About Course
ISO/IEC 27001 is the international standard that sets out the specification for an information security management system (ISMS). Its best-practice approach helps organisations manage their information security by addressing people, processes as well as technology. The fundamentals of ISO/IEC 27001 are three principles of information security, which are confidentiality, integrity and availability. An information security program should be designed to achieve one or more of these principles. ISMS covers the process of managing risks associated with the use of information technology, which it involves identifying, assessing, and treating risks to the confidentiality, integrity and availability of an organization's assets. By attending this course, you will gain an internationally recognized qualification that enables you to implement exceptional information security management standards within your organization.
Objectives:
-Gain knowledge to develop your ISMS framework, awareness and support for information security across the organization.
-Gain knowledge in protection of your information (through integrity, confidentiality and availability) and those of your interested parties.
-Knowledge of concepts, models, processes and terminologies related with ISO/IEC 27001 and ISO/IEC 27002 to be delivered for the understanding of conducting information security risk management for your organization.
Learning Outcome:
Upon completion of the training, delegates will attain the following knowledge and/or skills:
-The benefits of ISMS.
-The background of ISO/IEC 27001/2.
-The key concepts, terms and definition and principles of ISO/IEC 27001.
-Conduct a base line review of the organizations current position with regards to ISO/IEC 27001.
-Interpret the requirements of ISO/IEC 27001 from an implementation perspective in the context of the organization.
-Implement key elements of ISO/IEC 27001, e.g. information security risk management.
Course Outline:
The course covers tutorial, discussions and/or facilitated activities.
Day 1
-Getting Started and Requirements
-Why information Security Management?
-Information Security Facts
-Benefits of Information Security
-What is Information – CIA
-What needs to be managed in ISMS
-Background of ISO27001:2013
-Annex SL, Annex A & ISO 27002
-Clause 4 – Context of the Organization
-Clause 5 – Leadership
Day 2
-Summary of Day 1
-Clause 6 – Planning
-Risk Assessment Process
-Risk Treatment Process
-Annex A usage
-Statement of Applicability (SOA)
-Clause 7 – Support
-Clause 8 – Operations
-Clause 9 – Performance Evaluation
-Clause 10 – Improvement
-Certification Audit Stages
-Wrap-up and Questions
-End
Who Should Attend This Course?
-Those who will be involved in advising top management on the introduction of ISO/IEC 27001 into an organization.
-Designed for those with information security responsibility.
-Those planning to lead and implement a system, or new to managing a system.
-Anyone working within information security.