ISO 27000

Information Security Management System is defined by the ISO 27000 series of standards and covers many aspects of asset management and management reviews.  The 5 (five) day workshop covers current and in development related standards.

Course overview

• Dissection of the ISO 27000 series of standards developed and in development
• Process of Plan-Do-Check-Act (PDCA) and Approach
• Compatibility with other management systems
• Establishing and managing an ISMS
• Internal ISMS Audits
• Management Review
• ISMS Improvement
• Digital Evidence for Forensics
• Incident Management
• Relationship with other standards

Benefits

• Expert and certified trainers with subject matter expertise
• Understand, develop and implement an ISMS
• Develop an audit program to monitor and improve on your ISMS

Who should attend?

Candidates with an interest in or responsible for Information Security, IT Audit and Compliance:

• IT Security Staff
• IT Auditors
• Cyber Lawyers
• Compliance Officers

Course Style

This course consists consist of theory, workshops in the development of solutions as individuals and in groups.

Level and Pre-requisites

• Understand the concepts of business compliance, business continuity as well as information security.
• The course is intensive and covers many aspects and business protection requirements

Course Material

• SANS 27001 and 27002 personal copy
• Sample Policies
• Sample Audit Programs
• Student Manual

Course Content

OVERVIEW AND VOCABULARY

• Semantics and source references
• Standards, Procedures, Guidelines and Policies
• Covers ISO 27000 series and others

SECURITY TECHNIQUES – REQUIREMENTS

• Establishing
• Implementing
• Operating
• Monitoring
• Reviewing and
• Maintaining

CODE OF PRACTICE

• Best practices of control objectives
• Controls in Information Security Management

IMPLEMENTATION GUIDANCE

• Needs Analysis of Successful Design
• Inception to Production
• Implementation Plans

MEASUREMENT

• Development of measurement processes
• Assess the effectiveness of the ISMS
• Measure Controls/Group Controls

ISMS RISK MANAGMENT

• Risk Management Approach
• Implementation Assistance

AUDITING AND CERTIFICATION

• Guidance used by bodies for audit
• Certification Process
• ISO 17021 requirements

TELECOMMUNICATIONS

• End-to-End Communication
• Network Asset Management
• Procedures in securing digital evidence

INCIDENT MANAGEMENT

• Planning and preparation
• Monitor and Response
• Post mortem

GUIDELINES FOR DIGITAL EVIDENCE

• Weight and Legal admissibility

ISMS IMPROVEMENT

• Risk Assessment
• Security Policy
• Asset Management
• Human Resource Security
• Physical and Environmental Security
• Compliance