ISMS – Information Security Management Systems – 2 days
ISMS – Information Security Management Systems – ISO 27001:2013. The information presented in this two day course forms the basis for a systematic and integrated approach to audit of an Information Security Management System (ISMS). It also enables participants to gain an understanding of the requirements of all the elements in ISO/IEC 27001:2013.
The course examines the compatibility of ISMS with other management systems and explains the significant features of ISMS and the terminology & methodology used in the ISO/IEC 27001:2013 Standard. The Delegate Manual provides plain English explanation, ISMS audit tools and sample checklists.
“ISMS is a systematic approach that ensures sensitive company information remains secure – your risk management process includes people, processes and systems and gives your customers confidence that you are deploying best practices”
Key Learning Objectives
Understand
- The intent and the requirements of each clause and its relationship with the organisation’s operational information security requirements and legal compliance requirements
- The documentation requirements, and gain the ability to analyse the interrelationships among various ISMS documents
- How ISMS planning, policy, objectives and processes are implemented according to the ISO/IEC 27001:2013 standard and in relation to the context of the organization
- The process of addressing improvements in the organization’s ISMS and verify that identified improvements are effectively managed
Review Risk Assessment
- Assess the effectiveness of an organisation’s information security Risk Assessment (RA) methodologies
- Analyse the controls identified in the Statement of Applicability (SOA) and the controls of the ISO/IEC 27001:2013 Annex A as they apply to the treatment of risk
- Assess the organisation’s operational control, information security RA and the implementation of the Risk Treatment (RT) plan
- Evaluate RA and RT results to ensure they are appropriately identified within the organization’s SOA
- Assess an organization’s monitoring, measurement, analysis and evaluation activities
ISMS – Information Security Management Systems – 2 days
ISMS – Information Security Management Systems – ISO 27001:2013. The information presented in this two day course forms the basis for a systematic and integrated approach to audit of an Information Security Management System (ISMS). It also enables participants to gain an understanding of the requirements of all the elements in ISO/IEC 27001:2013.
The course examines the compatibility of ISMS with other management systems and explains the significant features of ISMS and the terminology & methodology used in the ISO/IEC 27001:2013 Standard. The Delegate Manual provides plain English explanation, ISMS audit tools and sample checklists.
“ISMS is a systematic approach that ensures sensitive company information remains secure – your risk management process includes people, processes and systems and gives your customers confidence that you are deploying best practices”
Key Learning Objectives
Understand
- The intent and the requirements of each clause and its relationship with the organisation’s operational information security requirements and legal compliance requirements
- The documentation requirements, and gain the ability to analyse the interrelationships among various ISMS documents
- How ISMS planning, policy, objectives and processes are implemented according to the ISO/IEC 27001:2013 standard and in relation to the context of the organization
- The process of addressing improvements in the organization’s ISMS and verify that identified improvements are effectively managed
Review Risk Assessment
- Assess the effectiveness of an organisation’s information security Risk Assessment (RA) methodologies
- Analyse the controls identified in the Statement of Applicability (SOA) and the controls of the ISO/IEC 27001:2013 Annex A as they apply to the treatment of risk
- Assess the organisation’s operational control, information security RA and the implementation of the Risk Treatment (RT) plan
- Evaluate RA and RT results to ensure they are appropriately identified within the organization’s SOA
- Assess an organization’s monitoring, measurement, analysis and evaluation activities
