ISO 27001 Lead Implementer on Information Security Management System

Call 0777 318 120
Call 011 2556 402
Email: pdc@cicra.lk

Course introduction:

Information being a valuable asset and a building block is the key to the growth of any organization.
Information needs to be suitably protected like any other important business asset. In the modern world
this asset becomes crucial for success and maintaining credibility. If this asset is compromised then the
organization may have to face various threats and risks like brand image erosion, business disruption,
financial and productivity loss etc.

Information security is the protection of information from a wide range of threats in order to ensure
business continuity, minimize business risk, maximize return on investments and increase business
opportunities.

This lead implementer course on ISO 27001 equips professionals to gain an detailed understanding on
the ISO 27001 standard, supported by ISO 27002 – Code of practices on information security controls
and ISO 27003 – ISMS Implementation guidelines.

Course objectives:

  • To understand the implementation of an Information Security Management System in
    accordance to ISO/IEC 27001:2013
  • To understand the key differences between ISO 27001:2005 and ISO 27001:2013.
  •  To develop a risk assessment and a risk treatment methodology through the application
    of the ISMS controls and to prepare a Statement of Applicability (SoA).
  •  To identify a list of mandatory documents and records as per the ISO 27001:2013
    standard.
  • To understand how to effectively establish, implement, maintain and continually improve
    the information security management system.
  •  To plan and conduct internal audits and management reviews.

Course contents:

  • ISO/IEC 27001:2013 requirements along with implementation guidelines.
  •  Understanding the guidelines of ISO 27003 for
  • a. Company’s ISMS poilcy
    b. Framing scope statement
    c. Setting information security objectives and action plan for objectives
  •  Documentation requirements
  • Risk assessment and risk treatment
  •  Incident management
  • Business continuity management
  • Conducting Internal audits
  • Corrective action and effectiveness of corrective action.
  • Management review and continual improvement of ISMS
  • Classroom exercises
  • Case studies
  • Examination

Evaluation:

  • Participants will be assessed throughout the course for punctuality, presentation skills,
    interactive approach, involvement, role-play, daily tests etc. and finally through a 80
    marks written examination (open book) at the end of the course.
  • Minimum passing% criteria: 70%.

Issue of certificate:

  • TÜV SÜD certificate will be issued to participants only after successful completion based
    on performance during the course and in written examination.
  • Others who have not successfully completed the course will be issued a certificate of
    attendance

Duration: 5 days
Number of participants: Maximum 15 candidates in one batch

Target group

  • Project manager or consultant wanting to prepare and to support an organisation in the
    implementation of an Information Security Management System (ISMS)
  • Professionals who have a role in implementation and auditing ISMS
  • Person responsible for establishing, implementing, maintaining, auditing and improving
    ISMS in an organisation.
  •  Member of the Information Security team
  • Expert advisor in Information Technology
  •  Network and technology managers

Note : ISMS foundation training or prior knowledge about ISO 27001 standard is desirable. This
course is not for filling gaps in the knowledge about the standard; but for enhancing the knowledge
about the same with regards to implementation context.

 

 

Curriculum is empty