Information Security Management System (ISMS) ISO/IEC 27001:2013

Transcription

1 Information Security Management System (ISMS) ISO/IEC 27001:2013 Course No. 110B Attendees will learn how to help your organization manage the security of assets such as financial information, intellectual property, employee details, or information entrusted to you by other parties. Learning Objectives At the end of this course, attendees will be able to: Understand information security management definitions, concepts, and guidelines Understand the purpose of the ISO series Understand the requirements of the ISO 27001:2013 standard Understand the roles and responsibilities of the auditor Apply ISO/IEC definitions, concepts, and guidelines Recognize the principles, practices, and types of audits Conduct all phases of an internal audit Prepare and present effective reports Prerequisites A prior review of the ISO 27001:2013 and ISO 27002:2013 standards and knowledge of information security practices and an understanding of auditing principles Duration Three Days (23 Contact Hours) Note; The class begins at 8:30 AM until 5:30 PM Cost $1,395 Includes course materials, exams and certificates Certification Requirements This is a certified QPS course. To attain the certificate of attainment attendees must pass the written examination and earn a passing grade (70% score) in course assessments, and meet all prescribed professional requirements of attendance, participation, and learning objectives. QPS Inc. 110B Brochure Page 1 of 5

2 Topics Covered See detailed schedule. ISO Clauses 0.1 General 0.2 The Plan-Do-Check-Act (PDCA) model 0.3 Components of PDCA in this International Standard 1 Scope 2 Normative references 3 Terms and definitions 4 Context of the organization 4.1 Understanding of the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the management system 4.4 Business continuity management system 5 Leadership 5.1 General 5.2 Management commitment 5.3 Policy 5.4 Organizational roles, responsibilities and authorities 6 Planning 6.1 Actions to address risks and opportunities 6.2 Business continuity objectives and plans to achieve them 7 Support 7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented information 8 Operation 8.1 Operational planning and control 8.2 Business impact analysis and risk assessment 8.3 Business continuity strategy 8.4 Establish and implement business continuity procedures 8.5 Exercising and testing 9 Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation 9.2 Internal audit 9.3 Management review 10 Improvement 10.1 Nonconformity and corrective action 10.2 Continual improvement Instructor The course instructor will be a Certified Lead Auditor with experience in developing and implementing ISO or similar methodologies. QPS Inc. 110B Brochure Page 2 of 5

3 Who Should Attend? This is intended for those who will be involved in leading audits of an ISMS that conforms to ISO/IEC 27001:2013 in any organization. For More Information Contact the Training Administrator: or call 1(877) , +1(508) DETAILED SCHEDULE: DAY 1 Module Topics Time Clock Introduction Course purpose and Learning objectives Course format and requirements Introduction/Attendee expectations Attendee requirements Prerequisite Quiz 30 minutes 8:30 AM Module 1 QMS Terminology and Definitions Definitions based on ISO minutes 9:00 AM Activity 1A Definition Differences 60 minutes 10:00 AM Module 2 ISMS background and history 60 minutes 11:00 AM ISMS Background ISO development ISO purpose and family of documents Certification process Lunch onsite 45 minutes 12:00 PM Activity 2A Process Approach 45 minutes 12:45 PM QPS Inc. 110B Brochure Page 3 of 5

4 Module 3 ISMS Requirements and Analysis Activities 3A and 3B, 3C and 3D The ISO family of documents ISO 27001:2013 Standard Requirements of each clause 60 minutes 1:30 PM Interpretation of 27001: minutes 2:30 PM Day 1 Wrap-up Summary, discussions, questions, answers, and feedback 15 minutes 5:15 PM Homework Assignment and dismissal 5:30 PM DAY 2 Module Topics Time Overview Recap Day 1 15 minutes 8:30 AM Preview Day 2 Module 4 Documentation required for audits 60 minutes 8:45 AM Documents and Resources of the auditor Resources Auditor responsibilities and behavior Conducting interviews Risk-based thinking The quality management principles Activity 4A Risk-Based Thinking 90 minutes 9:45 AM Module 5 The Audit Process and ISO 27007:2013 Requirements and guidance from ISO Audit management objectives Audit process 45 minutes 11:15 AM Lunch 45 minutes 12:00 PM Module 5 Audit management system 75 minutes 12:45 PM The Audit Process ISO definitions for auditing and ISO 27007:2013 (cont.) Activity 5A Develop checklist 45 minutes 2:00 PM Module 6 Pre Audit Activities Initiating contact with auditee Feasibility of audits Document review preparation Develop the audit plan Assign the audit team Prepare auditing work documents 45 minutes 2:45 PM Activity 6A/6B Understand nonconformances and 90 minutes 3: -30 PM QPS Inc. 110B Brochure Page 4 of 5

5 observations Homework Summary, discussions, questions, 30 minutes 5:00 PM answers, and feedback - dismissal Dismissal 5:30 PM DAY 3 Module Topics Time Overview Recap day 2 Preview day 3 Module 7 On Site Audit Activities Conduct Opening Meeting Perform document review Communicating during the audit Assign roles and responsibilities to guides/observers Collect and verify information 15 minutes 8:30 AM 45 minutes 8:45 AM Workshop 7A Simulated on site audit activities 105 minutes 9:30 AM Module 8 Reporting 45 minutes 11:15 AM and Follow-Up Development audit conclusion based on gathered information Develop an audit report Conduct a closing meeting Initiate corrective actions Conduct follow up activities Lunch 45 minutes 12:00 PM Activity 8A Report an audit and corrective action 120 minutes 12:45 PM Review Pre-examination review 45 minutes 2:45 PM Questions and answers Examination 120 minutes 3:30 PM 5:30 PM QPS Inc. 110B Brochure Page 5 of 5