The main objective of the course is to convey the purpose of applying the ISO 27001 standards in the context of information security. The course provides a clear understanding on how to effectively establish, implement, maintain and continually improve the information security management system. Also the foundation course will help you in doing advance level of course such as lead auditor, lead implementer and internal lead auditor.
About ISO 27001 Foundation & Implementation
Who can take this training?
Any working professional who have an interest in or are responsible for information security management, data management and data protection, corporate governance, risk and compliance, management systems, security, IT services, human resources, financial and accounting records and any business area that interacts with high risk private data.
Those professionals who have a minimum experience of 2 years in Information Technology Domain.
Professionals who have a role in implementation and auditing ISMS.
Information Security Management Representatives and core group members responsible for establishing, implementing, maintaining, auditing and improving ISMS.
Managers from organizations willing to implement, maintain and improve upon their ISMS as per ISO 27001:2013.
Management system consultants.
Those Organizations who want to safeguard their information from risks of attack, error and natural disaster, and other vulnerabilities inherent to its use.
These set of standards should also be implemented by those organizations who want to reassure customers and clients that their recommendations on security have been followed.
Course Outline
Introduction
Introduction to the course
Module 1 – Introduction to ISO 27001
Introduction & suggested reading
What is ISO 27001?
The structure of ISO 27001
Information security principles
Introduction to the Information Security Management System
Implementing ISO 27001 requirements
Implementing ISO 27001 as a project
Documenting ISO 27001 requirements
ISO 27001 Benefits
Module 2 – The planning phase
Introduction & suggested reading
Understanding your organization and its context
Understanding the needs and expectations of interested parties
Determining the scope of the ISMS
Leadership and commitment
Information Security Policy
Organizational roles, responsibilities and authorities
Information security objectives
Resources
Competence
Awareness
Communication
Documented information
Module 3 – Risk management
Introduction & suggested reading
Addressing risks and opportunities
Risk management process
Information security risk assessment – Risk identification
Information security risk assessment – Risk analysis and evaluation
Information security risk treatment
Statement of Applicability
Risk treatment plan
Module 4 – The Do phase
Introduction & suggested reading
Formulating the risk treatment plan
Implementing the risk treatment plan
Operational planning and control
Operating the ISMS
Managing outsourcing of operations
Controlling changes
Risk assessment review
Module 5 – The Check and Act phases
Introduction & suggested reading
Monitoring, measurement, analysis, and evaluation
Internal audit
Management review
Nonconformities and corrective actions
Continual improvement
Module 6 – Annex A – Control objectives and controls
Introduction & suggested reading
Introduction to Annex A – Reference control objectives and controls
Structure of Annex A
Information security policies
Organization of information security
Human resources security
Asset management
Access control
Cryptography
Physical and environmental security
Operational security
Communications security
System acquisition, development and maintenance
Supplier relationships
Information security incident management
Information security aspects of business continuity management
Compliance
Instructions for taking the exam and obtaining the certificate
Call Now- +91-921-276-0556
