This three day ISO/IEC 27001 Foundation training course will introduce delegates to the requirements and principles of ISO/IEC 27001, providing delegates with an awareness of the issues and challenges involved in implementing an information security management system.
This practical foundation course is designed to provide an introduction to information security management (ISM) systems as set out in ISO/IEC 27001:2013.
There are no pre-requisites. However, we recommend that all delegates familiarise themselves with BS ISO_IEC 27001_2013, and BS ISO_IEC 27002_2013.
Security and IT professionals, those responsible for risk and audit or project managers responsible for ISO27001 compliance programmes.
- The detailed requirements of ISO/IEC 27001:2013
- How to identify information assets
- How to identify the threats, vulnerabilities and risks associated with Assets
- How to Plan the ISMS implementation program: Timescales and resources. Risk assessment and management, Producing a Statement of Applicability and Documentation, monitoring and auditing
- Preparing for certification
- Sources of information and further development
- Why do you need certification to ISO 27001?
- The relationship between ISO27001, and ISO27002
- What the Information Security Management System (ISMS) is and what it is trying to achieve; Confidentiality, integrity, availability, plus audit
- Over view of the stages of the ISMS
- Defining an Information Security Policy
- Defining the scope of the ISMS
- What are information assets, and identifying them?
- Conducting risk assessments, Identifying asset values, threats and vulnerabilities, Practical exercise - under taking a risk assessment and Managing risk
- Risk measurement
Results and conclusions resulting from an assessment
Risk reduction and acceptance techniques
- Determining control objectives
- Selecting control objectives and controls
- Information Security Overview
- ISO 27001/ ISO27002 control objectives and controls
- The application of countermeasures, Creating a workable countermeasure
- Preparing a Statement of Applicability
- Auditing the ISMS, What does auditing achieve? How should auditing be conducted? and Different types of audit
- Preparing for formal certification audits
- The phase 1 and 2 ISO 27001 audits
- Maintaining Certification
Please note, this course does not include ISO27001 Lead Auditor training modules.