ISO/IEC 27001 is the international standard that sets out the specification for an information security management system (ISMS). Its best-practice approach helps organizations manage their information security by addressing people, processes as well as technology. The fundamentals of ISO/IEC 27001 are three principles of information security, which are confidentiality, integrity and availability. An information security program should be designed to achieve one or more of these principles. ISMS covers the process of managing risks associated with the use of information technology, which it involves identifying, assessing, and treating risks to the confidentiality, integrity and availability of an organization’s assets. By attending this course, you will gain an internationally recognized qualification that enables you to implement exceptional information security management standards within your organization.
- Gain knowledge to develop your ISMS framework, awareness and support for information security across the organization.
- Gain knowledge in protection of your information (through integrity, confidentiality and availability) and those of your interested parties.
- Knowledge of concepts, models, processes and terminologies related with ISO/IEC 27001 and ISO/IEC 27002 to be delivered for the understanding of conducting information security risk management for your organization.
Upon completion of the training, delegates will attain the following knowledge and/or skills:
- The benefits of ISMS.
- The background of ISO/IEC 27001/2.
- The key concepts, terms and definition and principles of ISO/IEC 27001.
- Conduct a base line review of the organizations current position with regards to ISO/IEC 27001.
- Interpret the requirements of ISO/IEC 27001 from an implementation perspective in the context of the organization.
- Implement key elements of ISO/IEC 27001, e.g. information security risk management.
The course covers tutorial, discussions and/or facilitated activities.
- Getting Started and Requirements
- Why information Security Management?
- Information Security Facts
- Benefits of Information Security
- What is Information – CIA
- What needs to be managed in ISMS
- Background of ISO27001:2013
- Annex SL, Annex A & ISO 27002
- Clause 4 – Context of the Organization
- Clause 5 – Leadership
- Summary of Day 1
- Clause 6 – Planning
- Risk Assessment Process
- Risk Treatment Process
- Annex A usage
- Statement of Applicability (SOA)
- Clause 7 – Support
- Clause 8 – Operations
- Clause 9 – Performance Evaluation
- Clause 10 – Improvement
- Certification Audit Stages
- Wrap-up and Questions
Who Should Attend This Course?
- Those who will be involved in advising top management on the introduction of ISO/IEC 27001 into an organization.
- Designed for those with information security responsibility.
- Those planning to lead and implement a system, or new to managing a system.
- Anyone working within information security.
- There is no formal pre-requisites prior attending to this course.
- This is a two-days course from 0900-1700 (Face to face or Remote Online Training is available upon request).
Training With Sincera Mayle Consulting Means:
- Delegates will be trained by experienced tutors who are passionate to share their knowledge.
- Reliable and trusted experts with years of hands-on experience to enhance delegates’ learning curve.
Find Out More With Us:
If want to learn more about next steps, contact us for following training courses:
- Information Security Management System (ISO/IEC 27001) Internal Auditor
- Exemplar Global Certified Information Security Management System (ISO/IEC 27001) Lead Auditor