This intensive course allows participants to develop the expertise necessary to assist an organization in the implementation and management of an Information Security Management System (ISMS) as specified in ISO/IEC 27001 :2022. Participants will also be able to acquire a solid foundation regarding the good practices used for the implementation of information security measures from the areas of ISO 27002. This training complies with the good project management practices established by the ISO 10006 standard (Guidelines for quality project management). This training is fully compatible with ISO 27003 (Guidelines for the implementation of an ISMS), ISO 27004 (Measuring information security) and ISO 27005 (Managing information security risks).
If you would like to take this course by distance learning, click on the “Distance learning” button to find out more about the program.
Course overview
- Acquire a comprehensive understanding of the concepts, approaches, methods and techniques used for the effective implementation and management of an ISMS
- Understand the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
- Understand how an information security management system and its processes work in accordance with ISO/IEC 27001
- Learn how to interpret and implement the requirements of ISO/IEC 27001 in the specific context of an organization
- Develop the knowledge and skills needed to help an organization effectively plan, implement, manage, monitor and maintain an ISMS
Course Curriculum
Day 1: Introduction to the Information Security Management System (ISMS) concept as defined by ISO 27001; Initialization of an ISMS
- Introduction to management systems and the process approach
- Presentation of the ISO 27001, ISO 27002 and ISO 27003 standards, as well as the normative, legal and regulatory framework
- Fundamental principles of information security
- Preliminary analysis and determination of the maturity level of an existing information security management system according to ISO 21827
- Drafting of a feasibility study and a project plan for the implementation of an ISMS
Day 2: Plan the implementation of an ISMS based on ISO 27001
- Definition of the scope of the ISMS (field of application)
- Development of the ISMS policy and objectives
- Selection of the risk assessment approach and method
- Risk management: identification, analysis and treatment of risk (according to ISO 27005)
- Drafting of the Statement of Applicability
Day 3: Implementing an ISMS based on ISO 27001
- Establishment of a documentation management structure
- Design of security measures and drafting of procedures
- Implementation of security measures
- Development of a training and awareness program and communication about information security
- Incident management (according to ISO 27035)
- Management of ISMS operations
Day 4: Controlling, monitoring, measuring and improving an ISMS; ISMS certification audit
- Controlling and monitoring an ISMS
- Development of metrics, performance indicators and dashboards in accordance with ISO 27004
- ISO 27001 internal audit
- Management review of the ISMS
- Implementation of a continuous improvement program
- Preparation for the ISO 27001 certification audit
- Revisions
Method of Assessment
The “PECB Certified ISO/IEC 27001 Lead Implementer” exam is held on the 5th day of training and lasts 3 hours. The exam covers the following skill areas:
- Domain 1: Fundamental principles and concepts of information security
- Domain 2: Information security code of practice based on ISO 27002
- Domain 3: Plan an ISO 27001-compliant ISMS
- Domain 4: Implement an ISMS compliant with ISO 27001
- Domain 5: Performance assessment, monitoring and measurement of an ISO 27001-compliant ISMS
- Domain 6: Continuous improvement of an ISMS compliant with ISO 27001
- Domain 7: Preparation of the certification audit of an ISMS
Training benefits
This training is based on alternating theoretical and practical sessions:
- Lectures illustrated with examples from real cases
- Classroom exercises to help prepare for the exam
- Practical tests similar to the certification exam
In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.
Who should attend?
- Project managers or consultants who wish to prepare and assist an organization in the implementation of its Information Security Management System (ISMS)
- ISO 27001 auditors who wish to understand the process of implementing an Information Security Management System
- Managers and executives in charge of IT governance and risk management
- Members of an information security team
- Expert consultants in information technology
- Technical experts wishing to prepare for an information security or ISMS project management role
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 10 working days before the start of the training.
Entry Requirements
- Have knowledge of the ISO/IEC 27001 standard
- Have a good knowledge of information systems security
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.
To go further
This training course is designed to prepare you for the following training courses:
Duration
4,5 days (31 hours)
Price
€ 3 450 excl. tax.
Meal
Breakfast & lunch included
Financing
OPCO support
Course overview
- Acquire a comprehensive understanding of the concepts, approaches, methods and techniques used for the effective implementation and management of an ISMS
- Understand the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
- Understand how an information security management system and its processes work in accordance with ISO/IEC 27001
- Learn how to interpret and implement the requirements of ISO/IEC 27001 in the specific context of an organization
- Develop the knowledge and skills needed to help an organization effectively plan, implement, manage, monitor and maintain an ISMS
Course Curriculum
Session 1: Implementation of the ISMS
- Objectives and structure of the training
- Standards and regulatory frameworks
- Information Security Management System
Session 2: Establish the ISMS implementation plan
- Information Security Management System (continued)
- Concepts and fundamentals of Information Security
Session 3: Risk management
- Initiation to the implementation of the ISMS
- Understanding of the organization and its context
Session 4: Documentary repository
- Analysis of the existing system
- Project leadership and approval
- Scope of the ISMS
- Information Security Policy
Session 5: Implementing the ISMS
- Information Security Policy (continued)
- Risk management process
Session 6: Evaluation and improvement of the ISMS
- Risk management process (continued)
Session 7
- Organizational structure of Information Security
- Declaration of Applicability and management decision to implement the ISMS
- Design of security measures and drafting of specific policies and procedures
Session 8
- Implementation of security measures
- Definition of the document management process
Session 9
- Communication plan
- Training and awareness plan
- Operations management
Session 10
- Incident management
- Monitoring, measurement, analysis and evaluation
- Internal audit
Session 11
- Management Review
- Handling of problems and non-conformities
- Continuous improvement
Session 12
- Preparation for the certification audit
- Certification process and training completion
Principle planning
- 24 hours of lessons with the trainer, divided into 12 sessions of 2 hours each.
- 8h of personal work time on the e-learning platform
Method of Assessment
- Domain 1: Fundamental principles and concepts of information security
- Domain 2: Information security code of practice based on ISO 27002
- Domain 3: Plan an ISO 27001-compliant ISMS
- Domain 4: Implement an ISMS compliant with ISO 27001
- Domain 5: Performance assessment, monitoring and measurement of an ISO 27001-compliant ISMS
- Domain 6: Continuous improvement of an ISMS compliant with ISO 27001
- Domain 7: Preparation of the certification audit of an ISMS
The benefits of distance learning
- e-learning video sessions, most with quizzes analogous to the certification exam, to be taken by each participant
- distance learning sessions led by an expert trainer, with alternating theory and exercises, in groups and individually, ending with quizzes
- moments of exchange and sharing of experience adapted to the context of the learners
Who should attend?
- Project managers or consultants who wish to prepare and assist an organization in the implementation of its Information Security Management System (ISMS)
- ISO 27001 auditors who wish to understand the process of implementing an Information Security Management System
- Managers and executives in charge of IT governance and risk management
- Members of an information security team
- Expert consultants in information technology
- Technical experts wishing to prepare for an information security or ISMS project management role
Entry Requirements
- Have knowledge of the ISO/IEC 27001 standard
- Have a good knowledge of information systems security
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 10 working days before the start of the training.
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.
To go further
This training course is designed to prepare you for the following training courses:
Duration
35 hours
Price
2400€ excl. tax.
Financing
OPCO support