Jul 23, 2017 4237times

Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Lead Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

Introduction 

The successful completion of this course is essential for ISMS (ISO/IEC 27001, Information Security Management Systems) implementation, can reduce the cost on try and error and speed-up the implementation of an ISMS for the organization. 

To participate this training course, the following prior knowledge were expected: 

  1. Knowledge of Annex SL and Management System Compliance (ISO 19600)
    • Process approach (Plan-Do-Check-Act)
    • Business overall compliance risk management (ISO 31000), includes legal, legislation, contractual obligations, standards, policies and procedures.
    • Top management leadership, other roles and responsibilities to support management system
    • Consideration of planning a management system - identify the organisational and technical measures to manage the identified risk
    • Supporting required by the management system 
    • Management system operation consideration - monitoring, reporting and communicating 
    • Performance evaluation of a management - objectives evaluation, Internal Audits and Management Review 
    • Continual improve the effectiveness of a management system - 
  2. Knowledge of risk management (ISO 31000)
    • risk management process 
    • risk criteria
    • risk assessment (includes risk identification, analysis and evaluation)
    • risk treatment 
    • risk communication, monitoring and improvements
  3. Knowledge of information security management principles and concepts, includes but not limited to:
    • awareness of the need for information security;
    • the assignment of responsibility for information security;
    • incorporating management commitment and the interests of stakeholders;
    • enhancing societal values;
    • using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
    • incorporating security as an essential element of information networks and systems;
    • the active prevention and detection of information security incidents;
    • ensuring a comprehensive approach to information security management;
    • continual reassessment of information security and make of modifications as appropriate.
  4. ISO/IEC 27001: Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.

Note. You are advised that course examination questions can relate to any requirement of ISO/IEC 27001 and the expected prior knowledge. For delegates who do not have these, we recommend attending our foundation training course. 

Who should attend?

This is intended for those who will be involved in implementation an ISMS that conforms to latest ISO/IEC 27001 in any organization. Suggested job functions and their teams include:

  • Information security managers
  • IT and corporate security managers
  • Corporate governance managers
  • Risk and compliance managers
  • Information security consultants

Learning objectives

  • Understand the ISMS requirements 
  • Understand how to develop the ISMS policies, procedures, includes but not limited to:
    • Compliance risk management 
    • Management system PDCA processes, i.e. Planning, Operations, Performance evaluation and Improvements processes 
    • ISMS scope, policy and objectives 
    • ISMS organisational security 
    • Information asset management 
    • Information security risk management process
    • Information security risk control on human resource security (employee, outsource and supplier) 
    • Information security risk control on encryption, mobile devices, redundancy 
    • Information security risk control on physical and environmental 
    • Information security risk control on communication and network
    • Information security risk control on information system and application 
    • Information security risk control on IT service operations 
    • Information security risk control on legal and technical compliance 
    • Information security risk control on incident and change management 
    • Information security risk control on business continuity 

Course benefits

  • Your organization will have an internal resource and process to plan and establish an ISMS 
  • You will gain a professional qualification that certifies you have the knowledge and skills to plan and establish an ISMS for the organization
  • Support the organisation to protection the sensitive data, i.e. personal data, trade secret, to compliance with legal, legislation and governance requirements
  • Understand the gaps between existing ISMS and international standards 

Course outline

Day 1, Annex SL, Risk management principles (ISO 31000)、Management System Compliance (ISO 19600)、ISMS  (ISO/IEC 27001)

  • Understand the compliance risk management (ISO 31000) - Legal, Legislation, Contractual Obligations, Standards, Policy and Procedures (Clause 4.1, 4.2)
  • Information security risk control on legal and technical compliance (Annex A.18)
  • Select and define ISMS operation and certification scope (Clause 4.3, 4.4)
  • Leadership, ISMS policy and objectives (Clause 5.1, 5.2, Annex A.5) 
  • ISMS organizational security (Clause 5.3, 7.1 ~ 7.4, Annex A.6)
  • ISMS documented information (Clause 7.5)

Day 2, Asset management principles and Information Security Risk Management Process, ISO/IEC 27005)

  • Establish the information asset management process (Annex A.8)
    • Protection on Trade Secret, i.e. Intellectual property rights (IPRs) (Annex A.18.1.2)
    • Personal data protection and EU GDPR (Annex A.18.1.4)
  • Establish information security risk management process (Clause 6, 8)
  • Perform the information security risk assessment process (Clause 6.1.2)
    • Produce an information security risk assessment report (Clause 6.1.2 e.)
  • Perform the information security treatment process (Clause 6.1.3)
    • Produce a Statement of Applicability (SoA) (Clause 6.1.3 d.)
    • Produce an information security risk treatment plan (Clause 6.1.3 e.)

