Who is this training for?
This training is intended for all managers and professionals who are involved, directly or indirectly, in improving the effectiveness of information security controls.
Training objectives
- Understand the principles and concepts of an information security approach to preserve the confidentiality, integrity and availability of information
- Understand the benefits of an information security management approach
Summary
This course aims to deepen the concepts related to objectives and baseline measures (Appendix A) in order to understand how to implement an information security management system.
Course outline
A look back at ISO/IEC 27001:2013
- ISO/IEC 27001 standard on information security
- Principles of an information security management system (ISMS)
- Risk management.
Review of the objectives and baseline measures of ISO 27001:2013 (Annex A).
Details of ISO/IEC 27002:2013, Code of Practice for Information Security Management
- A5: Information Security Policy
- A6: Information Security Organization
- A7: Human Resources Security
- A8: Asset Management
- A9: Access Control
- A10: Cryptography
- A11: Physical and Environmental Security
- A12: Operational Security
- A13: Communications Security
- A14: Acquisition, Development and Maintenance of Information Systems
- A15: Supplier Relations
- A16: Information Security Incident Management
- A17: Information Security Aspect of Business Continuity Management
- A18: Compliance
Approach and methodology
This training is based on an alternation of theoretical learning and concrete examples. During this training, you will learn the application of commonly used tools to illustrate concepts and ensure their understanding. The preferred style of animation is based on:
- The pooling of individual experiences.
- Interactions between participants.
Prerequisites
ISO/IEC 27001:2013 - Awareness of the standard or equivalent content
Recommendations
It is recommended that participants have a basic understanding of information security risk management concepts. A preliminary reflection on the existing controls and practices in their work environment will make it possible to better contextualize the learning.
