Course overview

Without a formal Information Security Management System (ISMS), organisations are left vulnerable and can struggle to achieve their businessgoals and protect their information assets.

ISO/IEC 27001 is the international standard that defines best practice for an ISMS. It is safe to say that this standard is the foundation of information security management and applies to any kind of organisation, private or government, profit or non-profit, small or large.

ISO/IEC 27001 provides a reliable framework for protecting against cyber crime, improving corporate governance, and recovering from accidents.

The latest update to the ISO 27001 standard was published in October 2013 and replaces ISO 27001:2005 as the pre-eminent international standard.

This one-day overview will bring you fully up-to-date. It provides:
  • Introductory and practical coverage of all aspects of ISMS requirements as per ISO/IEC 27001:2013
  • ISMS implementation guidance overview as per ISO/IEC 27003:2010
  • Information security controls guidance as per ISO/IEC 27002:2013
  • High level overview of how the new COBIT® 5 for Information Security can be leveraged to improve your ISMS compliant with ISO 27001 requirements.

Learning outcomes

  • Gain a detailed understanding of key concepts of an Information Security Management Systems (ISMS)
  • Understand the ISMS requirements as per ISO/IEC 27001:2013
  • Familiarise the  approaches  and guidance required in an effective management of an Information Security Management System (ISMS)
  • Learn the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2005
  • Familiarise with an example implementation process of an ISMS as per ISO/IEC 27003 guidance
  • Learn transition guidance from ISO/IEC 27001:2005 and ISO/IEC 27001:2013

Who should attend

  • Chief Information Security Officers (CISOs)
  • Information Security Managers (ISMs)
  • Other information security professionals who are interested in realigning their Information Security function and/or initiatives
  • Senior executives who would benefit from a high-level understanding of this important framework

Course contents

1.  Key Concepts of an Information Security Management Systems (ISMS)
  • Introduction to Information Security Management Systems (ISMS)
  • History of ISO 27001 and 27002 standards
  • What is “Information” and “Information Assets”
  • Information Security and ISMS concepts
  • Why should you choose ISO/IEC 27001:2013 for implementing an ISMS
2.  ISMS Requirements as ISO/IEC 27001:2013
  • Context of the organisation
  • Leadership and commitment
  • Planning, including Risk identification and treatment processes
  • Support and  Operation
  • Performance evaluation, including Internal Audit and Management Review
  • Improvement
3. Information Security Control Objectives and Controls
  • Annex-A: Control objectives and controls
  • Statement of Applicability
4. ISMS Implementation Guidance
  • Five-phase approach as recommended by ISO 27003
  • Scope of ISMS implementation
  • Documentation requirements
  • High-level transition guidance for moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013
  • Critical success factors of a successful an Information security program

Course fees

Course

Fees A$ per person

  • ISO 27001 Overview
  • $550 + gst

Pre-requisites

Nil