Implementing Information Security based on ISO27001 and ISO27002 - Course Description

 

This interactive 2 day course provides an introduction to the ISO/IEC 27001:2005 and ISO/IEC 27002:2007 (formerly ISO/IEC 17799 / BS 7799) international standards for information security. The course presents a straightforward and logical approach to developing, implementing and maintaining your Information Security Management Process and Systems. The course guides its participants through the Information Security Process and provides detailed guidance on how to effectively design, plan and implement this process and the related Information Security Management Systems (ISMS). Additionally it provides practical direction to prepare for a security audit and to enforcing compliance. 

Who Should Attend

This course will be beneficial for anyone who is looking for the details of the ISO/IEC 27001:2005 and 27002:2007 standards, including:

 

  • Staff responsible for Information Security Management or implementation of ISO/IEC 27001 and/or ISO 27002
  • Information Security Managers
  • IT managers responsible for delivering or running critical business information systems
  • IT consultants advising clients on security matters
  • Information Service Provider (ISP) staff responsible for security issues.
  • Security Managers, Auditors, Project Managers, Operations
  • Managers and Business managers

What You Will Learn

This course will enable delegates to:

 

  • Understand the requirements of the ISO/IEC 27001:2005 and ISO/IEC 27002 standards
  • Practical techniques for designing and implementing an ISMS
  • Detail explanations of the ISO/IEC 27001:2005 ISMS components and the improvement cycle
  • Understand the necessary skills to design, implement, maintain and audit an effective ISMS
  • Assess an organisation’s information security needs against ISO/IEC 27002:2007 and ISO/IEC 27001:2005

 

In addition the course will have hands-on activities in which delegates will have the opportunity to undertake practical exercises with the intention of formulating practical documents that can be used in their business, including:

 

  • Information Security policy
  • Identification of information assets and their value
  • Determination of risk and impacts
  • Identification of control objective and controls
  • Risk Analysis and Risk Treatment Plan
  • Statement of Applicability (SOA)
  • Completion of ISMS documentation requirements
  • Production of a ISMS Project Implementation Plan

Learning Method

This course is conducted as an instructor-led workshop and includes a combination of lectures and exercises. Each delegate will receive the book Implementing Information Security based on ISO 27001 & ISO 17799 (ISBN: 9789077212783), the course notes, and a certificate of attendance.

Pre-Requisites

A basic knowledge of information systems, security and management processes

In-House Training

This course is available for private presentation, either on your own premises or 'off-site'. There are many advantages to in-house training. Please contact ALC for a quotation and to discuss your requirements. Telephone 1300 767 592 or email learn@alctraining.com.au