This intensive course allows participants to develop the expertise necessary to assist an organization in the implementation and management of an Information Security Management System (ISMS) as specified in ISO/IEC 27001 :2022. Participants will also be able to acquire a solid foundation regarding the good practices used for the implementation of information security measures from the areas of ISO 27002. This training complies with the good project management practices established by the ISO 10006 standard (Guidelines for quality project management). This training is fully compatible with ISO 27003 (Guidelines for the implementation of an ISMS), ISO 27004 (Measuring information security) and ISO 27005 (Managing information security risks).
Course overview
- Acquire a comprehensive understanding of the concepts, approaches, methods and techniques used for the effective implementation and management of an ISMS
- Understand the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
- Understand how an information security management system and its processes work in accordance with ISO/IEC 27001
- Learn how to interpret and implement the requirements of ISO/IEC 27001 in the specific context of an organization
- Develop the knowledge and skills needed to help an organization effectively plan, implement, manage, monitor and maintain an ISMS
Course Curriculum
Day 1: Introduction to the Information Security Management System (ISMS) concept as defined by ISO 27001; Initialization of an ISMS
- Introduction to management systems and the process approach
- Presentation of the ISO 27001, ISO 27002 and ISO 27003 standards, as well as the normative, legal and regulatory framework
- Fundamental principles of information security
- Preliminary analysis and determination of the maturity level of an existing information security management system according to ISO 21827
- Drafting of a feasibility study and a project plan for the implementation of an ISMS
Day 2: Plan the implementation of an ISMS based on ISO 27001
- Definition of the scope of the ISMS (field of application)
- Development of the ISMS policy and objectives
- Selection of the risk assessment approach and method
- Risk management: identification, analysis and treatment of risk (according to ISO 27005)
- Drafting of the Statement of Applicability
Day 3: Implementing an ISMS based on ISO 27001
- Establishment of a documentation management structure
- Design of security measures and drafting of procedures
- Implementation of security measures
- Development of a training and awareness program and communication about information security
- Incident management (according to ISO 27035)
- Management of ISMS operations
Day 4: Controlling, monitoring, measuring and improving an ISMS; ISMS certification audit
- Controlling and monitoring an ISMS
- Development of metrics, performance indicators and dashboards in accordance with ISO 27004
- ISO 27001 internal audit
- Management review of the ISMS
- Implementation of a continuous improvement program
- Preparation for the ISO 27001 certification audit
- Revisions
Method of Assessment
The “PECB Certified ISO/IEC 27001 Lead Implementer” exam is held on the 5th day of training and lasts 3 hours. The exam covers the following skill areas:
- Domain 1: Fundamental principles and concepts of information security
- Domain 2: Information security code of practice based on ISO 27002
- Domain 3: Plan an ISO 27001-compliant ISMS
- Domain 4: Implement an ISMS compliant with ISO 27001
- Domain 5: Performance assessment, monitoring and measurement of an ISO 27001-compliant ISMS
- Domain 6: Continuous improvement of an ISMS compliant with ISO 27001
- Domain 7: Preparation of the certification audit of an ISMS
Training benefits
This training is based on alternating theoretical and practical sessions:
- Lectures illustrated with examples from real cases
- Classroom exercises to help prepare for the exam
- Practical tests similar to the certification exam
In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.
Who should attend?
- Project managers or consultants who wish to prepare and assist an organization in the implementation of its Information Security Management System (ISMS)
- ISO 27001 auditors who wish to understand the process of implementing an Information Security Management System
- Managers and executives in charge of IT governance and risk management
- Members of an information security team
- Expert consultants in information technology
- Technical experts wishing to prepare for an information security or ISMS project management role
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 10 working days before the start of the training.
Entry Requirements
- Have knowledge of the ISO/IEC 27001 standard
- Have a good knowledge of information systems security
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.
To go further
This training course is designed to prepare you for the following training courses:
Duration
4,5 days (31 hours)
Price
€ 3 450 excl. tax.
Meal
Breakfast & lunch included
Financing
OPCO support