ISO 27001 - ISMS Awareness & Application

Objectives

To give an understanding of:

• What an information security management system (ISMS) is and how it can help business
• Why companies are going for registration to ISO 27001:2005
• The basic registration process
• Where to get help and information
• Where to start to implement a system
• To identify the requirements for an ISMS
• To explain the tools used to meet the requirements
• To assist people in attaining the skills to be able to implement an effective ISMS.

Course Content

A one day course giving an overview of an ISMS and the requirements for implementation containing the following:

• Overview of what is meant by ISMS and the basic constituents of an ISMS
• Explanation of how an ISMS can help
• Overview of the requirements of ISO 27001:2005 and the potential benefits
• Implementation of an ISMS, including setting and reviewing ISMS policy, procedures required by the standard
• Identifying and evaluating assets
• Vulnerabilities associated with these assets, risk assessment
• Annex A, control objectives, risk treatment plan & statement of applicability.

Who Should Attend

This course is designed for people assigned to implement an ISMS practically e.g. managers already involved with control of another management system, consultants.

What Should Have Been Learnt

• How to start implementing an ISMS practically
• Some of the tools and documentation used to achieve results within an ISMS
• The benefits of an information security management system to the business.