This course enables participants to learn the best practices for implementing and managing an information security management system as specified in ISO/IEC 27001:2005 and the best practices for implementing information security measures from the 11 domains of ISO/IEC 27002:2005. This course also enables the understanding of the relationship of ISO 27001 and ISO 27002 with ISO 27003 (Guidelines for the implementation of information security management systems), ISO 27004 (Measurement) and ISO 27005 (Information security risk management).
If you would like to take this course by distance learning, click on the “Distance training” button to discover the program.
Overview
- Understand the implementation of an Information Security Management System (ISMS) in accordance with ISO 27001
- Understand the relationship between an ISMS and compliance with the requirements of the different stakeholders of an organization (compliance, regulations, internal policies…)
- Know the concepts, approaches, standards, methods and techniques to effectively manage an Information Security Management System
- Acquire the necessary knowledge to contribute to the implementation of an Information Security Management System as specified in ISO 27001
Course Curriculum
Day 1
Introduction to the Information Security Management System (ISMS) concept as defined by ISO 27001
- Introduction to the ISO 27000 family of standards
- Introduction to management systems and the process approach
- Fundamental principles of information security
- General requirements: presentation of clauses 4 to 8 of ISO 27001
- Implementation phases of the ISO 27001 framework
- Continuous improvement of Information Security
- Conducting an ISO 27001 certification audit
Day 2
Implementing ISO 27002 compliant information security measures and certification review
- Definition of the scope of the ISMS (field of application)
- Development of the ISMS policy and objectives
- Selection of the risk assessment approach and method
- Risk management: identification, analysis and treatment of risk (according to ISO 27005)
- Drafting of the Statement of Applicability
Learning
Assessment
PECB Certified ISO/IEC 27001 Foundation” exam is held on the 2nd day of training and lasts 1 hour. The exam covers the following competency areas:
- Area 1: Fundamental Principles and Concepts of Information Security Management System
- Area 2: Information Security Management System
The +
This training is based on the alternation of theoretical and practical time:
- Lectures illustrated with examples from real cases
- Classroom exercises to help prepare for the exam
- Practical tests similar to the certification exam
In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.
Who should attend?
- Members of an information security team
- Information security professionals who want to gain a comprehensive understanding of the main processes of an information security management system (ISMS)
- Any person involved in the implementation of the ISO 27001 standard
- Technicians involved in ISMS operations
- Auditors
- Managers and executives in charge of IT governance and risk management
Prerequisites
- Basic knowledge of information security
How and
when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 5 working days before the start of the training.
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.
To go further
This training enables you to prepare for the following courses:
- ISO 27001 Lead Implementer certification training
- ISO 27001 Lead Auditor certification training
Duration
2 days (14h)
Price
€1700 excl tax
Meal
Breakfast & lunch included
Overview
- Understand the issues of security management and its implementation
- Acquire the terminology and basic knowledge necessary to meet the requirements of ISO 27001 in the context of a company
- Discover the best practices of Information Security management and its articulation with risk management
Course Curriculum
Session 1
Fundamentals and knowledge of the organization
- The ISO model
- The Deming wheel (PDCA)
- Internal issues
- External issues
- Field of application
Session 2
Leadership
and
planning
- Leadership
- Planning
- PDCA on safety measures
Session 3
ISS
Risk
Management
- Definition of risk
- Processes to be implemented
Session 4
Support and operation
- Resources, Skills and Communication
- Appendix A
Session 5
Evaluation and maintenance of the ISMS
- Audit and control process
- Continuous Improvement
Principle planning
- 10 hours of classes with the trainer divided into 5 sessions of 1h30 to 2h
- 4 hours of personal work time in autonomy
Monday | Tuesday | Wednesday | Thursday | Friday | |
---|---|---|---|---|---|
Week 1 | Introduction | Session 1 | |||
Week 2 | Session 2 | Session 3 | Session 4 | Session 5 | Exam |
Learning
Assessment
- 1H closed book online certification exam.
- Composed of a total of 50 multiple choice questions
The +
- Training provided by a cybersecurity expert
- An intuitive and easy-to-use platform
- Exchange moments on key concepts and experience sharing adapted to the learners’ context
- A training pedagogy adapted to all learning profiles
Who should attend?
- Any person involved in information security management
- Individuals wishing to acquire knowledge of the main processes of the Information Security Management System
- People who wish to pursue a career in information security management
Prerequisites
- Basic knowledge of information security
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 5 working days before the start of the training.
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.
To go further
This training enables you to prepare for the following courses:
- ISO 27001 Lead Implementer certification training
- ISO 27001 Lead Auditor certification training
Duration
14 hours
Price
€1300 excl tax
Package
Full pack 35h – Foundation & Lead Implementer: € 2000 excl. tax
or
Full pack 35h – Foundation & Lead Auditor: € 2000 excl. tax