Course Description:

Information Security is gaining importance in the Information Technology (IT). Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers, and suppliers). It also leads to a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet. Furthermore, activities of many companies now rely on IT, and information has become an asset. Protection of information is crucial for the continuity and proper functioning of the organization: information must be reliable.

This course enables participants to learn about the best practices for implementing and managing an information Security Management System (ISMS) as specified in ISO/IEC 27001:2013, as well as the best practices for implementing the information security controls of the eleven domains of the ISO/IEC 27002. This training also helps to understand how ISO/IEC 27001 and ISO/IEC 27002 relate with ISO/IEC 27003 (Guidelines for the implementation of an ISMS), ISO/IEC 27004 (Measurement of information security) and ISO/IEC 27005 (Risk Management in Information Security).

Audience:

The target group of this course is everyone in the organization: People working to implement or maintain an ISMS within an organization; Required to audit an ISMS and are required to have a basic understanding of the standard; People working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001.

Learning Objectives:

Individuals certified at this level will have demonstrated their understanding of:

• The concept, importance and the reliability of information.
• The types of risks, threats and damages, and the available risk strategies and the security measures you can take.
• The scope and purpose of ISO/IEC 27001 and how it can be used
• The key terms and definitions used in ISO/IEC 27001
• The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement
• The processes, their objectives and high-level requirements
• Applicability and scope definition requirements
• Use of controls to mitigate Information Security risks
• The purpose of internal audits and external certification audits, their operation and the associated terminology
• The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.

Prerequisites:

There are no-prerequisites for the foundation qualification but an interest and/or background in information security management would be an advantage.

Course Materials:

Participants will receive the following:

• A course book.

Examination and Certification:

Certification: ISO/IEC 27001 foundation

Duration and style: A 40-minute, 50 multiple-choice. Paper-based or online. Onsite exams can be arranged with notice.

Pass mark: 50% this will be essential should you want to do the practitioner course

Examination board: APMG

Course Agenda:

• Introduction, background, and definitions
• Key publications
• Leadership and support of the ISMS
• Planning and operation of the ISMS
• Information security control objectives and controls
• Achieving ISO/IEC 27001 Certification
• Exam Preparation – APMG, ISO/IEC 27001 Foundation

Day1	Day2	Day3
Introduction, background, and definitions	Planning and operation of the ISMS	Information security control objectives and controls (Part 2)
Key publications	Information security control objectives and controls (Part 1)	Achieving ISO/IEC 27001 Certification
Leadership and support of the ISMS		Exam Preparation Guide/ Mock Exam