ISO Information Security Management System

Goals


- To present all the ISO 27001 standards dealing with the security of the information system and its management

- Thanks to the systematic alternation of practical and theoretical phases, it allows to acquire the control of the implementation of the 27000 standards for adapt them to your context in a scope ranging from a sensitive IT project to the entire Information System Security

Program

Presentation of ISO 2700X standards

History of ISO
standards Current standards (ISO 27001, 27002, 27003, 27004 and 27005)
Reminders ISO 27000 terminology
Definitions: threat, vulnerability, protection
CAID classification (Confidentiality, Auditability, Integrity, Availability)
Description of the concept of ISMS (Information security management system)
Presentation of the PDCA model (Plan, Do, Check, Act)
Loss analysis. Trends. Stakes
Risk management (prevention, protection, risk transfer, outsourcing)
ISO’s contribution to regulatory frameworks
Links with COBIT, ITIL and CMMI within the framework of IS governance

The ISO 27001 audit framework

A / Description of the control points and technical elements of Annex A of ISO 27001
B / Presentation of the audit guidelines defined in ISO 19011
Continuous and complete process. Stages, priorities Audit
categories, organizational, technical …
Internal, external, third party audit, how to choose an auditor?
The ISO-type audit process, the key stages
The audit objectives, the quality of an audit
The improvement process (PDCA type) for the audit
The qualities of the auditors, their assessment
The organizational audit: process , methods
Comparative contributions, human implications

Contents of the ISMS documentary repository in accordance with ISO 27001

ISMS indicators and monitoring: controls and internal audit
Statement of ISO 27003 principles
Guide to implementing an ISMS and ISO 27004 Measurement
indicators
Physical measures: authentication, biometrics, office cleaning policy
Technical measures: digital authentication and access management, Firewall, PKI, VPN, Backup
Organizational measures: Development and management of the business continuity plan (BCP), PRA, change management
Key points of a certification audit

Presentation of the implementation project

From the definition, to the organization and to the implementation
Birth of the ISMS
Risk analysis and management
Presentation of the ISO 27005 approach
Operational implementation
Policies and processes supporting the Information Security Management system
Policies and practices ISMS
Committees
Incident
management Document management
Good legal practices
Application of a law, a rule of law, a court decision
Intellectual property of software, tort and contractual
liability Liability: criminal, managers, delegation of power, sanctions, LCEN law
Between ISO compliance and legal compliance

Preparation for the exam

Preparation for the « Lead Implementer » exam

Duration

5 days

Price

£ 2957

Audience

Project managers, Architects

Prerequisites

Have a minimum of second cycle initial training or justify a professional experience of at least 5 years in the field of computer security or ISO standards

Reference

GES100323-F

 

Sessions

Contact us for more informations about session date