About the course
This three day ISO/IEC 27001 Foundation training course will introduce delegates to the requirements and principles of ISO/IEC 27001, providing delegates with an awareness of the issues and challenges involved in implementing an information security management system. This practical foundation course is designed to provide an introduction to information security management (ISM) systems as set out in ISO/IEC 27001:2017. N.B. There is no change to the content of the ISO27001 standard despite a new 2017 version being published recently. It is basically just a change to incorporate renumbering of BS ISO/IEC 27001:2013 to include the EN status as BS EN ISO/IEC 27001:2017. This means the standard has now been ratified by at least one of the European Standardisation Organisations. Prerequisites There are no pre-requisites. However, we recommend that all delegates familiarise themselves with BS ISO_IEC 27001_2017, and BS ISO_IEC 27002_2017. Intended Audience: Security and IT professionals, those responsible for risk and audit or project managers responsible for ISO27001 compliance programmes. Delegates will learn how to • The detailed requirements of ISO/IEC 27001:2017 • How to identify information assets • How to identify the threats, vulnerabilities and risks associated with Assets • How to Plan the ISMS implementation program: Timescales and resources. Risk assessment and management, Producing a Statement of Applicability and Documentation, monitoring and auditing • Preparing for certification • Sources of information and further development Outline Day 1: 1. Why do you need certification to ISO 27001? 2. The relationship between ISO27001, and ISO27002 3. What the Information Security Management System (ISMS) is and what it is trying to achieve; Confidentiality, integrity, availability, plus audit 4. Over view of the stages of the ISMS 5. Defining an Information Security Policy 6. Defining the scope of the ISMS 7. What are information assets, and identifying them? 8. Conducting risk assessments, Identifying asset values, threats and vulnerabilities, Practical exercise - under taking a risk assessment and Managing risk 9. Risk measurement Results and conclusions resulting from an assessment Risk reduction and acceptance techniques Day 2: 1. Determining control objectives 2. Selecting control objectives and controls 3. Information Security Overview 4. ISO 27001/ ISO27002 control objectives and controls 5. The application of countermeasures, Creating a workable countermeasure 6. Preparing a Statement of Applicability 7. Auditing the ISMS, What does auditing achieve? How should auditing be conducted? and Different types of audit Day 3: 1. Preparing for formal certification audits 2. The phase 1 and 2 ISO 27001 audits 3. Maintaining Certification Please note, this course does not include ISO27001 Lead Auditor training modules.