Course Outline in PDF

Overview:

The course is designed to involve delegate participation, and there are many exercises of differing styles, based primarily on a detailed case study. Styles include lectures, discussions, individual exercises, group exercises and role-play.

Who Should Attend:

Those with an interest / responsibility for information security
•IT, Financial and HR Management
•Computer Auditors
•IT Security Officers
•Information Security Professionals

At Course Completion:

•The component parts of the Standard
•How to manage information security
•How the individual components of the process fit together
•How to treat implementation as a project
•Common pitfalls
•How to define and risk assess “information assets”
•How to manage risks in a way suitable to your organization
•The essential requirements for obtaining auditor approval, i.e. certification

Outline: 

CONFIDENTIALITY, INTEGRITY, AVAILABILITY
AND AUDIT
•Overview of the stages of the ISMS
•Defining an Information Security Policy
•Defining the scope of the ISMS

IDENTIFYING INFORMATION ASSETS
•What are information assets?
•Creating an asset classification system

UNDERTAKING A RISK ASSESSMENT
•Identifying asset values, threats and
vulnerabilities
•Creating a usable and simple risk methodology Using risk tools
•Practical exercise – undertaking a risk assessment
•Results and conclusions resulting from an
Assessment

MANAGING RISK
•Risk measurement
•Risk reduction and acceptance techniques
•Practical exercise - determining control objectives
•Selecting control objectives and controls
•Security in depth
•ISO 27001 control objectives and controls
•The application of countermeasures
•Practical exercise – creating a workable
countermeasure
•Additional controls not in ISO 27001
•Preparing a Statement of Applicability
•The need to review and audit the ISMS

AUDITING
•What does auditing achieve?
•How should auditing be conducted?
•Different types of audit
•The phase 1 and 2 ISO 27001 audits
•Certification – what is next