Recent high-profile information security breaches and increased awareness of the value of information are highlighting the ever-increasing need for organizations to protect their information assets. An information security management system (ISMS) is a risk management approach to maintaining the confidentiality, integrity and availability of the organization’s information. This four day course leads you through a series of exercises following the requirements of ISO 27001:2005 for ISMS implementation. Key implementation exercises are supplemented by case study examples of techniques using both simple office tools and specialized information risk management software.
Who Should Attend?
This is not a technical IT security course; it is about information security management and is suitable for managers from a wide range of disciplines. Attendees should have a basic knowledge of business information systems, and competence in using normal office software tools (i.e. word processors, spreadsheets and presentation software).
Benefits To Your Business
You will learn practical information risk management techniques that cover the advice and requirements of the ISO 27000 series of standards for information security management; their relation to previous standards ISO 17799, BS 7799 and BS 25999 for business continuity management; and future developments in best practice. The ISO 27000 series is an emerging body of international standards designed to help you maintain information security in your organization. In the coming years, the ISO 27000 series will become a comprehensive body of documents providing a certification specification for information security management systems; and a body of documents providing guidance on security safeguards or controls, implementation, measurements or metrics, risk management and audit.
Course Structure
- Introduction to information security management systems (ISMS)
- Objectives of an ISMS
- Code of practice ISO 27002:2005
- Certification specification ISO 27001:2005
- Certification to ISO 27001:2005
- The ISO 27000 series of standards
- Defining the scope and boundaries of an ISMS
- Information security policy
- Information risk assessment
- Information risk management
- Implementing and operating the ISMS
- Monitoring and reviewing the ISMS
- Maintaining and improving the ISMS
- Management responsibility, audit, review and improvement
- Business continuity management
Next steps
For more information, please contact us or complete our training enquiry form.
