This training enables you to develop the necessary expertise to support an organization in establishing, implementing, managing, and maintaining an Information Security Management System (ISMS) based on ISO/IEC 27001. During this training course, you will also gain a thorough understanding of the best practices of Information Security Management Systems to secure the organization`s sensitive information and improve the overall performance and effectiveness.
- Quality Management
- Quality Controllers
- Managers or Consultants Involved in Information Security Management
- Expert Advisors Seeking to Master the Implementation of an Information Security Management System
- Individual Responsible for Maintaining Conformance with ISMS requirements
- ISMS team members
At the end of this course the participants will be able to:
- Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
- Master the concepts, approaches, methods, and techniques used for the implementation and effective management of an ISMS
- Learn how to interpret the ISO/IEC 27001 requirements in the specific context of an organization
- Learn how to support an organization to effectively plan, implement, manage, monitor and maintain an ISMS
- Acquire the expertise to advise an organization in implementing Information Security Management System best practices
- Information security management
- Vulnerability assessment and management
- Developing IT policies and procedures
- Quality Assurance
- ISO 27001:2013
Unit 1: Introduction to ISO/IEC 27001 and Initiation of an ISMS:
- Standards and regulatory frameworks
- Information Security Management System
- Initiating the implementation of an ISMS
- Understanding the organization and clarifying the Information Security objectives
- Analysis of the existing management system
Unit 2: Plan The Implementation of an ISMS:
- Leadership and approval of the ISMS project
- ISMS scope
- Information Security policies
- Risk assessment
- Statement of applicability and top management’s decision to implement the ISMS
- Definition of the organizational structure of Information Security
Unit 3: Implementation of an ISMS:
- Definition of the document management process
- Design of security controls and drafting of specific policies & procedures
- Communication plan
- Training and awareness plan
- Implementation of security controls
- Incident management
- Operations Management
Unit 4: ISMS Monitoring, Measurement, Continuous Improvement, and Preparation for a Certification Audit:
- Monitoring, measurement, analysis, and evaluation
- Internal audit
- Management review
- Treatment of non-conformities
- Continual improvement
- Preparing for the certification audit
- Competence and evaluation of implementers
Unit 5: Maintaining the Certification:
- Keeping the certification.
- Improving the management system.
- Top management leadership and example.
- Keep the management system updated.
- Until the next surveillance audit.
- What is the surveillance audit?