Name of Training Course
Understanding the operation of an information security management system supported by ISO 27001

Description
Understanding the operation of an information security management system (ISMS) in accordance with ISO 27001:2005 facilitates implementation of projects which use the requirements of this international standard. The implementation and management stages are covered with the aid of practical examples and workshops.

The course provides the necessary fundamentals for building an Information Security Management System. Real-world situations experienced by the participants will be reviewed in the light of the requirements of the standard.

ISO 27001:2005 gives a professional framework for organisations which want to obtain international recognition for their ISMS.

ISO 27001:2005 is compatible with international management standards ISO 9001, ISO 14001 and ISO 31000.

General and Specific Objectives
1. Clarify the terms and definitions used in an ISMS
- Confidentiality, integrity and availability of information
2. Identify the components of an Information Security Management System
- Identification of the methodology and acceptance criteria
- Identification of assets with their owner, vulnerability and threats
- Identification of impacts on loss of confidentiality, integrity and availability
- Understanding the DdA (Declaration of Applicability)
3. Analyse and evaluate information security related risks
- Evaluate impacts on the activities of the organisation
- Take into account levels of risk, considering vulnerabilities and threats
4. Handling of information security related risks
- Defining information security objectives
- Preparing the Declaration of Applicability with its objectives and related measures
5. Implementation and management of an ISMS
- Required Components (Organisation, Resources etc.)
- Basic rules (functioning, policies, documentation requirements etc.)
6. Senior Management responsibility for the ISMS
- Management review and allocation of resources
- Internal audits and continuous improvement

Skills Acquired
Understanding of the requirements of ISO 27001
Ability to identify the actions to be implemented to meet ISO 27001 requirements
Ability to apply ISO 27001 requirements to real word situations

Professional Context
This course on ISO 27001 will enable attendees to put the standard into practice.
During the course each participant will be invited to work on an action plan for his own working environment.

Prerequisites
Knowledge of ISO 9001 related practices is an advantage. Management job function in their organisation.

Qualification Issued
Course certificate

Duration
26 hours over 5 days. Monday 13:30 H to Friday 12:00 H