Information Security

Series of courses Information Security Manager acc. to ISO 27001


As an Information Security Manager, you will take the central position within the company where management and technological competence are equally required. You will autonomously take care of establishing, implementing and continually improving the Information Security Management System (ISMS) and act as an interface between the top managerial level and the operational business areas. This CIS Course will safely take you to your goal – it imparts the key elements of the international standard ISO/IEC 27001 as well as its correct interpretation and implementation in a practice-oriented manner. CIS is accredited for personnel certification by the Austrian Ministry for Economic Affairs. This means the Certificates for Individuals are documents recognized on a national and international scale.


As the requirements placed on Information Security Managers are so high, the bow of the contents of the training is bent quite far. The course includes three modules, which can be attended independently one from another:

  • Module 1: the ISO 27001 / ISO 27002 Standards
  • Module 2: legal bases
  • Module 3: psychological bases for IS Managers

After successful completion of the examination you will obtain the recognized Certificate “Information Security Manager” acc. to ISO 27001.

As a certified IS Manager, you will also meet the requirements for participating in the continuing IS Auditor Training offered by CIS.

Module 1 – The ISMS Standards ISO 27001 and ISO 27002:

Correctly implementing and optimizing information security


This module in the training course series teaches how to understand and effectively implement the normative requirements of ISO/IEC 27001, as amended, for an Information Security Management System (ISMS). This includes:

  • the responsibilities and tasks of top management
  • the identification of the information security requirements within the context of the organization and the requirements of interested parties
  • deriving the risk acceptance criteria and fundamentals of risk management
  • the resources needed for an ISMS
  • determining the performance of the ISMS based on key performance indicators and results of internal IS audits
  • determining the improvement measures on the basis of the decisions from the management review.

In addition, the controls from Annex A of ISO/IEC 27001 are presented together with the implementation guidance stated in ISO/IEC 27002.

Many of these topics are clarified by practical examples.

Goal of the seminar:

After successful completion of this module, participants will know the standard requirements of ISO/IEC 27001 and will be able to implement them in an organization. Furthermore, they will have an overview of the controls stated in Annex A of ISO/IEC 27001 and will be able to evaluate and use the implementation guidance of ISO/IEC 27002.


2 days

Module 2 – Psychological bases for IS Managers:

From people motivation to the capabiltiy of handling conflicts


Sometimes establishing new systems is faced with opposition – unless you are in command of the high school of psychology. This one-day seminar will impart you the bases enabling you to successfully implement the technical knowledge acquired within a company. This includes such soft skills as moderation skills, capability of working in a team, capability of handling conflicts, interdisciplinary cooperation or knowledge of relational models, group dynamic processes and motivation techniques.

A manager’s way of seeing himself/herself also is one of the decisive success factors

Goal of the seminar:

The participants will be enabled to successfully put through the corporate goals with as few frictional losses on the relational level as possible. They will also learn how to establish, manage and motivate project teams.


1 day

Module 3 – Legal bases for IS Managers:

Identifying and competently implementing requirements relating to compliance


One important element in the field of information security is formed by laws regulating protection of data. In this one-day seminar, three priorities will be imparted to you.

  1. Data protection & Data security: This block provides information on: data worth protecting, ways of using data, data secrecy, and the rights of data subjects, penalties and compensation; furthermore, the topics of protection and control of employees as well as software protection are addressed.
  2. E-Commerce: This chapter deals with the E-Commerce Directive, remote sales and the Signature Act.
  3. Copyright, domain-names: The last section is devoted to trade-mark protection and protection of names and identification marks.

Goal of the seminar:

The participants know the laws relevant to information security and can autonomously apply the most important rules. They have the basic skills enabling them to be competent contact persons for legal consultants called in.


1 day

Examination IS Manager

Content of the examination:

The contents of the examination refer to the three CIS Course Modules

  • The ISMS Standards ISO 27001 and ISO 27002
  • Psychological bases for IS Managers
  • Legal bases for IS Managers

Admission to examination:

The admission conditions for each examination are stated in the CIS - course content. Registration to an examination will have to be done in writing with CIS, compliance with the admission conditions having to be demonstrated by the person applying for the Certificate. If the person applying for the Certificate has attended the trainings within the qualification programs of CIS, the trainings will be recognized automatically if the applicant was present at least 80% of the period covered by the event. If a person applying for the Certificate wants to have other trainings credited, it is necessary to have the equivalence of these trainings with the certification program stated.

For stating this equivalence, a separate written application will have to be filed. A presentation of the trainings completed and a comparison with the requirements placed by the certification program will have to be enclosed to this application. The respective requirements can be requested from the Certification Body.

For reviewing conformity to the certification program and topicality of the references provided by the person applying for the Certificate, a qualification check will be made. This check is made up of oral technical discussions lasting 30 to 60 minutes and will be carried.

Conduct of the examination:

The written examination (multiple choice) will take 1 hour.


Upon positive completion of the examination, the Certificate “Information Security Manager” will be issued.

Period of validity of the Certificate:

3 years

Prolongation criteria:

  • evidencing 3 years’ job experience in information security management
  • one CIS Further Training Event (Refresher) within 3 years
Dates of the series of courses
  • 17. – 20. January 2022, Vienna
  • 28. – 31. March 2022, Vienna
  • 09. – 12. May 2022, Vienna
  • 12. – 15. September 2022, Vienna
  • 10. – 13. October 2022, Vienna
Participation fee

The participation fee for the entire Information Security Manager course series, including examination and certificate, is € 3.060,- (excl. 20 % VAT).

Prices for individual modules on inquiry. Please contact us at

Structure of Series of courses Information Security Manager acc. to ISO 27001

Single Modules are offered after request

We look
forward to
hearing from

Write to us!

Do you have specific inquiries about the CIS service portfolio? Our experts will be happy to provide you with advice and support at any time!

Our experts for this area

Impartial. Competent. Trustworthy.

Unfortunately your search was unsuccessful. Please check your settings and your spelling.
+43 1 532 98 90