ISO/IEC 27000 Series
Standard for Information Security Management
ISO International Standards are documents that provide specifications and guidelines that can be used consistently to ensure that products, processes and services are fit for their purpose. For business, they are strategic tools that reduce costs by minimizing waste and errors and increasing productivity. They help companies to access new markets, level the playing field for developing countries and facilitate free and fair global trade.
The ISO Standards series of course have been developed to provide professionals with guidance on mandatory requirements to put in place in their organization as well as practical recommendations regarding the formal or informal certification process related to it.
The specific ISO/IEC 27000 course focuses on information security management and provides guidance and tools to ensure that information security is brought under explicit management control.
The benefits of using the ISO/IEC 27000 series include:
Improved protection of sensitive information;
Reduced information security risk;
Balanced set of security controls;
Improved credibility, trust, satisfaction and confidence with customers and partners.
To get insight in the Standards concepts
To make clear the relevance of an information security management system
To provide sound understanding of the mandatory requirements
To provide guidance on how to use the standard
To make practical the certification process
1. Information Security Management Principles
2. Information Security Management System
3. Information Security Management Requirements
a. Security Policy
b. Organization of Information Security
c. Asset Management
d. Human Resources Security
e. Physical and Environmental Security
f. Communications and Operations Management
g. Access Control
h. Information Systems Acquisition, Development and Maintenance
i. Information Security Incident Management
j. Business Continuity Management
l. Risk Assessment and Treatment
4. Certification Process
• All individuals wanting to have a practical knowledge of information security management standards.
• All individuals involved in information security management activities.
• All individuals wanting to prepare or participating in an information security management certification process.
Theory and concepts illustrated by a trainer with sound expertise and experience in information security management.
Group discussions with the purpose to match the relevant information security management issues to real life experience.