Goals
- To present all the ISO 27001 standards dealing with the security of the information system and its management
- Thanks to the systematic alternation of practical and theoretical phases, it allows to acquire the control of the implementation of the 27000 standards for adapt them to your context in a scope ranging from a sensitive IT project to the entire Information System Security
Program
Presentation of ISO 2700X standards
History of ISO
standards Current standards (ISO 27001, 27002, 27003, 27004 and 27005)
Reminders ISO 27000 terminology
Definitions: threat, vulnerability, protection
CAID classification (Confidentiality, Auditability, Integrity, Availability)
Description of the concept of ISMS (Information security management system)
Presentation of the PDCA model (Plan, Do, Check, Act)
Loss analysis. Trends. Stakes
Risk management (prevention, protection, risk transfer, outsourcing)
ISO’s contribution to regulatory frameworks
Links with COBIT, ITIL and CMMI within the framework of IS governance
The ISO 27001 audit framework
A / Description of the control points and technical elements of Annex A of ISO 27001
B / Presentation of the audit guidelines defined in ISO 19011
Continuous and complete process. Stages, priorities Audit
categories, organizational, technical …
Internal, external, third party audit, how to choose an auditor?
The ISO-type audit process, the key stages
The audit objectives, the quality of an audit
The improvement process (PDCA type) for the audit
The qualities of the auditors, their assessment
The organizational audit: process , methods
Comparative contributions, human implications
Contents of the ISMS documentary repository in accordance with ISO 27001
ISMS indicators and monitoring: controls and internal audit
Statement of ISO 27003 principles
Guide to implementing an ISMS and ISO 27004 Measurement
indicators
Physical measures: authentication, biometrics, office cleaning policy
Technical measures: digital authentication and access management, Firewall, PKI, VPN, Backup
Organizational measures: Development and management of the business continuity plan (BCP), PRA, change management
Key points of a certification audit
Presentation of the implementation project
From the definition, to the organization and to the implementation
Birth of the ISMS
Risk analysis and management
Presentation of the ISO 27005 approach
Operational implementation
Policies and processes supporting the Information Security Management system
Policies and practices ISMS
Committees
Incident
management Document management
Good legal practices
Application of a law, a rule of law, a court decision
Intellectual property of software, tort and contractual
liability Liability: criminal, managers, delegation of power, sanctions, LCEN law
Between ISO compliance and legal compliance
Preparation for the exam
Preparation for the « Lead Implementer » exam
Duration
5 days
Price
£ 2957
Audience
Project managers, Architects
Prerequisites
Have a minimum of second cycle initial training or justify a professional experience of at least 5 years in the field of computer security or ISO standards
Reference
GES100323-F
Sessions
Contact us for more informations about session date