Introduction:
An IS/IEC Lead Implementer refers to a professional who is responsible for implementing and managing Information Security Management Systems (ISMS) or other standards related to Information Security in organizations, following the guidelines set by the International Organization for Standardization (ISO) or the International Electrotechnical Commission (IEC). The most common standard they work with is ISO/IEC 27001, which provides a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS.
In today’s digital landscape, where information security breaches and cyber threats are common, the role of the IS/IEC Lead Implementer is critical to ensuring that organizations protect sensitive information, comply with regulatory requirements, and maintain business continuity.
An IS/IEC Lead Implementer is pivotal in managing an organization’s information security infrastructure by implementing the ISMS framework, ensuring compliance with ISO/IEC standards, and safeguarding the organization’s data and operations from potential security risks.
Target Audience:
·IT Department & Digital Transformation Sections
·Risk and Compliance Sections & Internal Auditors
By the end of the training participants should be able to:
1. Lead the implementation and management of an ISMS in compliance with ISO/IEC 27001.
2. Conduct risk assessments and develop appropriate security measures.
3. Create policies, procedures, and controls that mitigate security risks.
4. Lead internal audits and prepare the organization for external certification audits.
5. Promote a culture of information security awareness and continuous improvement.
This comprehensive training ensures that Lead Implementers are prepared to guide their organizations in achieving information security goals while maintaining compliance with internationally recognized standards.
Training Content:
Day 1: Introduction to ISO/IEC 27001 and initiation of an ISMS implementation
Section 1: Training course objectives and structure · General information & Educational approach · Agenda of the training course & Learning objectives Section 2: Standards and regulatory frameworks · The ISO/IEC 27000 family of standards · The development of the ISO/IEC 27000 family of standards · Advantages of an ISMS based on ISO/IEC 27001 Section 3: Information security management system (ISMS) · The definition of a management system & ISMS · Integrated management systems · Overview of clauses 4 to 10 & Annex A · The process approaches Section 4: Fundamental concepts and principles of information security · Information and asset · Information security, Confidentiality, integrity, and availability · Vulnerability, threat, and consequence · Information security risk & Classification of security controls · Cybersecurity & Information privacy Section 5: Initiation of the ISMS implementation · Defining an approach to the ISMS implementation & Proposing implementation approaches · Applying the proposed implementation approaches · Creating a business case & Aligning with best practices · Selecting a methodological framework to manage the implementation of the ISMS Section 6: Understanding the organization and its context · Mission, objectives, values, and strategies of the organization · ISMS objectives, Preliminary scope, Internal and external environment · Key processes and activities & Climate change impact · Interested parties & Business requirements Section 7: ISMS scope · Boundaries of the ISMS & Organizational boundaries · Information security boundaries · Physical boundaries & ISMS scope statement |
Day2: Implementation plan pf an ISMS
Section 8: Leadership and project approval · Leadership and commitment · ISMS project plan, Team, and manager · Management approval for the ISMS project implementation Section 9: Organizational structure. · Organizational structure and Information security coordinator · Roles and responsibilities of interested parties and key committees Section 10: Analysis of the existing system · Determining the current state & Conducting a gap analysis · Establishing maturity targets & Presenting a gap analysis report Section 11: Information security policy · Types of policies and models · Information security policy · Specific security policies · Management approval of policies · Publication and dissemination of policies · Control, evaluation, and review of policies Section 12: Risk management · ISO 31000 and ISO/IEC 27005 · Context establishment · Risk assessment and treatment · Communication and consultation · Recording and reporting · Monitoring and review Section 13: Statement of Applicability · Review and selection of applicable information security controls · Justification of selected controls and excluded controls · Finalization of the Statement of Applicability · Management approval |
Day 3: Implementation of an ISMS
Section 14: Selection and design of controls · Analysis of the organization’s security architecture · Preparation for the implementation of controls · Design and description of controls Section 15: Implementation of controls · Implementation of security processes and controls · Introduction of Annex A controls Section 16: Management of documented information · Types of documented information · Documentation approach & Creation of templates · Documented information management process · Documented information management system · Management of records Section 17: Trends and technologies · Big data & The three V’s of big data · Artificial intelligence & Machine learning · Cloud computing & Outsourced operations · The impact of new technologies in information security Section 18: Communication · Principles of effective communication · Information security communication process · Communication objectives · Identification of interested parties & Communication activities · Evaluation of communication process Section 19: Competence and awareness · Competence and people development · Training and awareness · Competence needs & Competence development activities · Competence development programs · Training and awareness programs · Evaluation of the training outcomes Section 20: Management of security operations · Change management planning · Management of operations & resources · Process and procedure for incident management · Information security incident management policy · Incident response team · Incident management security controls · Forensics process · Records of information security incidents · Measurement and review of the incident management process |
Day 4: ISMS monitoring, continual improvement, and preparation for the certification audit
Section 21: Monitoring, measurement, analysis, and evaluation · Determine measurement objectives · Define what needs to be monitored and measured · Establish ISMS performance indicators · Determine the frequency and method of monitoring and measurement · Report the results Section 22: Internal audit · What is an audit? · Types of audits · Internal audit program · Independence, objectivity, and impartiality · Allocation and management of resources for the audit program · Nonconformities · Following up on nonconformities Section 23: Management review · Preparing for the management review · Conducting the management review · Determining the management review outputs · Following up on the management review Section 24: Treatment of nonconformities · Resolution of problems and nonconformities · Root-cause analysis · Corrective actions · Preventive actions · Action plans Section 25: Continual improvement · Continual monitoring of change factors · Maintenance and improvement of the ISMS · Continual update of the documented information · Documentation of the improvements Section 26: Preparation for the certification audit · Accreditation and certification bodies · Selection of the certification body · Stage 1 audit · Stage 2 audit · Audit follow-up · Certification recommendation and decision · Recertification audit |
Day 5: Exam
Course Review and Practice Exam |
عدد الساعات التدريبية : 40 ساعة
تاريخ الإنعقاد : أيام السبت 28/06-26/07/2025
وقت الإنعقاد : من الساعة 9 صباحاً حتى 5 مساءً
مكان الإنعقاد : المعهد المصرفي الفلسطيني – رام الله
الرسوم للإعضاء : 1100 $
الرسوم لغير الإعضاء : 1200 $