+38 (044) 334-68-26 | +38 (067) 181-85-46 info@pecb.com.ua
Schedule this Training

Mastering the implementation and management of an Information Security Management System (ISMS) based on ISO/IEC 27001

Summary

This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001:2013. Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO/IEC 27002. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems – Guidelines for Quality Management in Projects). This training is also fully compatible with ISO/IEC 27003 (Guidelines for the Implementation of an ISMS), ISO/IEC 27004 (Measurement of Information Security) and ISO/IEC 27005 (Risk Management in Information Security).

Who should attend?

  • Project managers or consultants wanting to prepare and to support an organization in the implementation of an Information Security Management System (ISMS)
  • ISO/IEC 27001 auditors who wish to fully understand the Information Security Management System implementation process
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of an information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an information security function or for an ISMS project management function

Learning objectives

  • To understand the implementation of an Information Security Management System in accordance with ISO/IEC 27001
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an Information Security Management System
  • To understand the relationship between the components of an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
  • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO/IEC 27001
  • To acquire the necessary expertise to manage a team implementing ISO/IEC 27001
  • To develop the knowledge and skills required to advise organizations on best practices in the management of information security
  • To improve the capacity for analysis and decision making in the context of information security management

Course Agenda

Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO/IEC 27001; Initiating an ISMS

  • Introduction to management systems and the process approach
  • Presentation of the standards ISO/IEC 27001, ISO 27002 and ISO 27003 and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and establishment of the level of the maturity level of an existing information security management system based on ISO 21827
  • Writing a business case and a project plan for the implementation of an ISMS

Day 2: Planning the implementation of an ISMS based on ISO/IEC 27001

  • Defining the scope of an ISMS
  • Development of an ISMS and information security policies
  • Selection of the approach and methodology for risk assessment
  • Risk management: identification, analysis and treatment of risk (drawing on guidance from ISO/IEC 27005
  • Drafting the Statement of Applicability

Day 3: Implementing an ISMS based on ISO/IEC 27001

  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of controls
  • Development of a training & awareness program and communicating about the information security
  • Incident management (based on guidance from ISO 27035)
  • Operations management of an ISMS

Day 4: Controlling, monitoring,measuring and improving an ISMS; certification audit of the ISMS

  • Controlling and Monitoring the ISMS
  • Development of metrics, performance indicators and  dashboards in accordance with ISO 27004
  • ISO/IEC 27001 internal Audit
  • Management review of an ISMS
  • Implementation of a continual improvement program
  • Preparing for an ISO/IEC 27001 certification audit

Day 5: Certification Exam

Prerequisites

ISO/IEC 27001 Foundation Certification or a basic knowledge of ISO/IEC 27001 is recommended.

Educational approach

This training is based on both theory and practice:

  • Sessions of lectures illustrated with examples based on real cases
  • Practical exercises based on a full case study including role playings and oral presentations
  • Review exercises to assist the exam preparation
  • Practice test similar to the certification exam

General Information

  • Certification fees are included in the exam price
  • A student manual containing over 450 pages of information and practical examples will be distributed to participants
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants
  • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
Search

Powered by themekiller.com anime4online.com animextoon.com apk4phone.com tengag.com moviekillers.com