| Session |
From |
To |
Duration |
Days - Time |
|
| TBD |
TBD |
TBD |
TBD |
TBD |
|
Project manager or consultant wanting to prepare for and support an organization in the implementation of an Information Security Management System (ISMS)
• ISO27001 Auditor who wants to master the Information Security Management System
implementation process
• Person responsible for the information security or conformity in an organization
• Member of the information security team
• Expert advisor in information technology
• Technical expert wanting to prepare for an information security function or for an
ISMS project management function
At the end of this course, the participant will gain competencies in:
• Understanding the application of an Information Security Management System in the
ISO/IEC 27001:2005 context
• Mastering the concepts, approaches, standards, methods and techniques allowing
effective management of an Information Security Management System
• Understanding the relationship between an Information Security Management System,
including risk management and controls and compliance with the requirements of
different stakeholders of the organization
• Acquiring expertise to support an organization in implementing, managing
and maintaining an ISMS as specified in ISO/IEC 27001:2005
• Acquiring the expertise necessary to manage a team in implementing the ISO/IEC
27001:2005 standard
• Developing personal skills and knowledge required to advise organizations on best
practices in management of information security
• Improving the capacity for analysis and decision making in a context of information
security management
• ISMS Foundation training or a basic knowledge of ISO/IEC 27001:2005 and ISO/IEC
27002:2005 is recommended
• Certification: ISO/IEC 27001:2005 - ISMS Implementer
• Length of test: 180 minutes
• Passing score: 70%
• Languages: English
• Duration 3 Hours
• Credits: 35 CPE (Continuing Professional Education) Credits with be issued
• Module 1: Introduction to Information Security Management System (ISMS)
• Introduction to management systems and the process approach
• Detailed presentation of the standards ISO/IEC 27001:2005, ISO/IEC 27002:2005 and
ISO/IEC 27003:2009
• Fundamental principles of Information Security
• Preliminary analysis and determining the level of maturity of the existing
management of the Information Security based upon ISO/IEC 21827:2008
• Writing the business case and preliminary design of the ISMS
• Developing a project plan of compliance to ISO/IEC 27001:2005
• Module 2: Planning an ISMS based on ISO 27001
• Establishment of the Governance Framework
• Definition of roles & responsibilities
• Drafting of the ISMS policy
• Defining the scope of the ISMS
• Risk management according to ISO/IEC 27005:2008: identification, analysis and
treatment of risk
• Drafting the Statement of Applicability
• Module 3: Launching and implementing an ISMS based on ISO27001
• Implementation of a document management framework
• Design of controls and writing procedures
• Implementation of controls
• Development of a training & awareness program and communication around the
information security
• Incident Management according to ISO/IEC TR 18044:2004
• Operations management of an ISMS
• Module 4: Control, act and the certification audit of the ISMS according ISO/IEC 27001
• Monitoring controls and the management of records
• Development of metrics, performance indicators and the dashboard in
accordance with ISO/IEC 27004:2009
• Internal ISMS Audit
• Management review of the ISMS
• Implementation of a continuous improvement program
• Preparing for the ISO/IEC
