Information Security Certified ISO 27001 Implementation Practitioner (CIIP)

Provided by

Enquire about this course

About the course

Information Security
Certified ISO 27001 Implementation Practitioner (CIIP)
Fundamentals - level course

This three-day practical ISO 27001 training course is for people who want to understand the component parts of the ISO Standard with a view to setting up an implementation project. You will learn how to define and risk-assess your organisation’s information assets, and prepare for the essential requirements needed to obtain ISO 27001 certification.

How will I benefit?
With this course, you will:

  • Gain an in-depth understanding of information security and how it applies to your organisation
  • Learn how to define information assets in a way that’s suitable for your organisation and how to undertake a risk assessment
  • Gain confidence that certification is within reach and obtain guidance on applying for certification

“Solid coverage of the standard, referenced well to the point of applicability and usability.”

CIIP Delegate

Bluefish Communications


For more information about this course, please see below

What will I learn?

  • You will gain an understanding of the key steps involved in planning, implementing and maintaining an ISO 27001-compliant information security management system (ISMS)
  • You will learn what an ISMS is and how to define information security policies for your organisation
  • You will gain the skills needed to identify information assets and undertake a risk assessment, and will acquire effective techniques for managing risk


Who should attend?
Anyone with responsibility for, or with an interest in, information security, including:

  • People employed in IT, financial and HR management
  • Computer auditors
  • IT security officers
  • Information security professionals

COURSE OVERVIEW
This course covers all the key steps involved in planning, implementing and maintaining an ISO 27001 compliant information security management system (ISMS). This allows you to gain confidence that certification is within reach and an in-depth understanding of
information security and how it applies to you and your organisation.
The course is designed to involve delegate participation, using a mix of
formal training and practical exercises, based primarily on a detailed case study.

THE SKILLS YOU WILL LEARN

  • An understanding of the key steps involved in planning, implementing and maintaining an ISO 27001-compliant information security management system (ISMS)
  • What an ISMS is and how to define information security policies for your organisation
  • Gain the skills needed to identify information assets and undertake a risk assessment, and effective techniques for managing risk
  • Learn how to treat implementation as a project and the common pitfalls
  • Gain an overview of the ISO 27001 Annex A controls

KEY BENEFITS
With this course, you will:

  • Gain an in-depth understanding of information security and how it applies to your organisation
  • Learn how to define information assets in a way that’s suitable for your organisation and how to undertake a risk assessment
  • Gain confidence that certification is within reach and obtain guidance on applying for certification

WHO SHOULD ATTEND
Anyone with responsibility for, or with an interest in, information security,
including:

  • People employed in IT, financial and HR management
  • Computer auditors
  • IT security officers
  • Information security professionals

PREREQUISITES
This course is suitable for non-technical staff and no prior knowledge is required.

WHAT QUALIFICATION WILL I RECEIVE?
Those delegates successfully passing the exam at the end of the course
will be awarded 7Safe’s Certified ISO Implementation Practitioner (CIIP)
qualification

1. Identifying information assets
a. What are information assets?
b. Creating an asset classification
system

2. Risk Assessment
a. The definition of risk under ISO
27001:2013
b. The revised options for risk
assessments under the standard
c. How to carry out an information
security risk assessment -
identifying asset values, threats
and vulnerabilities
d. Creating a usable and simple
risk methodology
e. Selecting and using risk
assessment tools
f. Results and conclusions resulting
from an assessment

3. Risk Management
a. Risk measurement
b. Risk reduction and acceptance
techniques
c. ISO 27001 control objectives and
controls
d. Measuring the effectiveness
of controls and mapping them
to Annex A
e. The application of
countermeasures
f. Additional controls not in
ISO 27001
g. Preparing a Statement of
Applicability – what to include
and/or exclude
h. The need to review and audit
the ISMS

4. Auditing
a. What does auditing achieve?
b. How to prepare for the audit
c. How should auditing be
conducted?
d. Different types of audit
e. The phase 1 and 2 ISO 27001
audits
f. Certification – what is next?

5. Comparing the Old (27001:2005)
with the New (27001:2013)

 

 

Enquire

Start date Location / delivery
27 Nov 2019 Cambridge
27 Nov 2019 Cambridge
11 Mar 2020 Cambridge
01 Jul 2020 Cambridge
25 Nov 2020 Cambridge

Related article

Cyber security – why bother? Most people’s perception of cyber-attacks are either of someone in a darkened room trying to take down web sites, or c...