IS/IEC Lead Implementer ISO 27001

Section 1: Training course objectives and structure

·         General information &  Educational approach

·         Agenda of the training course & Learning objectives

Section 2: Standards and regulatory frameworks

·         The ISO/IEC 27000 family of standards

·         The development of the ISO/IEC 27000 family of standards

·         Advantages of an ISMS based on ISO/IEC 27001

 Section 3: Information security management system (ISMS)

·         The definition of a management system & ISMS

·         Integrated management systems

·         Overview of clauses 4 to 10 & Annex A

·         The process approaches

Section 4: Fundamental concepts and principles of information security

·         Information and asset

·         Information security, Confidentiality, integrity, and availability

·         Vulnerability, threat, and consequence

·         Information security risk &  Classification of security controls

·         Cybersecurity &  Information privacy

Section 5: Initiation of the ISMS implementation

·         Defining an approach to the ISMS implementation & Proposing implementation approaches

·         Applying the proposed implementation approaches

·         Creating a business case & Aligning with best practices

·         Selecting a methodological framework to manage the implementation of the ISMS

Section 6: Understanding the organization and its context

·         Mission, objectives, values, and strategies of the organization

·         ISMS objectives, Preliminary scope, Internal and external environment

·         Key processes and activities & Climate change impact

·         Interested parties & Business requirements

Section 7: ISMS scope

·         Boundaries of the ISMS & Organizational boundaries

·         Information security boundaries

·         Physical boundaries & ISMS scope statement

Section 8: Leadership and project approval

·         Leadership and commitment

·         ISMS project plan, Team, and manager

·         Management approval for the ISMS project implementation

Section 9: Organizational structure.

·         Organizational structure and  Information security coordinator

·         Roles and responsibilities of interested parties and key committees

Section 10: Analysis of the existing system

·         Determining the current state & Conducting a gap analysis

·         Establishing maturity targets & Presenting a gap analysis report

Section 11: Information security policy

·         Types of policies and models

·         Information security policy

·         Specific security policies

·         Management approval of policies

·         Publication and dissemination of policies

·         Control, evaluation, and review of policies

Section 12: Risk management

·         ISO 31000 and   ISO/IEC 27005

·         Context establishment

·         Risk assessment and treatment

·         Communication and consultation

·         Recording and reporting

·         Monitoring and review

Section 13: Statement of Applicability

·         Review and selection of applicable information security controls

·         Justification of selected controls and  excluded controls

·         Finalization of the Statement of Applicability

·         Management approval

Section 14: Selection and design of controls

·         Analysis of the organization’s security architecture

·         Preparation for the implementation of controls

·         Design and description of controls

Section 15: Implementation of controls

·         Implementation of security processes and controls

·         Introduction of Annex A controls

Section 16: Management of documented information

·         Types of documented information

·         Documentation approach & Creation of templates

·         Documented information management process

·         Documented information management system

·         Management of records

Section 17: Trends and technologies

·         Big data & The three V’s of big data

·         Artificial intelligence & Machine learning

·         Cloud computing & Outsourced operations

·         The impact of new technologies in information security

Section 18: Communication

·         Principles of effective communication

·         Information security communication process

·         Communication objectives

·         Identification of interested parties & Communication activities

·         Evaluation of communication process

Section 19: Competence and awareness

·         Competence and people development

·         Training and awareness

·         Competence needs & Competence development activities

·         Competence development programs

·         Training and awareness programs

·         Evaluation of the training outcomes

Section 20: Management of security operations

·         Change management planning

·         Management of operations & resources

·         Process and procedure for incident management

·         Information security incident management policy

·         Incident response team

·         Incident management security controls

·         Forensics process

·         Records of information security incidents

·         Measurement and review of the incident management process

Section 21: Monitoring, measurement, analysis, and evaluation

·         Determine measurement objectives

·         Define what needs to be monitored and measured

·         Establish ISMS performance indicators

·         Determine the frequency and method of monitoring and measurement

·         Report the results

Section 22: Internal audit

·         What is an audit?

·         Types of audits

·         Internal audit program

·         Independence, objectivity, and impartiality

·         Allocation and management of resources for the audit program

·         Nonconformities

·         Following up on nonconformities

Section 23: Management review

·         Preparing for the management review

·         Conducting the management review

·         Determining the management review outputs

·         Following up on the management review

Section 24: Treatment of nonconformities

·         Resolution of problems and nonconformities

·         Root-cause analysis

·         Corrective actions

·         Preventive actions

·         Action plans

Section 25: Continual improvement

·         Continual monitoring of change factors

·         Maintenance and improvement of the ISMS

·         Continual update of the documented information

·         Documentation of the improvements

Section 26: Preparation for the certification audit

·         Accreditation and certification bodies

·         Selection of the certification body

·         Stage 1 audit

·         Stage 2 audit

·         Audit follow-up

·         Certification recommendation and decision

·         Recertification audit

Course Review and Practice Exam