The ISO/IEC 27035 Lead Incident Manager training course equips participants with the knowledge and skills to support organizations in establishing and implementing a comprehensive information security incident management process. Based on the ISO/IEC 27035 series and aligned with other incident management best practices, the course covers the entire incident lifecycle—from planning and preparation to post-incident review. Participants will also learn about the roles of key stakeholders and the importance of collaboration with external entities during incident response.
In the digital era, information security incidents—whether deliberate or accidental—are a persistent risk for organizations of all sizes and sectors. This training enables participants to navigate the complexities of incident detection, assessment, response, and reporting, helping organizations safeguard their information and mitigate negative business impacts.
Aligned with ISO/IEC 27001, ISO/IEC 27005, and related standards, the course provides practical, actionable guidance on establishing and maintaining an effective incident management process.
Upon completion and successful exam performance, participants may apply for the “PECB Certified ISO/IEC 27035 Lead Incident Manager” credential, demonstrating their ability to strategically manage and mitigate information security incidents.
This training course is intended for:
Managers or consultants seeking to deepen their expertise in information security incident management.
Professionals responsible for establishing and managing incident response teams (IRTs).
IT professionals and information security risk managers aiming to enhance their incident management capabilities.
Members of incident response teams.
Incident response coordinators or individuals with responsibilities for incident handling and response.
By the end of this training course, participants will be able to:
Explain the fundamental principles of information security incident management.
Develop and implement incident response plans tailored to organizational needs and select appropriate incident response teams.
Conduct thorough risk assessments to identify potential threats and vulnerabilities.
Apply international standards and best practices to improve the efficiency and effectiveness of incident response.
Conduct post-incident analysis to identify lessons learned and drive continual improvement.
The training integrates theoretical instruction with best practices for implementing an incident management process.
It includes essay-type exercises and scenario-based multiple-choice quizzes.
Participants are encouraged to collaborate and engage in discussions during exercises and quizzes.
Quiz formats are designed to mirror the structure of the certification exam.
Participants should possess a general understanding of incident management processes, information security principles, and the ISO/IEC 27000 family of standards.
The “PECB Certified ISO/IEC 27035 Lead Incident Manager” exam meets the PECB Examination and Certification Program (ECP) requirements. It covers the following competency domains:
Domain 1: Fundamental principles and concepts of information security incident management
Domain 2: Information security incident management process based on ISO/IEC 27035
Domain 3: Designing and developing an organizational incident management process based on ISO/IEC 27035
Domain 4: Preparing and executing the incident response plan for information security incidents
Domain 5: Implementing incident management processes and managing information security incidents
Domain 6: Improving the incident management processes and activities
After passing the exam, you can apply for one of the credentials listed in the table below. You will receive a certification once you fulfill all the requirements of the selected credential.
| Credential | Exam | Professional experience | ISIMMS project experience | Other requirements |
|---|---|---|---|---|
| PECB Certified ISO/IEC 27035 Provisional Incident Manager | PECB Certified ISO/IEC 27035 Lead Incident Manager Exam or equivalent | None | None | Signing the PECB Eode of Ethics |
| PECB Certified ISO/IEC 27035 Incident Manager | PECB Certified ISO/IEC 27035 Lead Incident Manager Exam or equivalent | Two years: One year of work experience in Information Security Incident Management | ISIM activities: a total of 200 hours | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27035 Lead Incident Manager | PECB Certified ISO/IEC 27035 Lead Incident Manager Exam or equivalent | Five years: Two years of work experience in Information Security Incident Management | ISIM activities: a total of 300 hours | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27035 Senior Lead Incident Manager | PECB Certified ISO/IEC 27035 Lead Incident Manager Exam or equivalent | Ten years: Seven years of work experience in Information Security Incident Management | ISIM activities: a total of 1,000 hours | Signing the PECB Code of Ethics |
The training course fee includes all applicable costs for certification and the final examination.
Participants are provided with comprehensive training materials, comprising over 450 pages of instructional content, practical examples, exercises, and quizzes.
A certificate of course completion, accredited for 31 Continuing Professional Development (CPD) credits, is awarded to all attendees who complete the training.
Candidates who do not pass the examination on their first attempt are eligible for one complimentary retake within a 12-month period from the original exam date.
Course agenda
Day 1: Introduction to information security incident management concepts and principles as defined by ISO/IEC 27035.
Day 2: Designing and preparing an information security incident management plan.
Day 3: Detecting, assessing, and reporting information security incidents.
Day 4: Monitoring, reviewing, and continually improving the information security incident management process.
Day 5: Administration of the certification examination.
