Description of the ISO 27001 Information Security Management Course
Participants will gain an understanding of the ISO 27001 requirements and learn how to implement an information security management system. On completion of this seminar participants will be able to:
- Demonstrate an understanding of the ISO 27001 specification for Information Security Management in South Africa
- Communicate the requirements for ISO 27001 compliance
- Plan the implementation of an ISO 27001 compliant management system
- Assist an organization implement the necessary ISO 27001 process for information security management
- Assess the extent an organization adheres to the ISO 27001 specification.
Participants will learn through discussion and practical examples how to design and implement information security in accordance with the ISO 27001 requirements for information security management.
This seminar includes topics about:
- Overview of the ISO/IEC 27001 specification
- The scope and purpose of an information security management system
- Defining an ISMS policy and framework for setting objectives, regulatory compliance and risk management
- Understanding an organization’s information security requirements
- Developing and implementing an information security management system
- Recognising current capability in information security
- Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's ISMS.
- Using the "Plan-Do-Check-Act" (PDCA) model to structure all ISMS processes
- Implementing and operating controls to manage an organization's information security risks in the context of the organization’s overall business risks;
- Monitoring and reviewing the performance and effectiveness of the ISMS
- Continual improvement based on objective measurement.
- Essential document and records management.