ISO 27000

ISO 27000

Information Security Management System is defined by the ISO 27000 series of standards and covers many aspects of asset management and management reviews.  The 5 (five) day workshop covers current and in development related standards.

 

Course overview

  • Dissection of the ISO 27000 series of standards developed and in development
  • Process of Plan-Do-Check-Act (PDCA) and Approach
  • Compatibility with other management systems
  • Establishing and managing an ISMS
  • Internal ISMS Audits
  • Management Review
  • ISMS Improvement
  • Digital Evidence for Forensics
  • Incident Management
  • Relationship with other standards

Benefits

  • Expert and certified trainers with subject matter expertise
  • Understand, develop and implement an ISMS
  • Develop an audit program to monitor and improve on your ISMS

Who should attend?

Candidates with an interest in or responsible for Information Security, IT Audit and Compliance:

  • IT Security Staff
  • IT Auditors
  • Cyber Lawyers
  • Compliance Officers

 

Course Style

This course consists consist of theory, workshops in the development of solutions as individuals and in groups.

 

Level and Pre-requisites

  • Understand the concepts of business compliance, business continuity as well as information security.
  • The course is intensive and covers many aspects and business protection requirements

Course Material

  • SANS 27001 and 27002 personal copy
  • Sample Policies
  • Sample Audit Programs
  • Student Manual

Course Content

OVERVIEW AND VOCABULARY

  • Semantics and source references
  • Standards, Procedures, Guidelines and Policies
  • Covers ISO 27000 series and others

SECURITY TECHNIQUES – REQUIREMENTS

  • Establishing
  • Implementing
  • Operating
  • Monitoring
  • Reviewing and
  • Maintaining

CODE OF PRACTICE

  • Best practices of control objectives
  • Controls in Information Security Management

IMPLEMENTATION GUIDANCE

  • Needs Analysis of Successful Design
  • Inception to Production
  • Implementation Plans

MEASUREMENT

  • Development of measurement processes
  • Assess the effectiveness of the ISMS
  • Measure Controls/Group Controls

ISMS RISK MANAGMENT

  • Risk Management Approach
  • Implementation Assistance

AUDITING AND CERTIFICATION

  • Guidance used by bodies for audit
  • Certification Process
  • ISO 17021 requirements

TELECOMMUNICATIONS

  • End-to-End Communication
  • Network Asset Management
  • Procedures in securing digital evidence

INCIDENT MANAGEMENT

  • Planning and preparation
  • Monitor and Response
  • Post mortem

GUIDELINES FOR DIGITAL EVIDENCE

  • Weight and Legal admissibility

ISMS IMPROVEMENT

  • Risk Assessment
  • Security Policy
  • Asset Management
  • Human Resource Security
  • Physical and Environmental Security
  • Compliance