Home » Services and Trainings » Trainings and Seminars » Development and implementation of Information Security Management System in compliance with ISO 27001: 2013

Development and implementation of Information Security Management System in compliance with ISO 27001: 2013

Training Target: To acknowledge the participants with basic requirements of ISO 27001, to teach them how to select appropriate measures of safety management, destined to protect informational assets and ensure the confidence of stakeholders. Consideration of optimal methods for implementation of the standard requirements. To give basic concepts and terms of certification of information security management system by the certification bodies.

Training Audience: Training is focused on managers and specialists of companies, involved in the implementation of information security systems.

TRAINING PROGRAM

Training duration: 3 days

First day (10.00-18.00)

  • Introduction

    • Information, types and role of information, information properties.
    • Property of "security".
    • Security issues.
    • Security aspects.
  • Safety information - management problem

    • Technical equipment, lack of technical resources.
    • Information security management.
  • Management System

    • Place of ISMS in the overall management system.
    • Principles of management system.
    • Standard 9001 - recommended base.
    • ISO / IEC 27001 - Requirements to best practices of information security management.
  • History of 27001 standard
  • The benefits of implementing the standard
  • Assets - main objects of the standard

    • Identification of assets.
    • Assets Register.
    • Integrated Assets.
    • Value of assets.
    • Factors, affecting the value.

Second day (10.00-18.00)

7. Requirements of ISO 27001:2013

  • Introduction.
  • Risks management in accordance with ISO 27001: 2013.
  • Algorithm of risks identification.
  • The process of risks identification & assessment. Threats - vulnerability - credibility. "Ready" tools and methods for risks assessment. Analysis of risks assessment techniques. Results of risks assessment. Risks Register. Identification and risk assessment criteria. Risks management.
8. Implementation of the standard requirements

  • Basis of information security management.
  • Classification of assets and management.
  • Security and staff.
  • Physical and external security.
  • Management of computers and networks.
  • Control of access to the system.
  • The acquisition, development and maintenance of information systems.
  • Management of information security incidents.
  • Business Continuity.
  • Compliance with legislation.

Third day (10.00-18.00)

9. Introductory training

  • Acknowledgement of employees with policies, standards and procedures.
  • Management of smooth operation of the organization.
10. Completion of ISMS (documentation requirements)

  • Documentation of ISMS.
  • Regulations on the applicable control measures (Statement of Applicability).
  • Document Management.
  • Records.
  • Analysis and review of ISMS.
11. Integration of ISMS in accordance with the requirements of ISO / IEC 27001 and quality management system according to ISO 9001

Final Exam

"Development and implementation of Information Security Management System in compliance with ISO 27001: 2013" training course is carried out in a discussion with the participants with the usage of practical exercises.

For the participants:

  • Issue of the certificate upon the course completion;
  • Set of relevant background materials/hand-outs;
  • Daily lunch and coffee breaks.

PREPARE QUOTATION