Globalization of the economy has lead to a growing exchange of information between organizations, their employees, customers, suppliers and a growing use of networks, such as the internal company network, connection with the networks of other companies and the internet.
Furthermore, activities of many companies now completely rely on IT and thus information has become a valuable business asset. Protection of information is crucial for the continuity and proper functioning of the organization.
ISO/IEC 27001:2013 standard is a widely respected and referenced standard and provides a framework for the organization and management of an information security program.
Implementing a program based on this standard will serve an organization well in its goal of meeting many of the requirements faced in today’s complex operating environment.
A strong understanding of this standard is important to the personal development of every information security professional.
Why should you take this training?
This training program will help the candidate to increase their implementation knowledge of ISO/IEC 27001:2013 information security clauses with required and appropriate security controls and its objectives.
This training program will also help the candidate with an understanding of establishing, conducting and reporting audit outcomes.
The purpose of this training is:
- To provide the candidate with a complete understanding of the requirements of the ISO/IEC 27001:2013 standard;
- To provide the candidate with a step-by-step comprehensive implementation knowledge of the required clauses of the standard, its policies, procedures, guidelines, templates and checklists;
- To provide the candidate with a complete understanding of how to identify the organization risk with regards to information security controls, assess the identified risk and deploy a mitigation plan;
- To provide the candidates with a complete understanding of setting-up an organization audit program, conduct the audit and report the same to senior leadership team while setting corrective and preventive actions to mitigate the non-compliances.
Who should attend this training?
This program is ideally suited to those in a variety of job roles including:
- Data Privacy professionals
- Information Security and IT professionals
- Information System and Security Auditors
- Compliance Officers, Legal Counsels
- Designated Data Protection Officers
- Senior Management / Leadership roles
What you will learn in this training?
This training program prepares the candidate to learn information security controls in-line with the requirements of the ISO/IEC 27001:2013 standard.
Subsequently, the candidate will learn how to conduct an organization-wide risk assessment to identify and implement the security controls and its objectives, how to set-up an audit program, reporting the audit outcomes to its senior leadership teams and continuously improving the information security management system (ISMS) of an organization.
Course duration: 4-days of Learning. (Each day is about 8 hours).
Bloom Level: BL3, BL4, BL5 and BL6
ISO/IEC 27000:2018 Standard Overview and Vocabulary
- What is an ISMS?
- Process approach
- Why is an ISMS important?
- Establishing, monitoring, maintaining and improving an ISMS
ISMS Family of Standards
- Standards specifying requirements
- Standards describing general guidelines
- Standards describing sector-specific guidelines
ISO/IEC 27001 Information Security Management Systems Requirements
- Context of the organization
- Performance evaluation
ISO/IEC 27002:2013 Code of Practice for Information Security Controls
- Structure of this standard
- Information security policies
- Organization of information security
- Human resource security
- Asset management
- Access control
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
ISO/IEC 27005:2018 Information Security Risk Management
- Overview of information security risk management
- Context establishment
- Information security risk assessment
- Information security risk treatment
- Information security risk acceptance
- Information security risk communication and consultation
- Information security risk monitoring and review
- Scope and boundaries of information security risk management process
- Identification and valuation of assets and impact assessment
- List of typical threats
- Vulnerabilities and methods for assessment
- Information security risk assessment approaches
ISO/IEC 27007:2020 Auditing Information Security Management Systems Guidelines
- Principles of auditing
- Managing an audit program
- Conducting an audit
- Competence and evaluation of auditors
- Guidance for ISMS auditing practice
ISO/IEC 27001:2013 Certification Process
- Introduction to certification process
- Identifying certification agency
- Announcing certification outcomes
- Maintaining the certification
How you will learn?
This training program is delivered in a classroom or online setting using case study and class exercises that are designed to enhance the participants’ interpretation of ISO/IEC 27001:2013 Information Security Management standard.
Candidates, who complete this training program, are suitably prepared to take the 1WCERT ISO/IEC 27001:2013 Information Security Management System Lead Auditor and Lead Implementer Expert certification exam.
Supporting material for this training:
Candidates will receive an electronic copy (PDF) of the training program slides deck along with classroom notes, case study and sample exam preparation questions.
An integral part of the training material is free 90 days access to our online LMS (Learning Management System).
What are the prerequisites for this training?
For this course, the candidate has completed the ISO/IEC 27001:2013 Foundation training and passed the exam.
On passing the 1WCERT exam you become, ISO/IEC 27001:2013 Information Security Management System Lead Auditor and Lead Implementer Expert certified.