ISO-27001

Security Threat Advisory
Looking Glass
FireEye
Governance Risk and Compliance
Governance / Risk / Compliance
Strategic Consulting
ADSIC
FISMA
ISO 20000 ITSM
ISO 22301 BCMS
ISO 27001 ISMS
PCI DSS
Information Security Review

Data & App Security

Database Security & Protection Data Encryption & Control Enterprise Digital Rights Management Data Vulnerability Assessment Application Protection Vulnerability Assessment & Penetration Testing Web Application Firewall Data Governance

Network Security

Network Access Control Next Generation Firewall Email Security Network IPS Web Gateway Next Generation APT Next Generation DDoS Mitigation Smart DDI

Security Operation & Response

Governance Risk & Compliance Cyber Security Transaction Monitoring Compromised Card Monitoring Incident Response & Orchestration Encrypted Calls and Messaging Travel Risk Management & Crisis Avoidance Anti Phishing Services

User Security

Identity Management Single Sign On Two Factor Authentication Privileged User Password Management Insider Threat Management Endpoint Security Management Endpoint Detection & Remediation Employee Monitoring Tool

Infrastructure Security

Virtual Security SCADA Security Mobile Device Management Public Key Infrastructure Certificates

Policy & Compliance Management

NETconsent Compliance Suite File Integrity Monitoring, Network Configuration, and Compliance

ISO 27001 :
2013 - Information Security Management Systems Auditor/Lead Auditor

This training is designed to provide an understanding of the principles of information security management systems and their role in ensuring control and improvement. The course is based around the requirements of the Information Security Management System Standard ISO/IEC 27001 and deals with its interpretation and the performance of value-added auditing.

Information is a business critical asset because it drives growth and forms the backbone of organization. But the security of this asset is often overlooked, which is why over 80% of security breaches stem from within the organization as a result of poor policy, procedures and staff awareness training. Hence organizations are exploring the benefits of complying or certifying to ISO/IEC 27001:2013 ( earlier known as ISO 27001:2005 till Sep 2013) as it provides a baseline minimum set of controls which cover the people, places and process requirements you need in order to provide staff, suppliers and customers with confidence in your data security. Certifying to the standard can give a real competitive edge in today's technology led environment and we have a proven track record in taking companies through the process to successful accreditation.

How will you and your company benefit from this Training?

Provide an understanding of the principles of information security management
Acquaint delegates with information security management system fundamentals
Familiarize delegates with the ISO/IEC 27001 series of standards
Examine and interpret the requirements of ISO/IEC 27001
Provide insight into how to approach the development of an information security management system
Provide delegates with the skills needed to plan and undertake internal quality audits

What we will cover?

Information Security management fundamentals and vocabulary
ISO/IEC 27001; the series of standards and requirements
Information Security system structure and documentation
Information Security system development
Planning, preparing, performing and reporting internal quality audits
Verifying corrective action
Dealing with difficult audit situations
Auditing for improvement

For successful completion of this training, it is recommended that you have prior knowledge of the following Information Security management principles and concepts:

Management systems Understand the Plan-Do-Check-Act (PDCA) cycle
Information security management Knowledge of the following information security management principles and concepts:
- Awareness of the need for information security;
- The assignment of responsibility for information security;
- Incorporating management commitment and the interests of stakeholders;
- Enhancing societal values;
- Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk; incorporating security as an essential element of information networks and systems; the active prevention and detection of information security incidents.
- Ensuring a comprehensive approach to information security management;
- Continual reassessment of information security and making of modifications as appropriate.
- Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.