Course Summary
This course will provide delegates an in-depth understanding of information security, of the ISO 27001:2013 standard and its controls. It will help you identify your assets and determine the risks to these assets and their potential impact. It will help you to implement ISMS to protect and enhance the future performance of your organisation.
Who Should Attend?
- Those wishing to Implement an Information Security Management System (ISMS) in accordance with ISO 27001:2013
- Consultants who wish to provide advice on ISO 27001:2013 ISMS Auditing
- Security and quality professionals
- Anyone involved in the implementation, maintaining or supervising of an ISO 27001:2013 ISMS.
Course Objectives
By the end of the course, the learner will be able to:
- understand the information security management system definitions, concepts, and guidelines
- understand the intent and requirements of the ISO 27001:2013 standard
- understand the ISMS implementation stages, learn best-practice techniques, examine useful tools, and understand integration of the ISMS with other information security programs
- apply information security management principles to achieve continual ISMS improvement
- learn principles of ISMS auditing, make sense of an audit
- understand Executive Order (EO) and the role of the ISMS in achieving EO goals
- understand reporting requirements for the Office of Management and Budget
- understand how to use the generic templates provided for Implementing an ISO
Course Modules
- What an information security management system (ISMS) is and how it can help business
- Why companies are going for certification on ISO 27001:2013
- The basic certification processes
- Overview of the ISO 27001:2013 standard and its documentation requirements
- Asset & Access Controls
- Overview of Statement of Applicability
- Overview of a Risk Assessment and Treatment Plans
- To identify the requirements for an ISMS
- To explain the tools used to meet the requirements
- To assist people in attaining the skills to be able to implement an effective ISMS
- The control objectives in ‘Annex A’ of the ISO 27001:2013 Standard
- Receive homework (If Applicable)
- Final Questions/Review
- Exam/Assessment
Benefits
- This course is designed to assist employees in an organisation to minimise the time in attending a course and structured in a way that is efficiently understood.
- The courses controls will be explained in a practical sense, where if delegates do not understand IT terms, examples will be simplified.
- The ISO 27001:2013 standard will be read back to front including the Annexure A controls, with practical examples on auditing each clause and control along with implementing it.
- An organisations current ISMS or an example will be provided with templates to show how these will be used for implementation.
- The basics and awareness of ISO 27001 will also be discussed prior to the course.
- Books/Standards and templates for review will be provided for guidance.
Certification
- All delegates who successfully pass the assessment over 60% will be issued with a certificate of competence.
- If you receive lower than 60% a certificate of attendance will be issued.
Assessment
- There will be an assessment at the end of the course.
- Delegates have to complete the assessment with a minimum score of 70% to receive a certificate of competence.
- Delegates who score between 50% and 69% will get a second attempt at the assessment.
- Delegates who score lower than 50% or fail the second attempt, will need to repurchase the course.
- Delegates will receive an attendance certificate regardless of a pass or fail.