ISO/IEC 27001:2013 Practitioner
Delivery Method: E-learning, Onsite
This two-day course leads to the ISO/IEC27001 Practitioner certificate in IT Security Management. Candidates will be taken from foundational understanding through to getting a practical appreciation of how to the ISO/IEC27001 standard should apply to business issues and promote better alignment with organizational security objectives.
ISO/IEC 27001:2013 defines the requirements for an ISMS, which includes: ISMS planning, support and operational requirements; leadership responsibilities; performance evaluation of the ISMS; internal ISMS audits; ISMS improvement; and, control objectives and controls. Delegates will prepare for and sit the two and a half hour, complex multiple-choice examination.
The course consists of short lectures, exercises, discussions, examination technique training, mock examinations and culminates in an invigilated examination on the final day.
This course will ensure delegates understand the value to the business of the ISO/IEC 27001:2013 standard. There is an in-depth review of the key concepts and activities need- ed to properly plan for the implementation, management, and improvement of an Information Security Management System.
The course also ensures a thorough understanding of associated activities, roles, responsibilities, challenges, risks, and critical success factors:
- Best practice in Information Security Management and how to apply this within your organization
- Scope and purpose of the ISO/IEC 27001 standard and how it can be implemented within an organization
- Understand the key terms and definitions used in ISO/IEC 27001
- Leverage the fundamental ISO/IEC 27001 requirements for an ISMS to address the need to continually improve
- Recognize the purpose of internal audits and external certification audits, their operation and the associated terminology
- Apply your knowledge to business scenarios to enhance control of information
- Establish a structured approach to information security management to secure information assets
- Improve information security through the adoption of best practices
- Understand how ISO/IEC 27001 provides a competitive differentiator when tendering for business contracts
- Build reputation with secure management of confidential and sensitive information
- Demonstrate compliance with an internationally recognized standard and the ability to satisfy customer security requirements
The ISO/IEC 27001:2013 Practitioner course would suit candidates working in the following professions or areas:
- Both IT and business people will benefit from this course
- Those requiring a basic understanding of the Information Security
- IT professionals or others working within an organisation that is aligned or planning to be aligned with the ISO/IEC 27000 suite of standards
- Anyone involved in or contributing to an on-going service improvement program
Attendance on this course requires candidates to have successfully completed the ISO/IEC 27001:2013 foundation training and achieved the foundation certification. Although there is no mandatory requirement, ideally candidates should have at least two years professional experience working within IT Service or Security Management.