ISO/IEC 27001 FOUNDATION

About this ISO/IEC 27001 Foundation course

Without a formal information security management system, organizations are vulnerable and may have difficulty meeting their goals and protecting their information assets. ISO / IEC 27001 is the foundation of information security management and applies to all types of organizations. 

This intensive 3-day course provides a good understanding of the ISO / IEC 27001 information security management framework, basic concepts, benefits and considerations related to the implementation of a management system into Information Security. At the end of the course, participants will take the 40-minute exam to obtain the APMG International Certification ISO / IEC 27001 Foundation Certificate.

Course Objectives

• The scope, the perimeter and the use of the ISO/IEC 27001 standard
• Terminology and definitions used in the series of the ISO 27000 
• The fundamental requirements for an ISMS in ISO 27001 and the importance of continuous improvement 
• The ISO 27001 process, their objectives and high-level requirements
• The requirements of the standard in terms of applicability and scope
• The use of controls to reduce the risk of computer security
• The purpose of internal audits and external certification, their use and associated terminology
• The relationship with repositories of best practices and other international standards (ISO 20000 et ISO 9001)

Course Outline

Introduction, context and definitions

• What is de ISO/IEC 27001:2013 Standard?
• History and state of the art
• Definitions
• The certification ISO/IEC 27001:2013
• Why certification?

Key publications and concepts

• The standards of the ISO/IEC 2700x serie
• The framework of security management for information (SMSI)
• Deming-circle (PDCA)

Relations with other Standards

• Relation with the ISO 9001, ISO 14001, ISO 20000-1 standards
• Relations with other standards and regulations (PCI DSS, SOGP, FIPS, HIPAA, SOX, etc.)

Establishment, implementation, and operation of an ISMS

• The management of information security system (SMSI)
• The responsibility of the Management
• De internal audits of the SMSI
• The management review of the SMSI
• The continual improvement of the SMSI

Information Security Control

• Successful certification ISO 27001 within an organization
• The reason of audit
• The different types of audit
• The expected results of an audit
• Audit evidence to demonstrate compliance
• Preparation and participation of a certification audit
• Execution of an audit

Exam Preparation ISO 27001 Foundation

• Tips and tricks for passing the exam
• Blanc exam and group correction