ISO 27001 ISMS

Course Overviewþ

In this five-day course, our experienced tutors teach you how to set up ISMS that conforms to ISO/IEC 27001:2013 in an organization.

You will cover the requirements of the standard and consider the state of your organization’s current information security management practices in preparation to put in ISMS.

We will help you develop your skills and understanding of the practicalities involved when setting up a typical management system framework that conforms to the standard. This includes learning how to set up policies, processes and procedures for your ISMS.

Additionally, you will also focus on developing your project management ability to lead a team with the implementation of ISMS in your business. This can be crucial if your ISMS will need to scale throughout your organization.

After attending the course and passing the examination, you will be able to play a pivotal role in ensuring your organization can set up ISMS that is compliant to ISO/IEC 27001:2013.

 

Course Objectivesþ

§   What is information security management (ISM)?

§   Why ISM is important to an organization

§   What are the benefits of ISM?

§   What is the background of ISM?

§   What are the key concepts and principles in ISO/IEC 27001:2013  What terms and definitions are used in the standard?

§   What are the main requirements of ISO/IEC 27001:2013? 

§   How to identify a typical framework to implement and ISMS compliant with ISO/IEC 27001:2013 following the Plan, Do, Check, Act (PDCA) cycle 

§   How to conduct a base line review of the organization’s current position about ISO/IEC 27001:2013

§   How to interpret the requirements of ISO/IEC 27001:2013 from an implementation perspective in the context of their organization

§   How to implement key elements of ISO/IEC 27001:2013

§   What are the concepts of leadership and managing organizational change?

§   Understanding project management, skill sharing, support and motivation during the implementation of an ISMS

 

Audienceþ  

This is intended for those who will be involved in advising top management on the introduction of ISO/IEC 27001:2013 into an organization. It is especially relevant for those who have the responsibility to lead the implementation of ISMS in a business or provide consultation on the subject.  

Suggested job roles and their teams include:

·        Information security managers

·        IT and corporate security managers

·        Corporate governance managers

·        Risk and compliance managers

·        Information security consultants

 

Course Contentsþ

DAY 1

·      Welcome & introductions

·      Course benefits

·      Aims, objectives & structure

·      Information security management

·      Background to ISO 27001 & ISO 27002

·      Clause 4: Context of the organization

·      Clause 5: Leadership

·      Clause 6: Planning

·      Clause 7: Support

·      Clause 8: Operation

·      Clause 9: Performance evaluation

·      Clause 10: Improvement

·      Learning application

 

DAY 2

·      What is an ISMS?

·      Terms & definitions

·      Implementing a management system

·      Requirements & documentation

·      Baseline gap analysis

·      Context

·      Interested parties

·      Scope

·       Leadership

 

DAY 3

·      Planning Process

·      Risks & opportunities

·      Objectives & targets

·      Support

·      Operation

·      Monitoring, measurement, analysis & evaluation

·      Internal audit & management review

·      Nonconformity, corrective action process & improvement

·       Integration

·       Planning Process

 

DAY 4

·      Leadership & management

·      Brainstorming

·      Eight disciplines

·      Problem solving

·      Ishikawa/Fishbone

·      Change management

·      Delegation

·       Support

 

DAY 5

·      Final questions/revision

·      Evaluation

·      Introduction to the exam

·      Exam

·       Reflection & feedback