|
|
ISO/IEC 27001:2005 (ISMS) Lead Auditor (Accredited Training by IRCA) (ISMS Certification) Course Introduction The course uses a mixture of taught sessions, interactive group discussions, exercises, continuous assessment and examination to achieve its aims. The practical exercises are based upon a fictional company. However, the procedures, work instructions and data are typical and could relate to many different enterprises equally.
The practical exercises have been carefully designed to focus upon issues that commonly arise during Information Security audits. Course Objectives
- To provide an appreciation of the importance of controlling Information Security in all types of business.
- To provide a detailed knowledge of ISO 27001:2005 Information Security Requirements.
- To provide a knowledge of documented management systems to control Information Security
- To provide a knowledge of risk assessment for Information Security.
- To provide a knowledge of auditing principles
- To provide a detailed understanding of the principal requirements for auditing Information Security Management systems
Course Prerequisite Target Group
- IT Auditor/Internal Auditor/External Auditor
- Professional Auditor (CISA, CIA)
- IT and Quality Professionals.
- IT Manager and Information Security Manager
- IT and Information security professional/specialist
- IT and Information security consultants who wish to provide advice on ISO/IEC 27001 certification.
- Those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO/IEC 27001.
- Staff tasked with the implementation and management of ISO/IEC 27001 Information security management system.
- Business Owner/ Auditee
Learning Level AdvanceCourse Duration 5 DaysCourse Outline Module 1: Introduction to information security
- Introduction to Information Security
- Introduction to information security management
Module 2: Introduction to ISMS
- Information security management system (ISMS) and the processes involved in establishing, implementing, operating, monitoring, reviewing and improving an ISMS as defined in ISO 27001, including
- Business benefits of an information security management system
- Process approach to information security management systems
- Processes involved in establishing, implementing and operating, monitoring and reviewing and improving an ISMS, including the significance of this for ISMS auditors
- What is involved in selecting a system of controls through the process of risk assessment, treatment and management
- Importance and methods used in security incident handling and business continuity.
Module 3: Interrelationship of ISMS and Related Standards
- Interrelationship of ISO/IEC 27001:2005, the international standard ISO/IEC 27002:2005 (former ISO/IEC 17799:2005) and ISO 13335 Parts 1 and 2
- Purpose and content of ISO/IEC 27002 (former ISO/IEC 17799) and its relationship to ISO/IEC 27001:2005
- Control objectives and controls defined in Annex A of ISO/IEC 27001, drawing on ISO/IEC 27002 (former ISO/IEC 17799)
- ISO/IEC 27001 related concepts and terminology of quality management systems, drawing on ISMS terminology and definitions
- Difference between legal compliance and conformance with ISO standards and outline relevant applicable legislation, intellectual property rights, data protection and privacy of personal information
Module 4: Auditor Role and Process
- Role of an auditor to plan, conduct, report and follow up
- The structure of the ISMS certification industry
- Role of the auditor
- Audit Planning process
- Auditing Process
- Audit reporting process
Module 5: Interpret of ISMS requirements
- Interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit.
- Links between the PDCA model and correctly apply this to the ISMS process requirements specified in ISO/IEC 27001
- Interpret and apply ISO/IEC 27001 appropriately in an audit situation
- Check and confirm the following ISMS audit objectives
- Identify and evaluate in an ISMS audit context
- Evaluate the information security related threats to assets, vulnerabilities and impacts on the organization.
- Evaluate regulatory and legal compliance
Module 6: Audit procedures and performance
- Role of an auditor to plan, conduct, report and follow up an ISMS audit in accordance with ISO 19011
- The role of an auditor and/or audit team leader to plan an audit
- The role of an auditor to manage and conduct an audit to evaluate and organization’s effective implementation of processes
- cedures and methodologies for conformance with ISO/IEC 27001
- The role of an auditor to report and follow up the audit
ISMS audit in accordance with ISO 19011 Appraisal of delegates’ knowledge and performance will be made through a combination of continuous assessment and a written examination (multiple choice and short answers). A certificate of competence will be issued to delegates deemed to have achieved a satisfactory standard. Time and Venue Time : 09.00 A.M. - 04.00 P.M.
Duration : 5 Days
Venue : ACIS Training Room, ACIS Professional Center,
The Millennia Building Lungsuan ( Click here see Map )Tuition Fee 39,500 Baht ( exclude vat 7%)Price Include
:: Computer 1 set/person
:: CD-ROM 1 disk (If prepared)
:: Class Material 1 set/person
:: Lunch / Morning & Afternoon Coffee Break Payment Method ชื่อในการออกเช็ค/โอนเงินเข้าบัญชี
บริษัท เอซิส โปรเฟสชั่นนัล เซ็นเตอร์ จำกัด
ธนาคาร กรุงไทย สาขา ถนนศรีอยุธยา
เลขที่บัญชีกระแสรายวัน: 013-6-08953-4
หรือ
ธนาคารกสิกรไทย สาขา ถนนหลังสวน
เลขที่บัญชีกระแสรายวัน: 082-1-07933-0
หรือ
ธนาคารกรุงเทพ สาขา สยามสแควร์
เลขที่บัญชีกระแสรายวัน: 152-3-11184-5 Registration and Information For more information please contact:
- Ms.Athitiya Weerayasobprasong
E-mail: athitiya.w acisonline.net
Tel: 02) 650-5771 ext 151
Fax: 02) 650-5776
|
