Course Description
ISMS implementer course assists in providing implementation guidance to implement an effective Information Security Management System (ISMS) within an organization. This course comprises of four modules.
Module 1 (60 mins): Awareness in ISMS.
Module 2 (120 mins): Risk assessment and management.
Module 3 (180 mins): Implementation guidelines for ISMS based on ISO/IEC 27003
Module 4 (180 mins): Implementation guidelines for ISMS based on ISO/IEC 27002
Who Will Benefit?
- Security professionals, Infosec team members and consultants who have a role in establishing, implementing, maintaining and improving an ISMS in an organization.
- Project managers managing IT projects.
Learning Objectives
Module 1: To create an awareness of information security and understand key concepts of ISMS.
Module 2: To understand the risk assessment and risk treatment process which is aligned with ISO 31000.
Module 3: Provide guidance on the generic implementation of the clauses of ISO/IEC 27001 requirements.
Module 4: Provide guidance on the generic implementation of the Annex A controls of ISO/IEC 27001 requirements.
Course Agenda
Module 1:
- ISMS concepts and benefits.
- Information and its classification schemes.
- Importance of information security framework.
- Requirement standard and guideline – Differences.
- ISO 27000 series of standards.
Module 2:
- Understanding context of the organization, interested parties, scope of ISMS and risk.
- Components of risk assessment and its relationships.
- Risk assessment process (risk identification, risk analysis, risk evaluation, pitfalls of risk assessment)
- Risk treatment process (Risk treatment options, risk treatment plan, Controls and its type, Statement of Applicability)
Module 3 (Based on ISO/IEC 27003):
- Generic implementation of the ISO/IEC 27001 clauses in
- Plan phase (Clauses 4, 5, 6, 7) – Context of the organization, Leadership, Planning, Support
- Do phase (Clause 8) – Operations
- Check phase (Clause 9) – Performance evaluation
- Act phase (Clause 10) – Improvement
Module 4 (Based on ISO/IEC 27002):
- Structure of ISO/IEC 27002 (Security domains, control objectives, controls)
- Generic implementation of the Annex A controls of ISO/IEC 27001.
Methodology
The course employs a variety of training tools such as content-embedded assessment, simulations, and other interactive exercises to enhance instructional delivery. Easily accessible via your preferred choice of device, the course allows you to log in and learn whenever, wherever. You will be required to pass assessment to receive your recognized e-certificate with a unique ID.
Learning Assessments
Participation certificate awarded upon passing the final assessment.
Course Materials
Module 1
- ISMS concepts and benefits.
- Information and its classification schemes.
- Importance of information security framework.
- Requirement standard and guideline – Differences.
- ISO 27000 series of standards.
- Structure of ISO/IEC 27001 international standard.
Module 2
- Understanding the context of the organization, interested parties, scope of ISMS and risk.
- Components of risk assessment and its relationships.
- Risk assessment process (risk identification, risk analysis, risk evaluation, pitfalls of risk assessment)
- Risk treatment process (Risk treatment options, risk treatment plan, Controls and its type, Statement of Applicability)
