CISGP Certified Information Security Governance Professional

ISO/IEC 27001/2

A premium, governance-led programme that equips leaders and senior managers to design, lead, and implement an ISO/IEC 27001 Information Security Management System, supported by ISO/IEC 27002 controls, and prepare their organisation for certification.
"Lead, govern, and implement ISO/IEC 27001 with confidence — without getting lost in technical or audit-level detail."

Course Launches on March 2nd 2026

Why This Course Exists?

ISO/IEC 27001 is widely adopted, yet frequently misunderstood. Many organisations pursue certification without fully appreciating what the standard requires of senior management, how governance decisions directly shape the effectiveness of an Information Security Management System (ISMS), or why well-funded programmes still fail audits or deliver little real risk reduction.

In reality, accountability for ISO 27001 outcomes sits squarely with leaders and senior managers. However, most training focuses on technical implementation or auditor-level detail, leaving a critical gap in decision-making, oversight, and governance. The result is often over-scoped ISMSs, superficial risk assessments, poorly governed controls, and compliance that exists on paper rather than in practice.

The Certified Information Security Governance Professional (CISGP) course exists to close this gap. It equips leaders and senior managers with the insight, confidence, and practical capability to design, lead, and implement ISO/IEC 27001 effectively, supported by ISO/IEC 27002 controls, and to provide credible assurance at executive and board level.


At a Glance...

  • Duration: 30-day, governance-led ISO/IEC 27001 programme

  • Audience: Leaders and senior managers with accountability for information security

  • Outcome: End-to-end ISO 27001 implementation and certification readiness

  • Format: On-demand learning with live governance clinics

  • Assessment: MCQs plus a practical written assignment

  • Certification: Certified Information Security Governance Professional (CISGP)

  • CPD: 20 CPD points awarded


    • "CISGP is not an awareness course, a technical training programme, or a Lead Auditor qualification. It is a governance-led professional certification designed for those who must lead, oversee, and stand behind ISO/IEC 27001 outcomes."

    Who is This Course For?

     This course is designed for professionals who are accountable for outcomes, not just activity.
    Empty space, drag to resize

    Who CISGP is for
    CISGP is built for leaders and senior management who must make decisions, provide oversight, and take accountability for information security and ISO 27001 outcomes. It equips you with the mechanical understanding and governance capability to lead an ISO/IEC 27001 programme from scope and risk through to control governance and certification readiness.

    Ideal for:

    • Senior leaders and managers accountable for information security, operational resilience, risk, or compliance

    • CISOs, CIOs, Heads of IT, Heads of Risk, Compliance Leaders, Governance & Assurance professionals

    • Those sponsoring, directing, or overseeing ISO/IEC 27001 implementation and certification programmes

    • Professionals who need to confidently engage with certification bodies, auditors, and third-party consultants


    This course is not for:

    • Learners seeking a basic ISO 27001 awareness overview

    • Practitioners wanting step-by-step technical configuration guidance (e.g., firewall/IAM/SIEM setup)

    • Those seeking Lead Auditor credentials or formal audit qualification pathways


    What CISGP Enables You to Do

    On successful completion of CISGP, you will be able to:

    • Provide credible assurance to senior leadership and boards that information security risks are being managed effectively and in line with recognised international standards.

    • Design, lead, and implement an ISO/IEC 27001 Information Security Management System (ISMS) aligned to your organisation’s context, risk profile, and objectives.

    • Define and defend ISMS scope and governance arrangements, ensuring accountability, clarity of ownership, and audit readiness from the outset.

    • Oversee and challenge information security risk assessment and risk treatment, ensuring risks are meaningful, decisions are defensible, and controls are risk-driven.

    • Select, justify, and govern ISO/IEC 27002 controls, with a clear understanding of control intent, ownership, operation, and evidence expectations.

    • Prepare your organisation for ISO 27001 certification, including Stage 1 and Stage 2 audits, and engage confidently with certification bodies and auditors.

    • Avoid common ISO 27001 implementation failures, such as over-scoping, superficial risk registers, and checkbox compliance.

    Why CISGP is Different

    CISGP is different because it:

    • Focuses on governance-led implementation — equipping you to make, direct, and defend the decisions that determine whether an ISMS is effective and certifiable.

    • Teaches the mechanics without the weeds — you will understand how ISO/IEC 27001 and ISO/IEC 27002 work in practice, without being dragged into tool configuration or policy bureaucracy.

