ISO / IEC 27001 provides a reliable Framework to protect your Information against Cybercrime, improve Corporate Governance, and recover from Security incidents.
Without a formal information security management system, organizations are vulnerable and may have difficulty meeting their goals and protecting their information assets. ISO / IEC 27001 is the foundation of information security management and applies to all types of organizations.
This intensive 3-day course provides a good understanding of the ISO / IEC 27001 information security management framework, basic concepts, benefits and considerations related to the implementation of a management system into Information Security. At the end of the course, participants will take the 40-minute exam to obtain the APMG International Certification ISO / IEC 27001 Foundation Certificate.
This intensive three-day training will help you to understand:
De scope, the perimeter and the use of the ISO/IEC 27001 standard
Terminology and definitions used in the series of the ISO 27000
The fundamental requirements for an ISMS in ISO 27001 and the importance of continuous improvement
The ISO 27001 process, their objectives and high-level requirements
The requirements of the standard in terms of applicability and scope
The use of controls to reduce the risk of computer security
The purpose of internal audits and external certification, their use and associated terminology
The relationship with repositories of best practices and other international standards (ISO 20000 et ISO 9001)
Introduction, context and definitions
What is de ISO/IEC 27001:2013 Standard?
History and state of the art
The certification ISO/IEC 27001:2013
Key publications and concepts
The standards of the ISO/IEC 2700x serie
The framework of security management for information (SMSI)
Relations with other Standards
Relation with the ISO 9001, ISO 14001, ISO 20000-1 standards
Relations with other standards and regulations (PCI DSS, SOGP, FIPS, HIPAA, SOX, etc.)
Establishment, implementation, and operation of an ISMS
The management of information security system (SMSI)
The responsibility of the Management
De internal audits of the SMSI
The management review of the SMSI
The continual improvement of the SMSI
Information Security Control
Successful certification ISO 27001 within an organization
The reason of audit
The different types of audit
The expected results of an audit
Audit evidence to demonstrate compliance
Preparation and participation of a certification audit
Execution of an audit
Exam Preparation ISO 27001 Foundation
Tips and tricks for passing the exam
Blanc exam and group correction
Who should attend ?
To those who are involved in the implementation, management and maintenance of an Information Security Management System
To individuals who are required to audit Information security management system and who need a basic understanding of the standard
Those who work in an organization with an ISMS, that this organization is already certified ISO 27001 or she plans to be certified.
To those who then want to continue with the Practitioner training and certification.