|
|
 |
IMPLEMENTING AND AUDITING ISO 27001:2005 TRAINING
COURSE BACKGROUND
Information is an asset, like other important business assets, it has value to an organization and consequently needs to be suitably protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities.
The issue of information security sees organizations of all sizes and from all sectors, with an identical problem? Their inherent vulnerability. No matter how secure and well protected an organization appears to be, sensitive information can be leaked without you even realizing until it’s too late. All information in all departments, whether on computer disk, paper or in the heads of those you employ, is at risk from any number of very real threats. Information security is no longer just an issue for IT managers – a single breach of information security could cost you your hard earned profits while doing irreparable damage to your image and reputation. Your capacity to trade profitably depends on your ability to manage this risk effectively.
An ISMS based on ISO 27001:2005 will provide a well-proven framework to initiate, implement, maintain and manage information security within any organization.
Recent high profile information security breaches and the value of information are highlighting the ever increasing need for organizations to protect their information.
An Information Security Management System (ISMS) is a controlled approach to managing sensitive company information so that it remains secure. It encompasses people, processes, and internal and external systems. Information and the supporting processes, systems and networks are important business assets. Confidentiality, integrity and availability of information is essential to maintain competitive edge, cash-flow, profitability, legal compliance and commercial image. Dependence on information systems and services means organizations are more vulnerable to security threats.
OBJECTIVES
At the end of the course the delegates will:
- Understand & acquire the necessary skills & a complete Framework for the implementation of an ISMS that is compliant with the requirements of ISO 17799:2005 & meets the registration requirements of ISO 27001:2005.
- Be able to examine specific issues surrounding information security, methods of control and countermeasures for threats.
- Be able to understand the business case for implementing an ISMS as per the methodology taught in the course with the help of workshops / exercises.
- Learn how to select controls / control objectives from the standard and based on these controls – how to develop company policies etc.
- Develop / build a small prototype ISMS step by step, as the course progresses, according to the road map.
PARTICIPANTS
Top and Middle Management, Information Systems Personnel, IT related personnel, Personnel related to information/database maintenance in all types of industries, banks, insurance companies, software houses/call centers and management systems auditors.
It is a unique opportunity for IT Professionals to learn about ISO IT standards. This training will help you better address and monitor the following challenges.
- Enable you to identify & address potential security gaps in the information systems.
- Increase protection against information system breakdowns, computer hacking and other outside threats.
- Help you to effectively implement a deterrent system for protection against the Internal Threats like internal hackers, disgruntled employees and many others.
- Help you build backup resources, increase personnel awareness to IS / IT threats & defines a coordinated enterprise approach.
- ISO 27001 provides a complete balance for physical, technical, procedural & HR security.
- Information Security is a management process, not a technological process, enables you to identify & address potential security gaps in your IS / IT systems, increase protection against leakage of information from the company & against information system breakdowns.
- Opportunity to identify and fix weaknesses – provides confidence to trading partners/stakeholders, and customers (Certification demonstrates due diligence).
TOPICS
Highly interactive course which includes:
- Business requirements for ISMS
- Interpretation of the requirements of ISO 27001:2005
- Information Security basics, myths and reality
- Assets and risk management
- Design, implementation & monitoring of an ISMS
- Determination of scope
- Identification of information assets
- Determination of value of information assets
- Determination of risk & risk assessment methodology
- Determination of policy (ies)
- Identification of Control Objectives and Controls
- Definition of policies, standards and procedures
- Completion of ISMS documentation requirements
- Developing Business Continuity Plan
- ISMS Audit Process
- Road Map to ISMS Certification
- Workshops / Case Studies / Exercises / On-site reviews
PRE WORK
No pre-work required
PRE-REQUISITES
No specific requirements but knowledge of information security practices and a prior review of the ISO 27001 (BS 7799) & ISO 17799:2005 standards will be an added advantage.
ASSESSMENT
No assessment
AWARD
Certificate of attendance
DURATION
3 days course (21 hrs)
From 09:00 to 17:00
FEES
MUR 18,500 per participant.
MQA approved
COURSE FACILITATOR (PROFILE)
Mr. Kh. Faisal Javed is Lead Auditor ISO 27001 / ISO 17799 ISMS (Info. Security), ISO 9001 QMS, ISO 14001 EMS & OHSAS 18001 (Safety). He holds certification CISA (Certified Information Systems Auditor) from ISACA, USA. He is currently the only ISO 20000 (BS 15000) – IT Service Management, Lead Auditor (registered with itSMF, UK) in Pakistan. Having an overall experience of more than 14 years in field of Quality Assurance / Quality Control, Management System Development Consultancy / Auditing, System Analysis & Design, IT Infrastructure Consultancy, BPR & Information Security.
He holds an MBA with specialization in MIS and PGD in System Analysis & Design. He is also a MCP (Microsoft Certified Professional) and holds professional membership of ISACA, USA (Information System Audit & Control Association) & PMI (Project Management Institute, USA).
He has conducted 400+ third party Certification audits in Pakistan & abroad, against ISO 27001 (BS 7799), ISO 9001 / 14001, OHSAS 18001 & BS 7799 / IS Audits in different sectors including audits of IT Consultancy firms, software houses, Call centers etc. He is currently working as Manager Operations (Central Regions) with SGS Pakistan.
START TODAY
SGS team is available to help you with any questions.
Please contact:
SGS (Mauritius) Ltd
Valentina, Phoenix
Mauritius
t.: (230) 696 8808
f.: (230) 696 7088
Email
www.mu.sgs.com
|
