ISMS Concepts

Information Security Management System Concepts course teaches delegates the fundamentals of auditing/implementing information security management systems to ISO 27001:2005 (BS 7799-2:2002) standard. This 3-day intensive course provides insight on Implementation and Audit methodology for the ISO 27001:2005 certification for an organization. It forms the foundation for delegates to take the internationally recognized courses and certifications to become ISO 27001 Lead Auditors or Lead Implementers – the first step in the increasingly important Information Security Management profession.

What will you learn?

  • The component parts of the Standard
  • How to manage information security?
  • How the individual components of the process fit together?
  • How to treat implementation as a project?
  • Common pitfalls
  • How to define and risk assess “information assets”?
  • How to manage risks in a way suitable to your organization?
  • The essential requirements for obtaining auditor approval, i.e. certification

Course Outline

THE 27001 STANDARD

  • Why do you need certification to ISO 27001?
  • What the Information Security Management System (ISMS) is and what it is trying to achieve

CONFIDENTIALITY, INTEGRITY, AVAILABILITY AND AUDIT

  • Overview of the stages of the ISMS
  • Defining an Information Security Policy
  • Defining the scope of the ISMS

IDENTIFYING INFORMATION ASSETS

  • What are information assets?
  • Creating an asset classification system

UNDERTAKING A RISK ASSESSMENT

  • Identifying asset values, threats and vulnerabilities
  • Creating a usable and simple risk methodology
  • Using risk tools
  • Practical exercise – undertaking a risk assessment
  • Results and conclusions resulting from an assessment

MANAGING RISK

  • Risk measurement
  • Risk reduction and acceptance techniques
  • Practical exercise - determining control objectives
  • Selecting control objectives and controls
  • Security in depth
  • ISO 27001 control objectives and controls
  • The application of countermeasures
  • Practical exercise – creating a workable countermeasure
  • Additional controls not in ISO 27001
  • Preparing a Statement of Applicability
  • The need to review and audit the ISMS

AUDITING

  • What does auditing achieve?
  • How should auditing be conducted?
  • Different types of audit
  • The phase 1 and 2 ISO 27001 audits

Register online now or Contact Us for more information. Click here to download flyer.

‹ Training CalendarupPast Trainings ›
» printer-friendly version
design by Ixis IT