Course Overview
An internationally recognized best practice for an information security management system (ISMS), ISO/IEC 27001 helps organizations to build resilience and protect information. So it’s no surprise that companies invest in training their people to get the knowledge and skills to use ISO/IEC 27001 to secure their business.
If you’re new to ISO/IEC 27001 and need to take the lead on implementing a management system then this course is for you.
You will learn the importance of an ISMS and get the vital skills to interpret and implement the requirements, carry out a gap assessment, as well as gain awareness of management tools and techniques. The five-day course is packed with practical activities, group discussion and classroom learning to help you retain the knowledge to implement an effective management system. It includes an exam on the final day and upon successful completion you will be awarded with the BSI ISO/IEC 27001 Lead Implementer qualification.
Target Audience
Those who will be involved in advising top management on the introduction of ISO/IEC 27001 into an organization.
Those planning to lead and implement a system, or new to managing a system
Anyone working within information security, including consultants
Course Objectives
Course Objectives and Benefits
An understanding of effective information security management throughout an organization and therefore protection of your information (through integrity, confidentiality and availability) and those of your interested parties.
Develop vital processes, policies and procedures that can be put into practice immediately.
Create the framework for your own Information Security Management System (ISMS).
Gain knowledge to develop your ISMS framework and build awareness and support for information security across your organization.
Be confident that you have the capability to protect your business and meet stakeholder expectations.
Encourage continuous professional development across your organization.
The key concepts and principles of ISO/IEC 27001:2013.
The terms and definitions used.
The main requirements of ISO/IEC 27001:2013 Identify a typical framework for implementing ISO/IEC 27001 following the PDCA cycle.
Conduct a base line review of the organizations current position with regard to ISO/IEC 27001.
Interpret the requirements of ISO/IEC 27001 from an implementation perspective in the context of their organization.
Implement key elements of ISO/IEC 27001.
Explain the concepts of leadership, elements of project management, managing organizational change, skill sharing and support/motivation during the implementation.
Course Prerequisites
Five years of Experience including minimum 2 years of information security work experience
Expected Accomplishments
• Confidently implement and maintain an ISMS
• Be prepared with management tools and techniques
• Successfully carry out a gap analysis
• Network with likeminded peers
• Develop professionally and gain a recognized qualification
Course Outline
Day 1
Information Security Management(ISM)
Background to ISO 27001/ISO 27002
Clause 4: Context of the organization
Clause 5: Leadership
Clause 6: Planning
Clause 7: Support
Clause 8: Operation
Clause 9: Performance evaluation
Clause 10: Improvement
Day 2
What is an ISMS?
Terms and definitions
Implementing a management system
Requirements and documentation
Baseline gap analysis
Context
Interested Parties
Scope
Leadership
Summary
Day 3
Planning process
Risks and opportunities
Objectives and targets
Support
Operation
Monitoring, measurement, analysis and evaluation
Internal audit and management review
Nonconformity, corrective action process and improvement
Integration
Day 4
Leadership and management
Brainstorming
Eight disciplines problem solving
Ishikawa/Fishbone
Change management
Delegation
Support
Motivation
Specimen exam paper
Day 5
Final questions/revision
Evaluation
Introduction to the exam
Exam
Reflection and feedback
