, cell phones, etc., is not allowed.
Page 9 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
Results will be communicated by email in a period of 4 to 8 weeks, after taking the exam. The
results will not include the exact grade the candidate had, only a mention of pass or fail.
Candidates who successfully complete the examination will be able to apply for a certified
scheme.
In the case of a failure, the results will be accompanied with the list of domains in which the
candidate had a low grade, to provide guidance for exams’ retake preparation.
Candidates who disagree with the exam results may file a complaint. For more information,
please refer to www.pecb.org
There is no limit on the number of times a candidate may retake an exam. A retake fee applies.
Only students, who have completed the full training but fail the written exam, are eligible to
retake the exam for free, under one condition:
“A student can only retake an exam once and this retake must occur within 12 months from the
initial exam’s date.”
According to our training provider agreement, students who have completed the full training and
who wish to prepare to retake an exam could attend, for free, to an entire training or to part of
training, depending on the students’ needs. Certain fees could apply, for meals, training
materials or other related expenses. Students who are interested in this preparation need to
contact the training provider.
EXAMINATION SECURITY
Page 10 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
1. Security controls
For each of the following clauses of the ISO 27001 standard, please provide an action plan with
at least two concrete actions that would be acceptable to ensure conformity to the clause and
satisfy the control objectives.
- Determining the necessary competencies for personnel performing work effecting the
ISMS (Clause 5.2.2 a)
Possible answers:
Determine the qualifications necessary for the operations of each security control included in
the ISMS.
Describe the necessary qualifications for each position occupied by the personnel related to
ISMS operations.
Possible answers:
Number of corrective actions implemented in the last year.
% corrective action requests being processed within three months.
Average delay in days to resolve a non-compliance.
3. Selection of controls
For each risk identified, provide the appropriate controls (by providing the clause number of the
control) which allows to reduce, transfer or avoid risks.
Possible answers:
Page 11 of 12
PECB PECB-820-1 ISO 27001 LI Exam Preparation Guide
4. Classification of controls
For each of the following 5 controls, indicate if it used as a preventive, corrective, and/or
detective control; and indicate, if the control is an administrative, technical, managerial or legal
measure. Explain your answer.
Possible answers:
5. Recommendations
The management of the organization would like to receive recommendations from you to
improve the processes in place to comply with the requirements of ISO 27001 on change
management.
Possible answers:
Page 12 of 12