WHAT IS INFORMATION SECURITY MANAGEMENT SYSTEM?
ISO/IEC 27001:2013 international standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
Information being a valuable asset and a building block is the key to the growth of any organization. Information needs to be suitably protected like any other important business asset.
In the modern world this asset becomes crucial for success and maintaining credibility of the organization. If this asset is compromised then the organization may have to face various threats and risks like brand image erosion, business disruption, financial and productivity loss etc. On the other side, information security also maximize return on investments, minimize business risks and increase business opportunities.
Our training courses are structured to provide an understanding of ISO/IEC 27001:2013 requirements blended with case studies, exercises and role plays where a participant will be equipped with the knowledge and skills which are needed to implement the Information Security Management System (ISMS) of an organization.
- Enhancement of skills and knowledge.
- Will be enabled to provide valuable insights to the management with regards to ISMS implementation.
- Will be enabled to add value as an implementer by implementing effective controls that will help preventing or mitigating risks and subsequently improving the overall ISMS.
- Enables you to improve your career prospects worldwide.
COURSE CONTENT / OUTLINE
- Understanding the purpose of an Information Security Management System by establish the context of the organization and the processes involved in establishing, implementing, maintaining and continually improving an ISMS.
- Understanding the mandatory documents and records required by the international standard.
- Formulation of ISMS Scope and Statement of Applicability (SoA).
- Assist top management in formulating the Information Security Policy and Information Security Objectives that are aligned with the strategic direction of the organization.
- Establishing Risk Assessment and Risk Treatment methodology based on the context of the organization and implementing the same.
- Assist in establishing the internal audit program and management reviews within an organization.
- Understanding controls listed in Annex A of the standard and knowledge of implementing correct type of controls to mitigate risks.
WHO SHOULD ATTEND?
- Professionals who are interested in implementing an effective information security management system framework within an organization.
- Personnel who want to pursue a career as an implementer in information security management system.
- Project managers or consultants responsible for establishing, implementing, maintaining, auditing and improving Information Security Management Systems within an organization.
- Top Management (IT Head, CISO etc.) and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
Knowledge on ISMS would be an added advantage.
PARTNER INSTITUTE INFO
- Candidates will be assessed by the following 2 methods
- Continuous assessment: This includes assessment throughout the course for punctuality, presentation skills, interactive approach, involvement, role-play, classroom exercises, assignments etc.
- Written examination (open book): This will be at the end of the course.
- Duration of the written exam is 120 minutes
- Minimum passing criteria is 70% in both continuous assessment and written examination.
- Candidates who scores 70% and above in both the continuous assessment and written examination will be issued a TUV SUD certificate.
- Unsuccessful candidates will be issued a certificate of attendance.