ISO27001: 2017 Foundation
This course has been retired. Please view currently available Cyber Security Training Courses.
Day 1 (11 topics)
- Why do you need certification to ISO 27001?
- The relationship between ISO27001, and ISO27002
- What the Information Security Management System (ISMS) is and what it is trying to achieve; Confidentiality, integrity, availability, plus audit
- Over view of the stages of the ISMS
- Defining an Information Security Policy
- Defining the scope of the ISMS
- What are information assets, and identifying them?
- Conducting risk assessments, Identifying asset values, threats and vulnerabilities, Practical exercise - under taking a risk assessment and Managing risk
- Risk measurement
- Results and conclusions resulting from an assessment
- Risk reduction and acceptance techniques
Day 2 (7 topics)
- Determining control objectives
- Selecting control objectives and controls
- Information Security Overview
- ISO 27001/ ISO27002 control objectives and controls
- The application of countermeasures, Creating a workable countermeasure
- Preparing a Statement of Applicability
- Auditing the ISMS, What does auditing achieve? How should auditing be conducted? and Different types of audit
Day 3 (3 topics)
- Preparing for formal certification audits
- The phase 1 and 2 ISO 27001 audits
- Maintaining Certification
There are no pre-requisites. However, we recommend that all delegates familiarise themselves with BS ISO_IEC 27001_2017, and BS ISO_IEC 27002_2017.