This course enables participants to learn the best practices for implementing and managing an information security management system as specified in ISO/IEC 27001:2005 and the best practices for implementing information security measures from the 11 domains of ISO/IEC 27002:2005.
This course also enables the understanding of the relationship of ISO 27001 and ISO 27002 with ISO 27003 (Guidelines for the implementation of information security management systems), ISO 27004 (Measurement) and ISO 27005 (Information security risk management).
Course overview
- Understand the implementation of an Information Security Management System (ISMS) in accordance with ISO 27001
- Understand the relationship between an ISMS and compliance with the requirements of the various stakeholders of an organization (compliance, regulations, internal policy…)
- Know the concepts, approaches, standards, methods and techniques to effectively manage an Information Security Management System
- Acquire the required knowledge to contribute to the implementation of an Information Security Management System as specified in the ISO 27001
Course Curriculum
Day 1: introduction to the Information Security Management System (ISMS) concept as defined by ISO 27001
- Introduction to the ISO 27000 family of standards
- Introduction to management systems and the process approach
- Fundamental principles of information security
- General requirements: presentation of clauses 4 to 8 of ISO 27001
- Implementation phases of the ISO 27001 framework
- Continuous improvement of Information Security
- Conducting an ISO 27001″ certification audit
Day 2: implement information security measures in accordance with ISO 27002 and certification exam
- Definition of the perimeter (scope) of the ISMS
- ISMS Policy and Objectives Development
- Selection of the risk assessment approach and method
- Risk management: risk identification, analysis and treatment (according to ISO 27005)
- Drafting of the Declaration of Applicability
Method of Assessment
The “PECB Certified ISO/IEC 27001 Foundation” exam lasts 1 hour and is composed of single-choice questions. The exam covers the following areas of expertise:
- Domain 1: Fundamental principles and concepts of the Information Security Management System
- Domain 2: Information security management system
Training benefits
This training is based on alternating theoretical and practical sessions:
- Lectures illustrated with examples from real cases
- Classroom exercises to help prepare for the exam
- Practical tests similar to the certification exam
In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.
Who should attend?
- Members of an information security team
- Information security professionals who want to gain a comprehensive understanding of the main processes of an information security management system (ISMS)
- Personnel involved in the implementation of the ISO 27001 standard
- Technicians involved in ISMS operations
- Auditors
- Managers and executives in charge of IT governance and risk management
Entry Requirements
Basic knowledge of information security
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 10 working days before the start of the training.
To go further
This training course is designed to prepare you for the following training courses:
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.
Duration
2 days (14h)
Price
€1800 excl. tax.
Meal
Breakfast & lunch included
Financing
OPCO support