ISO/IEC27001 Foundation

An instructor-led classroom training providing a foundational understanding of the requirements of the Information Security Management System (ISMS) and what is needed  for compliance against the requirements of the ISO27001:2013 standard.

ISO/IEC 27001 (ISO 27001) is an international standard for Information Security management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS). The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls.

This course will provide participants a foundation level knowledge of how the standard operates in a typical organization and will also cover areas like Risk Management, Compliance, Cyber Security, Information Management & Analysis.

Outline:

• The scope and purpose of ISO/IEC 27001 and how it can be used.
• The key terms and definitions used in the ISO/IEC 27000 series.
• The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement.
• The processes, their objectives and high level requirements.
• Applicability and scope definition requirements.
• Use of controls to mitigate IS risks.
• The purpose of internal audits and external certification audits, their operation and the associated terminology.
• The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.