Day 3, Information security risk control on human resource, environment (ISO/IEC 27002) 

  • Information security risk control on human resource security (employee, outsource and supplier) (Annex A.7, A.15, A.9.2, A.9.3)
  • Information security risk control on mobile devices, encryption, redundancy (Annex A.6.2, A.10, A.17.2)
  • Information security risk control on physical and environmental (Annex A.11)

Day 4, Information security risk control on communication, networking, system, application and IT service operations (ISO/IEC 27002) 

  • Information security risk control on communication and network (Annex A.13)
  • Information security risk control on information system and application (Annex A.14, A.9.4)
  • Information security risk control on IT service operations (Annex A.12)

Day 5, Information security risk control on information security incident and business continuity (ISO/IEC 27002), management system performance evaluation and improvements

  • Information security risk control on incident and change management (Annex A.16)
  • Information security risk control on business continuity management (Annex A.17)
  • Management system performance evaluation and improvements (Clause 9, 10)
  • Q & A / Course examination 

What's included?

  • Course material
  • Course examination (on-line)
  • Course certificate

Organizational information

  • Delegates should note that there are evening works during the course
  • The minimal numbers of delegates for this course is 4 and maximum is 20. If the students less than 4, the course will be postponed.
  • This course is facilitated by TKSG online learning management system (LMS). The participants should have the capability to use their own PC, laptop notebook or suitable mobile devices to access the LMS.
  • This course is run in collaboration with CQI/IRCA Approved Training Partner - Hermes infotech Inc.

Additional Info

Venue (地點): Asia Pacific, Europe, Middle-East, UAE, US
Time (時間): 5 days (40 hours)
Facilitator (講師): Registered tutor

Related items

Information Security Risk Management (ISO/IEC 27005:2018) for Leaders and Management (incorporating ISO 31000:2018 requirements)
Information Security Risk Management (ISO/IEC 27005:2018) for Leaders and Management (incorporating ISO 31000:2018 requirements)

Understand how to apply and integrate the information security risk management process (ISRM, ISO/IEC 27005) as part of the organization's business risk management (ISO 31000). 

Jul 23, 2017
ICT Business Continuity and Disaster Recovery Professional Training Course
ICT Business Continuity and Disaster Recovery Professional Training Course

Understand how to apply business continuity risk management principles (ISO 22301) on the organization's ICT business continuity and disaster recovery management.

Jul 23, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Implementer Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipment, people, communication, networking, system, and application.

Jul 23, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Foundation Training Course

Personal Data Protection, EU GDPR (and ePrivacy regulation), Trade Secret, Asset management, Information Security Risk Management, Incident and Problem, Access controls on environmental, facilities, equipments, people, communication, networking, system and application

Jul 23, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Internal Auditor Training Course

To compliance with ISO/IEC 27001, the organisation shall demonstrate its capability on conducting an effective Internal Audit, to ensure the management system fulfills legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures requirements.

Also, the competence to plan, operation and continual improvements the management system to control the risks and achieve its expected outcome.

Jul 23, 2017
Risk Management (ISO 31000) on Information Security Management Training Course
Risk Management (ISO 31000) on Information Security Management Training Course

Understand how to apply risk management principles (ISO 31000) on organization's information security management.

Jul 23, 2017
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services
智慧型網路惡意攻擊偵測服務 CyberSecurity (ISO/IEC 27032) and Malicious Threat Detection Services

協助企業在即時偵測惡意攻擊與可疑的內部資料外洩偵測行為,防止惡意軟體蒐集將資料外送。

Jul 23, 2017
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Auditor/Lead Auditor Training Course
Information Security Management Systems (ISMS, ISO/IEC 27001:2013) Auditor/Lead Auditor Training Course

(Registered Course Nr. PR320 / A17533)

Through the management system audit and certification, the organization can demonstrate its ability on legal (i.e. EU GDPR, DPA, IPRs), legislation, standards (i.e. ISO, IEC, IEEE), contractual obligation (i.e. Trade Secret, IP), policy and procedures compliance.

Also, the competence to plan, operation and continual improvements in the management system to control the risks and achieve its expected outcome.

Jul 23, 2017
Go to top
JSN Educare is designed by JoomlaShine.com | powered by JSN Sun Framework