Who is this training for?
The training is intended for all candidates at all levels within the organization, who want to get a clear overview of the elements of ISO/IEC 27001:2013.
Training objectives
- Familiarize you with the principles and concepts of an information security approach to preserve the confidentiality, integrity and availability of information • Understand the risk management approach that supports ISO/IEC 27001 and the measures identified in Annex A of the standard and detailed in ISO/IEC 27002:2013
- Understand the benefits of an information security management approach • Assess the potential for applying this approach within your organization
Summary
This training allows you to familiarize yourself and see for yourself how implementing an information management system can optimize the implementation of security controls and ensure an understanding of responsibilities for information security.
Course outline
Introduction and certification
- Background
- ISO/IEC 27001 standard on information security
- Principles of an information security management system (ISMS)
- Process for certifying organizations to ISO/IEC 27001
- Steps for certification
- Application for applicability
- People certification system
- Benefits of certification to ISO/IEC 27001:2013.
Risk approach
- Risk management principles
- ISO 27001:2013 risk management requirements
- Risk management vs. benchmarks and objectives.
Content of ISO/IEC 27001:2013
- Organization context
- Leadership
- Planning
- Support
- Operation
- Performance evaluation
- Improvement
Approach and methodology
This training is based on an alternation of theoretical learning and concrete examples. During this training, you will learn the application of commonly used tools to illustrate concepts and ensure their understanding. The preferred style of animation is based on:
- The pooling of individual experiences.
- Interactions between participants.
Recommendations
Participants would benefit from learning about the fundamental principles of information security, including confidentiality, integrity, and availability. It is also helpful to have an overview of current information management practices in their organization.
