ISO27001 Foundation &Practitioner Description
ISO/IEC 27001 is an international standard that provides the basis for effective management of confidential and sensitive information, and for the application of information security controls.
ISO/IEC27001 provides organizations with a structured approach to information security management to enable them to secure their information assets. It also enhances information security through adoption of best practices and provide a competitive differentiator for organizations when tendering for business and contracts (enhance reputation for the secure management of confidential and sensitive information) by demonstrating compliance with an internationally recognized standard and the ability to satisfy customer security requirements.
ISO 27001 Foundation
The purpose of the foundation qualification is to confirm that a candidate has sufficient knowledge of the contents and high level requirements of the ISO/IEC 27001 standard, and understands at a foundation level how the standard operates in a typical organization.
ISO27001 Practitioner
Information is a business asset that is essential to an organisation's business and consequently needs to be protected. Information can be stored in many forms and is generally dependent upon information and communications technology.
Technology is an essential element in any organisation and assists in facilitating the creation, processing, storing, transmitting, protection and disposal of information.
ISO/IEC 27001 is an international standard that provides the basis for effective management of confidential and sensitive information, and for the application of information security controls.
It allows organizations to demonstrate excellence and prove best practice in Information Security management. The standard enables organizations to achieve conformance to an information security management system which requires them to continually improve their control of confidential and sensitive information.
ISO/IEC27001 provides organizations with a structured approach to information security management to enable them to secure their information assets. It also enhances information security through adoption of best practices and provide a competitive differentiator for organizations when tendering for business and contracts (enhance reputation for the secure management of confidential and sensitive information) by demonstrating compliance with an internationally recognized standard and the ability to satisfy customer security requirements.
This course and the standard deal with the protection of information in the organisation and the management of associated risks.
Target Audience
This qualification is aimed at those who are:
- Working to implement or maintain an ISMS within an organization
- Required to audit an ISMS and are required to have a basic understanding of the standard
- Working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001.
Targeted at quality managers, other executives, managers and supervisors, business process owners, program and project managers, assessors, consultants, auditors, business continuity, information security and risk managers.
Learning Objectives - ISO 27001 Foundation
The candidate should understand the scope, objectives, key terminology and high level requirements of the ISO/IEC 27001 standard, how it is used in an organization for information security, together with the main elements of the certification process.
Learning Objectives - ISO 27001 Practitioner
The objectives of the program are to ensure that individuals that plays a role in the implementation, maintenance and audit of ISO27001 have the requisite skills and to ensure that they enable the achievement of organisational goals and objective through the program.
Agenda - ISO 27001 Foundation
Day 1
- Introduction, background and definitions
- Relationship with other standards
- The Information Security Management System (ISMS)
Day 2
- Information security controls and the statement of applicability
- Achieving certification
- Sample exam & review
Agenda - ISO 27001 Practitioner
Day 1
- Introduction and background
- Objectives and status of ISO/IEC27000 family
- Preparing for an Information Security Management System (ISMS)
- Planning and operating the Information Security Management System (ISMS)
Day 2
- Planning and operating the Information Security Management System (ISMS)
- Information security controls
- Revision
- Sample exam
Exams - ISO 27001 Foundation
- 50 multiple choice questions
- 40 minutes to complete
- The pass mark is 50% overall (25/50)
- Examination is closed book
Exams - ISO 27001 Practitioner
- 3-hour, scenario based objective test examination
- 4 questions – each worth 20 marks
- The pass mark is 50% (40 marks).
- Delegates are expected to have a copy of ISO/IEC 27001 standard available for reference (No other reference material is allowed).