ISO 27001:2013 ISMS

ISMS 27001:2013 Awareness Training

Introduction

This ISO 27001 Information Security Awareness foundation training course is useful as an introduction for anyone involved in the development, implementation and management of an ISO 27001:2013 Information Security Management System (ISMS).

The aim of this course is to provide participants with an overview of the purpose and requirements of ISO 27001:2013 as a tool for business improvement.

Learning Objective

The Information Security Management Systems, or ISMS, standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

This one-day course begins with the understanding of the concept of Information Security Management, the requirements of ISO/IEC 27001:2013 certification standard, and its relation to the ISO 27000 series of standards for information security management.

Learning Outcome

  • By the end of this course, participants will be able to:Explain the purpose and intent of the ISO 27001.
  • Describe the requirements of the ISO 27001
  • Understand the key Information Security issues that need to be addressed by a business
  • Provide an ISMS implementation strategy for Senior Management
  • Deliver an Outline of an Information Security Management System ISO 27001 Information Security Awareness, once completed, participants will be able to register for an ISO 27001 Internal Auditor training course.

ISMS ISO 27001:2013 Internal Auditor

Who will benefit?

  • Project Managers, Engineers, Professionals in Information security Field, Technical Experts.
  • Document Controllers, Internal Auditors, and Implementation Managers in IT field.
  • IT Consultants, Management System / ISO / Consultants.
  • Students and Job seekers in Information Technology /Abroad Placements /Career Development.

Learning Objectives

Briefly describe what students will know and be able to do by the end of the course.

On completion successful students will have the knowledge and skills to:

Knowledge

Explain the purpose and Business benefits of information security management system, of information security management systems standards, of management system audit, of third party certification

Explain the role of an auditor to plan, conduct, report and follow up an information security management system audit in accordance with ISO 19011

Skills

Plan, conduct, report and follow-up an audit of a information security management system to establish conformity (or otherwise) with ISO 27001(with ISO/IEC 27002) and in accordance with ISO 19011, and ISO/IEC 17021.

Training Methodology

  • Lectures
  • Group Work
  • Case Studies
  • Discussions

Course Period

2 consecutive Days

Exam

There will be 1 hour exam at the last day of the training

Educational approach

This training is based on both theory and practice:

  • Sessions of lectures illustrated with examples based on real cases
  • Review exercises to assist the exam preparation
  • Practice test similar to the certification exam
  • To benefit from the practical exercises, the number of training participants is limited

Certificate of Achievement

EuroStar Certification Services will issue a certificate of achievement to successful Participants based on performance during the course.

ISMS 27001:2013 Lead Auditor

Why should you attend?

To attend this course, you should already have knowledge of the key Plan-Do-Check-Act (PDCA) cycle within management systems. You should also have knowledge of Information Security Management principles, concepts and specifically the requirements of ISO/IEC 27001:2013.

Our experienced tutors will teach you how to lead, plan, execute and report on an audit of an ISMS in an organization assessing its conformance with ISO/IEC 27001:2013.

Tutors on our Lead Auditor courses will expand on your existing knowledge of the standard and develop your skills and ability to lead a team to conduct audits of ISMS to the standard.

Through a combination of tutorials, syndicate exercises and role play, you will learn everything you need to know about how an ISMS audit should be run including conducting second and third-party audits.

Who should attend?

This is intended for those who will be involved in leading audits of ISMS that conforms to ISO/IEC 27001:2013 in any organization.

Suggested job roles and their teams include:

  • Information security managers
  • IT and corporate security managers
  • Corporate governance managers
  • Risk and compliance managers
  • Information security consultants

Learning Objective

  • What is the purpose and business benefits of an ISMS, ISMS standards, ISMS audits and third party certification
  • What is the role and skills required by an auditor when planning, conducting, reporting and following up on an ISMS audit in accordance with ISO/IEC 27001:2013, ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice for information security controls, ISO 19011:2011, Guidelines for auditing management systems and where applicable, ISO 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems
  • Your company will have an internal resource and process to be able to conduct its own audit of its ISMS to assess and improve conformance with ISO/IEC 27001:2013
  • You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ISMS in any organization that satisfies IRCA guidelines
  • Successful auditing will improve the protection of any organization’s private data to meet market assurance and corporate governance needs

Examination and Certification

The “Certified ISMS 27001 Lead Auditor” exam fully meets the requirements of the Examination and Certification Programme (ECP). The exam covers the following competency domains:

  • Domain 1: Fundamental principles and concepts of an Information Security Management System (ISMS)
  • Domain 2: Information security management system (ISMS)
  • Domain 3: Fundamental audit concepts and principles
  • Domain 4: Preparation of an ISMS 27001 audit
  • Domain 5: Conducting an ISMS 27001 audit
  • Domain 6: Closing an ISMS 27001 audit
  • Domain 7: Managing an ISMS 27001 audit program

Course Period

5 Consecutive Days

Course Agenda – Day 1

Day 1: Introduction to Information Security Management System (ISMS)

  • Course objectives and structure
  • Standard and regulatory framework
  • Certification process Fundamental principles of environmental management
  • Information Security Management System (ISMS)

Course Agenda – Day 2

Day 2: Audit principles, preparation and launching of an audit

  • Fundamental audit concepts and principles
  • Audit approach based on evidence and risk
  • Initiating the audit
  • Stage 1 audit
  • Preparing the stage 2 audit (on-site audit)

Course Agenda – Day 3

Day 3: On-site audit activities

  • Stage 2 audit
  • Communication during the audit
  • Audit procedures
  • Creating audit test plans
  • Drafting audit findings and non-conformity reports

Course Agenda – Day 4

Day 4: Closing the audit

  • Documentation of the audit and quality review closing the audit
  • Evaluating action plans by the auditor
  • Beyond the initial audit
  • Managing an internal audit programme
  • Competence and evaluation of auditors
  • Closing the training

Course Agenda – Day 5

Certificate Exam

Certificate of Achievement

EuroStar Certification Services will issue a certificate of achievement to successful Participants based on performance during the course.

Educational approach

This training is based on both theory and practice:

  • Sessions of lectures illustrated with examples based on real cases
  • Review exercises to assist the exam preparation
  • Practice test similar to the certification exam