ISO 27001 Information Security Management

ISO 27001

ISO/IEC 27001 is an international standard that provides the basis for effective management of confidential and sensitive information, and for the application of information security controls.

ISO/IEC27001 provides organizations with a structured approach to information security management to enable them to secure their information assets. It also enhances information security through adoption of best practices and provide a competitive differentiator for organizations when tendering for business and contracts (enhance reputation for the secure management of confidential and sensitive information) by demonstrating compliance with an internationally recognized standard and the ability to satisfy customer security requirements. 

ISO 27001 Foundation

Course description

The purpose of the foundation qualification is to confirm that a candidate has sufficient knowledge of the contents and high level requirements of the ISO/IEC 27001 standard, and understands at a foundation level how the standard operates in a typical organization.

Target audience

This qualification is aimed at those who are:

  • Working to implement or maintain an ISMS within an organization
  • Required to audit an ISMS and are required to have a basic understanding of the standard
  • Working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001.

Learning objectives & agenda

The candidate should understand the scope, objectives, key terminology and high level requirements of the ISO/IEC 27001 standard, how it is used in an organization for information security, together with the main elements of the certification process.

Day 1

  • Introduction, background and definitions
  • Relationship with other standards
  • The Information Security Management System (ISMS)

Day 2

  • Information security controls and the statement of applicability
  • Achieving certification
  • Sample exam & review

Course material

The formal course is based on a set of lectures supported by slides, student handbook, exercises and sample examination questions. This course consists of a student manual that expand on the topics covered in the lectures. Students should use this material to prepare for the exam.

Prerequisites

There is no pre-requisite for the foundation qualification but an interest and/or background in information security or service management would be an advantage.

Examination

50 multiple choice questions

40 minutes to complete

The pass mark is 50% overall (25/50)

Examination is closed book


ISO27001 Practitioner

Information is a business asset that is essential to an organisation's business and consequently needs to be protected. Information can be stored in many forms and is generally dependent upon information and communications technology.

Technology is an essential element in any organisation and assists in facilitating the creation, processing, storing, transmitting, protection and disposal of information.

ISO/IEC 27001 is an international standard that provides the basis for effective management of confidential and sensitive information, and for the application of information security controls.

It allows organizations to demonstrate excellence and prove best practice in Information Security management.   The   standard   enables organizations to achieve conformance to an information security management system which requires them to continually improve their control of confidential and sensitive information.

Course description

ISO/IEC27001 provides organizations with a structured approach to information security management to enable them to secure their information assets. It also enhances information security through adoption of best practices and provide a competitive differentiator for organizations when tendering for business and contracts (enhance reputation for the secure management of confidential and sensitive information) by demonstrating compliance with an internationally recognized standard and the ability to satisfy customer security requirements. 

This course and the standard deal with the protection of information in the organisation and the management of associated risks.

Learning objectives & agenda

The objectives of the program are to ensure that individuals that plays a role in the implementation, maintenance and audit of ISO27001 have the requisite skills and to ensure that they enable the achievement of organisational goals and objective through the program.   

Day 1

  • Introduction and background
  • Objectives and status of ISO/IEC27000 family
  • Preparing for an Information Security Management System (ISMS)
  • Planning and operating the Information Security Management System (ISMS)

Day 2

  • planning and operating the Information Security Management System (ISMS)
  • Information security controls
  • Revision
  • Sample exam

Target audience

Quality managers, other executives, managers and supervisors, business process owners, program and project managers, assessors, consultants, auditors, business continuity, information security and risk managers.

Course material

The formal course is based on a set of lectures supported by slides, student handbook, exercises and sample examination questions. This course consists of a student manual that expand on the topics covered in the lectures. Students should use this material to prepare for the exam.

Prerequisites

The pre-requisite for this qualification is either the APMG ISO/IEC 27001 Foundation qualification. The APMG ISO/IEC 27001 Foundation course is specifically designed as preparation for this Practitioner qualification.

Examination

  • 3-hour, scenario based objective test examination
  • 4 questions – each worth 20 marks
  • The pass mark is 50% (40 marks).
  • Delegates are expected to have a copy of ISO/IEC 27001 standard available for reference (No other reference material is allowed).