Day 1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001 and launching an ISMS
- Introduction to management systems and the process approach
- Detailed presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
- Fundamental principles of Information Security
- Preliminary analysis and determining the level of maturity of the existing management of the Information Security based upon ISO/IEC 21827:2008
- Writing the business case and preliminary design of the ISMS
- Developing a project plan of compliance to ISO/IEC 27001:2005
Day 2: Planning an ISMS based on ISO27001
- Defining the scope of the ISMS
- Drafting the ISMS and information security policies
- Selection of the approach and methodology for risk assessment
- Risk management according to ISO 27005: identification, analysis and treatment of risk
- Drafting the Statement of Applicability
Day 3: Launching and implementing an ISMS based on ISO27001
- Implementation of a document management framework
- Design of controls and writing procedures
- Implementation of controls
- Development of a training & awareness program and communicating about the information security
- Incident Management according to ISO 27035
- Operations management of an ISMS
Day 4: Control, act and the certification audit of the ISMS according to ISO 27001
- Monitoring the ISMS controls
- Development of metrics, performance indicators and the dashboard in accordance with ISO 27004
- ISO 27001 Internal Audit
- Management review of the ISMS
- Implementation of a continuous improvement program
- Preparing for the ISO 27001 certification audit
Day 5
- Course review
- Q&A
- Exam preparation