ISO 27001 Lead Implementer Training
ISO 27001 Lead Implementer training focus on maturing the overall internal policy of an organization as per ISMS guidelines and enabling the organization to become ISO 27001 certified company .
ISO 27001:2013 basically describes how to develop the Information Security Management System or ISMS – you can consider this ISMS to be a systematic approach for managing and protecting a company’s information. The ISMS represent a set of policies, procedures, and various other controls that set the information security rules in an organization.
This course consist what kind of control for information security will be implemented in a company is decided based on the results of the risk assessment and on the requirements of interested parties. For each risk that needs to be treated, a combination of different types of controls will be implemented.
REAL LIFE CASE STUDIES
INSTRUCTOR-LED SESSIONS
INDUSTRY DRIVEN CERTIFICATION
DAILY ASSIGNMENTS
STUDENT LEARNING KIT
syllabus
syllabus
module 1 : ISMS Breif overview
- Introduction of information security management system
- The structure of ISO 27001
- Information security principles
- Implementing ISO 27001 as a project
- Documenting ISO 27001 requirements
- ISO 27001:2013 Certification Process
- Importance of Information in ISMS
- CIA and DAD Triads
- Need of ISMS
- Conformance Vs Compliance
- ISMS Purpose and Objectives
- Benefits of ISMS
module 2 : ISMS project planing
- Understanding the organization and its context [clause 4.1]
- Understanding the needs and expectations of interested parties [clause 4.2]
- Determining the scope of the isms [clause 4.3]
- Leadership and commitment [clause 5.1]
- Information security policy [clause 5.2]
- Organizational roles, responsibilities and authorities [clause 5.3]
- Information security objectives [clause 6.2]
- Resources [clause 7.1]
- Competence [clause 7.2]
- Awareness [clause 7.3]
- Communication [clause 7.4]
- Documented information [clause 7.5]
module 3 : Risk management and risk treament plans
- Addressing risks and opportunities [clause 6.1.1]
- Risk management process [clause 6.1.2]
- Risk identification [clause 6.1.2]
- Risk analysis and evaluation [clause 6.1.2]
- Information security risk treatment [clause 6.1.3]
- Statement of applicability [clause 6.1.3]
- Risk treatment plan [clause 6.1.3]
module 4 : Risk formulation and treatment
- Formulating the risk treatment plan [clause 6.1.3]
- Implementing the risk treatment plan [clause 8.3]
- Operational planning and control [clause 8.1]
- Operating the isms [clause 8]
- Managing outsourcing of operations [clause 8.1]
- Controlling changes [clause 8.1]
- Risk assessment review [clause 8.2]
module 5 : Internal Network pentesting and Security
- Mapping of internal network and analysis of internal network services
- firewall scoping and packet evasion
- VPN and VLAN pentesting
- internal wireless network exploitation
- database servers, container services & printing services exploitation
- C2 frameworks for automating the attacks and professional assessments .
module 6 : Annex A- reference objectives and controls
- Introduction to annex A – reference control objectives and controls
- Information security policies [a.5]
- Organization of information security [a.6]
- Human resources security [a.7]
- Asset management [a.8]
- Access control [a.9]
- Cryptography [a.10]
- Physical and environmental security [a.11]
- Operational security [a.12]
- Communications security [a.13]
- System acquisition, development and maintenance [a.14]
- Supplier relationships [a.15]
- Information security incident management [a.16]
- Information security aspects of business continuity management [a.17]
- Compliance [a.18]
module 7 : PREPARATION FOR IMPLEMENTATION of ISO 27001 Assessment
-
- Define The Scope Of The Project
- Key Stages Of The Project
- Tips For Project Management
- Estimating The Project
- Communication
- Use Of Tools
- Define Roles And Responsibilities
- Project Manager Beware
- Project Documentation
- Write A Project Plan
- Kick-Off Meeting
- Executing The Project Work
- Work Assignment
- Managing Work Assignments And Resources
- Enabling Smooth Project Execution
- Gathering Information And Recommending Changes
- Introducing Documentation And Changes In Day-To-Day Use
- Overcoming The Resistance To Change
- Verifying And Issuing A Status Report
- Communication About The Project Status
- Monitor And Control Meeting
- Internal Audit
- Management Review Purpose
- Management Review Preparation And Execution
- Acceptance And Implementation Closure
module 8 : FINAL CERTIFICATE procedure and aftertakings
- Choose A Certification Body
- Certification Process
- Stage 1 And Stage 2 Audits
- Prepare The Certification Audit
- Logistics Of The Certification Audit
- Preparing Your People For The Certification Audit
- What To Expect From The Certification Auditors
- After The Certification Audit
-
- Keeping The Certification
- Improving The Management System
- Top Management Leadership And Example
- Keep The Management System Updated Until The Next Surveillance Audit
who should attend this training?
- Freshers
- Ethical hackers
- System Administrators
- Network Administrators
- Security Engineers
- System Auditors
- Security Professionals
why should i take this training?
The iso 27001 lead implementer training also focuses on what, how and where things can go wrong during the policy design and risk analysis. Also how to get overall gap analysis learnings and to obtain multiple business cases bases auditing experience this training is well suitable for your career.
prerequisite of the training ?
The person should familiar with enterprise basic internal operations
what is the total duration of the training ?
It’s an Instructor-led online training and the total duration of the training is 25 hours.
iso 27001 lead implementer
training enquiry
Whats Next ?
Checkout the advanced training modules with the given below link.
Testimonials
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.
A good place to learn every small detail in cybersecurity.Really nice and helpful teacher.