Implementing Information Security based on ISO27001 and ISO27002 - Course Content
1. Information Security Introduction
- Introduction to Information Security Management (ISM)
- Information Security Focus
- ISM Benefits
2. Security Standards and Best Practices
- Introduction to Security Standards and Best Practices and their purpose:
- ASCII 33 – Ensures minimum standard for government ICT security
- ISO 27001:2005 - Defines the ISMS requirements
- ISO 27002 (ISO 17799:2005) - Defines a code of best practices for the management of information security
- AS 8001:2003 - Control of fraud and corruption
- AS/NZS 4360:2004 - Risk Management
- SABSA – "best practice" method for delivering information security solutions to enterprises
- COBIT - Control Objectives for Information and related Technology
- ITIL - The IT Infrastructure Library
- SOX - Sarbanes-Oxley
- Prince2 - PRojects IN Controlled Environments, v2
3. The ISO 27001 and 27002 Standards
- ISO 27000 series
- Overview ISO/IEC 27001
- Overview ISO/IEC 27002 (ISO 17799:2005)
- Control Objectives and Controls
- Technology
4. Information Security Process
- Process approach
- Implementation of an ISMS
- The ‘Plan – Do – Check – Act Model’
5. The 6 Steps of the Plan Phase
- Scope
- Policy
- Assess Risk
- Treat Risk
- Control Objectives
- Statement of Applicability
6. Audit Readiness & Preparation
- The Security Audit Process
- Strategic, Tactical and Operational documents
- Reasons for Non-Implementation
- Audit Process
7. Enforcing Compliance
- Reasons for Enforcing Compliance
- Policy Compliance Reviews
- Policy Compliance Vs Vulnerability Assessments
- Survival Tactics
8. Organisational Change Challenge
- Service Culture Barriers
- Management Effort
9. Realising the Benefits
- IT Security Management Benefits
- Advantages of implementing ISO 27001 and 27002
- Critical Success Factors
