This course enables participants to develop the expertise necessary to assist an organization in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013. Participants will also gain a solid foundation in the best practices used to implement information security measures from the domains of ISO 27002. This training is consistent with the good project management practices established by ISO 10006 (Guidelines for project management in quality). This training is fully compatible with ISO 27003 (Guidelines for implementing an ISMS), ISO 27004 (Information security measurement) and ISO 27005 (Information security risk management).

If you would like to take this course by distance learning, click on the “Distance training” button to discover the program.

Overview

  • Learn to implement the ISO 2700x series of standards
  • Prepare for Information Security Management System (ISMS) certification
  • Learn how to implement the ISO 27001:2013 and ISO 27002:2013 standards
  • Learn how to manage and maintain an ISMS

Course Curriculum

Day 1

Introduction to the Information Security Management System (ISMS) concept as defined by ISO 27001; Initialization of an ISMS

  • Introduction to management systems and the process approach
  • Presentation of the ISO 27001, ISO 27002 and ISO 27003 standards, as well as the normative, legal and regulatory framework
  • Fundamentals of information security
  • Preliminary analysis and determination of the maturity level of an existing information security management system according to ISO 21827
  • Drafting of a feasibility study and a project plan for the implementation of an ISMS

Day 2

Plan the implementation of an ISMS based on ISO 27001

 

  • Definition of the scope of the ISMS (field of application)
  • Development of the ISMS policy and objectives
  • Selection of the risk assessment approach and method
  • Risk management: identification, analysis and treatment of risk (according to ISO 27005)
  • Drafting of the Statement of Applicability

Day 3

Implementing an ISMS based on ISO 27001

  • Establishment of a documentation management structure
  • Design of security measures and drafting of procedures
  • Implementation of security measures
  • Development of a training and awareness program and communication about information security
  • Incident management (according to ISO 27035)
  • Management of ISMS operations

Day 4

Controlling, monitoring, measuring and improving an ISMS; ISMS certification audit

  • Controlling and monitoring an ISMS
  • Development of metrics, performance indicators and dashboards in accordance with ISO 27004
  • ISO 27001 internal audit
  • Management review of the ISMS
  • Implementation of a continuous improvement program
  • Preparation for the ISO 27001 certification audit
  • Revisions

Risk
Assessment

The “PECB Certified ISO/IEC 27001 Lead Implementer” exam is held on the 5th day of the course and lasts 3 hours. The exam covers the following competency areas:

  • Area 1: Fundamental information security principles and concepts.
  • Area 2: Information Security Code of Practice based on ISO 27002
  • Area 3: Planning an ISMS in accordance with ISO 27001
  • Area 4: Implementing an ISO 27001 ISMS
  • Area 5: Performance evaluation, monitoring and measurement of an ISO 27001-compliant ISMS
  • Area 6: Continual improvement of an ISO 27001 compliant ISMS
  • Area 7: Preparing for an ISMS certification audit

The plus

This training is based on the alternation of theoretical and practical time:

  • Lectures illustrated with examples from real cases
  • Classroom exercises to help prepare for the exam
  • Practical tests similar to the certification exam

In order to preserve the good realization of the practical exercises, the number of participants in the training is limited.

Who should attend?

  • Project managers or consultants who wish to prepare and assist an organization in the implementation of its Information Security Management System (ISMS)
  • ISO 27001 auditors who wish to understand the process of implementing an Information Security Management System
  • Managers and executives in charge of IT governance and risk management
  • Members of an information security team
  • Expert consultants in information technology
  • Technical experts wishing to prepare for an information security or ISMS project management role

Prerequisites

  • Have a knowledge of the ISO/IEC 27001 standard
  • Have a good knowledge of information systems security
  • Completion of the “ISO 27001 Foundation” module

How and when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 5 working days before the start of the training.

Accessibility

Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.

If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.

To go further

You can deepen your knowledge by following the training courses below:

Duration

4,5 days (31h)

Price

€3200 excl tax

Meal

Breakfast & lunch included

For French residents

+ OPCO support

Overview

  • Understand the operating principles of an ISMS according to ISO 27001
  • Develop the necessary skills to carry out an ISO 27001 and ISO 2700x series implementation project
  • Understand the pillars of an ISMS: risk management, indicators construction, ISMS management, etc.
  • Acquire the project team management skills to launch and maintain an ISMS
  • Avoid the pitfalls of the certification audit

Course Curriculum

Session 1

Implementation of the ISMS

  • Establish a PDCA for the implementation of an ISMS
  • Realize a status report of the ISMS

Session 2

Establish the ISMS implementation plan

  • Identify the processes that are essential to the ISMS
  • Identify the main steps of the implementation
  • Define the project organization
  • Retroplanning

Session 3

Risk
Management

  • Choosing an ISO 27001 compliant risk management approach
  • Implementing risk management

Session 4

Documentary
repository

  • Document templates
  • Identify mandatory documentation
  • Identify useful documents

Session 5

Implementing the ISMS

  • Implementation of “mandatory” processes
  • Implementation of security measures

Session 6

Evaluation and improvement of the ISMS

  • Audits and controls
  • Continuous improvement plan
  • First and subsequent iterations
  • Certification process

Principle planning

  • 13 hours of classes with the trainer divided into 6 sessions of 1h30 to 2h
  • 8 hours of personal work time in autonomy
Monday Tuesday Wednesday Thursday Friday
Week 1 Introduction Session 1 Session 2 Session 3
Week 2 Session 4 Session 5 Session 6 Exam

Risk
Assessment

2H closed book online certification exam.

  • 100 multiple choice questions

The + of distance learning

  • Training provided by a cybersecurity expert
  • An intuitive and easy-to-use platform
  • Exchange moments on key concepts and experience sharing adapted to the learners’ context
  • A training pedagogy adapted to all learning profiles

Who should attend?

  • Managers or consultants involved in information security management
  • Specialized consultants who want to master the implementation of an Information Security Management System
  • Anyone responsible for maintaining compliance with ISMS requirements
  • Members of an ISMS team

Prerequisites

  • A good knowledge of the ISO/IEC 27001 standard and a thorough knowledge of the implementation principles.
  • Completion of the “ISO 27001 Foundation” module

How and when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 5 working days before the start of the training.

Accessibility

Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.

If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.

To go further

You can deepen your knowledge by following the training courses below:

Duration

21 hours

Price

€1800 excl tax

Package

Full pack 35h – Foundation & Lead Implementer : € 2000 excl. tax

For French residents

+ OPCO support

Download the educational sheet in PDF format

Would you like more information?

contact us by filling out this form

    Almond commits itself to ensure that the collection and processing of your data, carried out from the site https://almond.consulting/, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data.
    The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information.
    You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see cnil.fr for more information on your rights).
    You can exercise your rights by contacting Almond's Data Protection Officer at the following address: dpo@almond.consulting.
    Your data will be kept within the European Union, in accordance with the regulations in force.