The value of information and the recent high-level information security violations created a constantly growing need for protecting all sorts of information at organizations. Information Security Management System (ISMS) is a management system for ensuring the security of an organization’s valuable and sensitive information.
The objective of this training is to communicate the information necessary to set up an efficient ISMS that fulfills the requirements of ISO 17799 (now called ISO 27002) and ISO 27001 to the participants through practical and group work.
The program consists of practical implementation rather than theoretical ones, and of the execution of an actually small-scale ISMS with a specific methodology.
Who Should Attend
Managers from any level and employees involved in the planning, establishment and implementation of the Information Security Management System.
In this training, participants will receive information about the implementation of ISO 27002 & ISO 27001 requirements in their organizations, and will be able to transfer their learnings to the implementations in their organizations thanks to practical work.
- An overview of ISO 27001
- Critical processes and their integration
- Critical cornerstones, roles and responsibilities for permanent information security
- ISO 27001 case study
- Setting up and making the definitions for a Case Company
- Determine the scope
- Prepare the visual scope
- Formulate the security policy
- Decide the Risk Analysis method
- Analyze in-scope processes
- Identify assets and asset owners
- Select threats and weaknesses
- Identify and list risks
- Determine and evaluate control options
- Make the Executive Presentation
- Statement of Applicability (SoA) Preparation
- Launch ISMS
Participants are recommended to familiarize themselves with the ISO 27002 and ISO 27001 Standards prior to the training.