Introduction to ISO/IEC 27001:2013 and ISO/IEC 27002:2013
This one-day introductory session will provide both information security practitioners and senior managers with a high-level understanding of the international standards for Information Security Management Systems. The presentation will explore the key principles of information security, today’s security challenges, the structure of both standards and the business benefits of implementing an ISMS framework. Topics include:
- definition of information security;
- need for an ISMS;
- purpose of and link between the two standards;
- history leading up to the release of ISO/IEC 27001:2013;
- mandatory management system elements within ISO 27001;
- high level review of the 114 security controls;
- overview of the stages of implementing an ISMS;
- certification process;
- current trends in ISO 27001 certifications; and
- benefits of certification
The presentation material and planned exercises will enable attendees to gain a high level understanding of ISO/IEC 27001:2005 and ISO/IEC 27002:2013 and what is required for certification to the standard. Students who sit and pass the exam at the end of the day will be awarded a Risk Based Security Introduction to ISO/IEC 27001:2013 certificate.
Preparing for ISO/IEC 27001:2013 Certification
This two-day session is designed to follow the introductory course and will add a more detailed review of both standards, discuss critical success factors and offer practical implementation steps and lessons learned when implementing an ISMS in accordance with ISO/IEC 27001:2013.
The instructor will lead a through review of the standards and facilitate an open discussion on the steps necessary to lead an organization’s efforts to develop an ISMS in compliance with ISO/IEC 27001:2013. Attendees will learn how to:
- define and document a properly bounded ISMS scope
- create a security policy
- determine information assets
- conduct a gap analysis
- develop a security improvement plan
- determine asset values
- review threats and vulnerabilities
- calculate risks
- select appropriate security controls;
- document a statement of applicability; and
- prepare for the certification audit.
Attendance will enable students to understand the processes involved in establishing, implementing, operating, monitoring, reviewing, maintaining and improving their organization’s ISMS in preparation for a successful certification audit.
Contact Us Today to schedule your training session firstname.lastname@example.org