ISO 27001 – ISMS Lead Implementer: Course Contents | ALC Training News

  • No comments
Day 1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001 and launching an ISMS
  • Introduction to management systems and the process approach
  • Detailed presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
  • Fundamental principles of Information Security
  • Preliminary analysis and determining the level of maturity of the existing management of the Information Security based upon ISO/IEC 21827:2008
  • Writing the business case and preliminary design of the ISMS
  • Developing a project plan of compliance to ISO/IEC 27001:2005
Day 2: Planning an ISMS based on ISO27001
  • Defining the scope of the ISMS
  • Drafting the ISMS and information security policies
  • Selection of the approach and methodology  for risk assessment
  • Risk management according to ISO 27005: identification, analysis and treatment of risk
  • Drafting the Statement  of Applicability
Day 3: Launching and implementing an ISMS based on ISO27001
  • Implementation of a document management framework
  • Design of controls and writing procedures
  • Implementation of controls
  • Development of a training & awareness program and communicating about the information security
  • Incident Management according to ISO 27035
  • Operations management of an ISMS
Day 4: Control, act and the certification audit of the ISMS according to ISO 27001
  • Monitoring the ISMS controls
  • Development of metrics, performance indicators and the dashboard in accordance with ISO 27004
  • ISO 27001 Internal Audit
  • Management review of the ISMS
  • Implementation of a continuous improvement program
  • Preparing for the ISO 27001 certification audit
Day 5
  • Course review
  • Q&A
  • Exam preparation

ALC Training