Duration: 2 days – 14 hrs
Overview
The Information Security Management Systems, or ISMS, standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
This two-day course begins with the understanding of the concept of Information Security Management, the requirements of ISO/IEC 27001:2013 certification standard, and its relation to the ISO 27000 series of standards for information security management. This Internal Auditor course is based on the principles of ISO 19011:2011. It is designed for those people who wish to understand and conduct internal audit assessments to the ISO/IEC 27001:2013 certification standard and its relation to the ISO 27000 series of standards for information security management.
Objectives
- To gain an understanding of the ISO/IEC 27001:2013 requirements
- Prepare, conduct and follow-up on ISO/IEC 27001:2013 audit activities
- Gain the skills to assess an organization’s capability to manage its ISMS
- Write factual audit reports
Audience
- Managers or executives responsible for the security and confidentiality of their business-critical information
- Those people who wish to understand and conduct internal audit assessments to the ISO 27001:2005 certification standard and its relation to the emerging ISO 27000 series of standards for information security management
Pre- requisites
- Basic familiarity with information technology and security concepts is recommended.
- No prior experience with ISMS or ISO 27001 is required.
Course Content
- Introduction to information security management systems
- Objectives and benefits of an ISMS
- Key Principles and Concepts of the ISMS
- Code of practice ISO/IEC 27002:2013
- Certification specification ISO/IEC 27001:2013
- Certification to ISO/IEC 27001:2013
- The ISO 27000 series of standards
- Essentials of the Standard
- The ISMS Audit Planning
- The ISMS Audit Preparation
- Conducting an ISMS Audit
- Recording the results
- Root Cause Identification
- Presenting reports
- Conducting Audit Follow-Up