    • Builds real implementation capability — not just knowledge. You will leave able to scope an ISMS, oversee risk assessment and treatment, govern control selection, and prepare for certification.

    • Is designed for accountability — ideal for those who sponsor, lead, or oversee ISO programmes and must provide assurance to executive leadership and boards.

    • Includes professional assessment — combining knowledge checks with a practical written assignment to ensure competence, not just attendance.

    • Is delivered in a premium blended format — on-demand learning supported by live governance clinics, enabling direct engagement, challenge, and real-world application.

    CISGP is not a “tick-box ISO course”. It is a professional certification designed to help leaders implement ISO 27001 credibly, reduce risk in reality, and achieve certification with confidence.


    How the Course is Delivered

    The course is designed to be completed alongside full-time professional responsibilities.
    Empty space, drag to resize

    CISGP is delivered as a structured 30-day blended programme designed to fit the realities of senior leadership and management roles, combining flexibility with rigour and practical engagement.


    The course includes:

    • On-demand expert-led video learning
      Short, focused modules that can be completed at your own pace, providing clear explanations of ISO/IEC 27001 and ISO/IEC 27002 mechanics, governance requirements, and implementation realities.

    • Live weekly governance clinics (online)
      Interactive instructor-led sessions focused on real-world application, common failure patterns, and executive-level discussion. These sessions provide an opportunity to ask questions, test assumptions, and sense-check your approach to implementation and certification.

    • Knowledge checks (MCQ assessments)
      Scenario-based multiple-choice assessments at key points in the course to test understanding and reinforce correct application of concepts.

    • A practical written assignment
      A governance-led implementation exercise that brings the full ISMS lifecycle together, requiring you to demonstrate professional competence in leading and implementing ISO/IEC 27001 in practice.

    • Certification on successful completion
      Participants who successfully complete the assessments are awarded the Certified Information Security Governance Professional (CISGP) certification.

    This blended approach ensures CISGP is not just informative, but transformative — developing real capability, confidence, and credibility in ISO 27001 implementation and governance.


    Assessment & Certification Credibility

     Certification is awarded only where the required professional standard is met.
    Empty space, drag to resize

    CISGP is a professional certification programme. Certification is awarded based on demonstrated competence, not attendance.

    To achieve the Certified Information Security Governance Professional (CISGP) designation, participants must successfully complete:

    • Module knowledge checks (MCQs)
      Scenario-based multiple-choice assessments designed to test understanding of ISO/IEC 27001 and ISO/IEC 27002 concepts, governance expectations, and implementation mechanics.

    • A practical written assessment
      A governance-led implementation assignment requiring participants to apply the course content to a realistic organisational scenario. This assessment evaluates the ability to define ISMS scope, oversee risk assessment and risk treatment, justify control selection, and prepare an organisation for certification readiness.

    CISGP has been designed to ensure that successful candidates can credibly design, lead, and implement an ISO/IEC 27001 Information Security Management System (ISMS), supported by ISO/IEC 27002 controls, and provide meaningful assurance at senior management and board level.

    On successful completion, participants are awarded the CISGP certification and receive 20 Continuing Professional Development (CPD) points, reflecting the depth, rigour, and professional standard of the programme.

    Participants may use the CISGP designation in professional contexts, subject to the certification terms and conditions.

    Instructor Authority

     100% Success Rate with Client ISO27001 Certification Projects
    Empty space, drag to resize

    The CISGP course is designed and delivered by Paul C. Dwyer, a recognised authority in cybersecurity, compliance, and digital resilience.

    Paul is a certified and highly experienced ISO/IEC 27001 Lead Auditor and Lead Implementer, with extensive hands-on experience leading and overseeing successful ISO 27001 implementation and certification programmes across Europe, the United States, and Africa. His work spans a wide range of sectors, including healthcare, financial services, and large-scale technology and service providers, including Dell data centre environments.

    Paul has successfully led ISO/IEC 27001 implementation and certification programmes for regulated banking institutions in Nigeria, achieving a 100% client certification success rate in highly regulated and audit-intensive environments where governance, risk management, and assurance are critical.

    In addition to his technical and standards expertise, Paul works extensively at senior management and board level, advising organisations on information security governance, regulatory compliance, and operational resilience. This combination of real-world implementation experience and executive-level advisory work ensures that CISGP is grounded in practical delivery rather than theory.

    Participants benefit from instruction that reflects how ISO/IEC 27001 is implemented, governed, and assessed in practice, and what leaders must do to ensure certification delivers genuine risk reduction and lasting organisational value.