This course is designed to

Understand the purpose of ISMS and the processes involved in establishing, implementing, operating,

       monitoring, reviewing, maintaining and improving ISMS as defined in ISO 27001: 2005.

Understand the purpose, content and interrelationship of ISO 27001: 2005, ISO/IEC 17799 and

                    ISO 19011, ISO/IEC TR 13555 Parts 3 and 4 (GMITS), EA 7/03 and the legislative framework relevant  

                     to ISMS.

Understand the role of an auditor to plan, conduct, report and follow up an ISMS audit in

                     accordance with ISO 19011.

Contents of the course:

ISMS concepts & benefits

• ISMS standards

• Risk assessment & Risk management

• Business continuity management

• Incident management

• Audit fundamentals

• Audit management standard

• Audit planning

• Audit execution

• Audit reporting

• Audit follow-up

• ISMS certification process

• IRCA empanelment & code of conduct

• Examination

Who should attend?

Information Security practitioners

Information Security Managers

Managers

ISMS Designers

ISMS Consultants

System Managers / Administrators

Benefits from this course

Students will be able to check and confirm the ISMS audit objectives and carry out Information risk assessment based on information security threats to assets, inherent vulnerabilities and corresponding impact on an organization

Students will apply the ISO 27001 standard clauses appropriately in an audit situation. They will learn about the various accreditation and certification bodies, the role of IRCA and its requirements for ISMS Auditor Certification.

Students will also be able to undertake the role of an auditor to plan, conduct, report and follow up an ISMS audit in accordance with ISO 19011.

Duration: Five days