The Information Security Foundation course and exam are based on the following Intended Learning Outcomes (ILOs):

1 Information and security
1.1 Concepts relating to information
The candidate can…
1.1.1 explain the difference between data and information.
1.1.2 explain information security management concepts.
1.2 Reliability aspects
The candidate can…
1.2.1 explain the value of the CIA-triangle.
1.2.2 describe the concepts accountability and auditability.
1.3 Securing information in the organization
The candidate can…
1.3.1 outline the objectives and the content of an information security policy.
1.3.2 explain how to ensure information security when working with suppliers.
1.3.3 outline roles and responsibilities relating to information security.
2 Threats and risks
2.1 Threats and risks
The candidate can…
2.1.1 explain threat, risk, and risk management.
2.1.2 describe types of damage.
2.1.3 describe risk strategies.
2.1.4 describe risk analysis.
3 Security controls
3.1 Outlining security controls
The candidate can…
3.1.1 give examples of each type of security control.
3.2 Organizational controls
The candidate can…
3.2.1 explain how to classify information assets.
3.2.2 describe controls to manage access to information.
3.2.3 explain threat and vulnerability management, project management, and incident management in information security.
3.2.4 explain the value of business continuity.
3.2.5 describe the value of audits and reviews.
3.3 People controls
The candidate can…
3.3.1 explain how to enhance information security through contracts and agreements.
3.3.2 explain how to attain awareness regarding information security.
3.4 Physical controls
The candidate can…
3.4.1 describe physical entry controls.
3.4.2 describe how to protect information inside secure areas.
3.4.3 explain how protection rings work.
3.5 Technical controls
The candidate can…
3.5.1 outline how to manage information assets.
3.5.2 describe how to develop systems with information security in mind.
3.5.3 name controls that ensure network security.
3.5.4 describe technical controls to manage access.
3.5.5 describe how to protect information systems against malware, phishing, and spam.
3.5.6 explain how recording and monitoring contribute to information security.
4 Legislation, regulations, and standards
4.1 Legislation and regulations
The candidate can…
4.1.1 give examples of legislation and regulations relating to information security.
4.2 Standards
The candidate can…
4.2.1 outline the ISO/IEC 27000, ISO/IEC 27001, and ISO/IEC 27002 standards.
4.2.2 outline other standards relating to information security.

This is one of the four exams you need to pass to earn the CDPP® diploma.