This 5-day full-time classroom-based ISMS Auditor/Lead Auditor Training Course equips students with the knowledge and skills required to perform audits of Information Security Management Systems against ISO 27001, in accordance with ISO 19011 and ISO 27006.
COURSE OVERVIEW:
Students will understand the purpose of an information security management system and also be able to explain the processes involved in establishing, implementing, operating, monitoring, reviewing and improving an ISMS as defined in the ISO 27001 standard, including the significance of these for ISMS auditors.
The course is highly interactive in nature with emphasis on active involvement of students in group-work, brainstorming
sessions, quizzes, and reflection exercises and students teaching each other and sharing their experiences, discussions of real life examples which will help students in assimilating and consolidating their understanding of the ISMS based on ISO 27001 standard effectively. The tutor will provide his theoretical inputs to supplement the course and impart applied knowledge to various situations.
Students will be evaluated through a series of continuous assessments during the course, followed by a written exam to test their achievement of the learning objectives
COURSE OBJECTIVE:
At the end of the course, the students will be able to:
- Understand and explain the purpose of an information security management system and the processes involved in establishing,
implementing, operating, monitoring, reviewing and improving ISMS as defined in ISO 27001, including the significance of these for ISM auditors.
- Learn about the control objectives and control defined in Annex-A of ISO27001.
- Understand the purpose, content and inter- relationship of ISO 27001, ISO 27002, ISO 19011, ISO/IEC TR 13335 Parts 1 and 2
(MICTS), ISO/IEC TR 18044, ISO 27006 and the legislative framework relevant to an ISMS. Students will also learn about the role of the ISMS Auditor Certification requirements as specified in the manual.
COURSE CONTENTS:
The course will cover the topics such as:
- Purpose and business benefits of an information
security management system and the process based approach to the ISMS that involves establishing, implementing and operating, monitoring and reviewing and improving ISMS, including the significance of this for ISMS auditors, management responsibility towards the ISMS, internal ISMS audits, management review of ISMS and ISMS improvement and the understanding of control objectives and controls.
- ISMS Scope identification and information security policy formulation, Asset Identification and Classification, Risk Identification, Risk Treatment and Risk Management by adopting the appropriate security policy and procedural controls will also be covered. Students will learn about evaluating the Statement of Applicability based on the business processes of an organization and the associated risks, Information Security Incident Management and Business Continuity and compliance to various applicable legislations.
- Purpose, content and correlation between various standards like ISO 27002, ISO/IEC TR 13335 Parts 3 and 4 (GMITS), ISO/IEC TR 18044 and the ISO 27001 standard and their related terminology. Description, role and function of various Accreditation and Certification bodies, in the approval of training courses and certification of auditors including an outline of the ISMS auditor certification requirements as defined in
Requirements for Certification as an ISMS Auditor, and the Auditor’s role in accordance with ISO 27006 and ISO 19011.
- The ISMS audit process, principles, and methodology and best practices in planning, conducting, reporting and following up an audit.
WHO SHOULD ATTEND:
Information Technology Managers, Information Security Managers and Administrators, Quality Officers, Risk Managers, practicing Information Security Consultants and Auditors with prior knowledge of the ISO 27001 standard.
COURSE BENEFITS:
- The students will be able to interpret the requirements of ISO 27001 and ISO 27006 in the context of an ISMS audit.
- Students will be able to check and confirm the ISMS audit objectives and carry out Information risk assessment based on information security threats to assets, inherent vulnerabilities and corresponding impact on an organization.
- Students will apply the ISO 27001 standard clauses appropriately in an audit situation. They will learn about the various accreditation and certification bodies, its requirements for ISMS Auditor Certification.
- Students will also be able to undertake the role of an auditor to plan, conduct, report and follow up an ISMS audit in accordance with ISO 19011.
