(Click Category to List Courses)
28 - ISO - ISO (Standardization) Programs
ISO 103 - ISO 27001 Information Security Management System (ISMS)
Code | Start Date | Duration | Venue | |
---|---|---|---|---|
ISO 103 | 21 October 2024 | 5 Days | Istanbul | Registration Form Link |
ISO 103 | 25 November 2024 | 5 Days | Istanbul | Registration Form Link |
ISO 103 | 30 December 2024 | 5 Days | Istanbul | Registration Form Link |
Course Description
ISO 27001 standard provides a framework to assure the effectiveness of the information security measures in the work, this includes the continued accessibility, confidentiality and integrity of the information in whatever form it is held. This course enables participants to be familiar with the basic concepts of the implementation and management of an Information Security Management System (ISMS) as specified in ISO 27001. The components of ISMS will be discussed in this course, including the ISMS policy, risk management, measuring performance, management’s commitment, internal audit, management review and continual improvement.
Course Objectives
- Being familiar with the basics of information security
- Knowing what information security management system (ISMS) is and how it can help business
- Understanding the development, history, and current status of ISO 27001
- Understanding the registration process
- Estimating costs and resources to implement an ISMS
- Understanding the available information security controls
Who Should Attend?
- Supervisors
- Managers
- Executives
- Members of IT team
- Technicians involved in operations related to an ISMS
- Anyone who is involved in ISO standards
Course Details/Schedule
Day 1
- Fundamental principles of Information Security
- Overview of what is meant by ISMS and the basic constituents of an ISMS
- Introduction to the ISO 27000 family of standards
- Presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
- Explanation of how an ISMS can help
Day 2
- General requirements: presentation of the clauses 4 to 8 of ISO 27001
- Identifying and evaluating assets
- Defining the scope of an ISMS
- Development of an ISMS and information security policies
- Selection of the approach and methodology for risk assessment
- Risk management: identification, analysis and treatment of risk
Day 3
- Drafting the Statement of Applicability (SoA)
- Implementation phases of ISO 27001 framework
- Implementation of a document management framework
- Principles and design of information security controls
- Writing procedures
- Implementation of controls
Day 4
- Incident management
- Operations management of an ISMS
- Documentation of an information security control environment
- Monitoring and reviewing the information security controls
- Development of metrics, performance indicators and dashboards
- ISO 27001 internal Audit
- Management review of an ISMS
Day 5
- Continual improvement of Information Security
- Implementation of a continual improvement program
- Preparing for an ISO 27001 certification audit
- Conducting an ISO 27001 certification audit
- Examples of implementation of information security controls based on ISO 27002 best practices