Certified ISO/IEC 27001 ISMS Lead Implementer

ISO 27001 (ISMS) Lead Implementer training equips professionals with this ability.

40 hours 0 Enrolled No ratings yet Intermediate

Curriculum
Description

Module 1: Training course objectives and structure

Introduction

General information

Learning objectives

Educational approach

Examination and certification

About PECB
Module 2: Standards and regulatory frameworks

What is ISO?

The ISO/IEC 27000 family of standards

Advantages of ISO/IEC 27001
Module 3: Information Security Management System (ISMS)

Definition of a management system

Management system standards

Integrated management systems

Definition of an ISMS

Process approach

Overview — Clauses 4 to 10

Overview — Annex A
Module 4: Fundamental information security concepts and principles

Information and asset

Information security

Availability, confidentiality, and integrity

Vulnerability, threat, and impact

Information security risk

Classification of security controls
Module 5: Initiation of the ISMS implementation

Define the approach to the ISMS implementation

Proposed implementation approaches

Application of the proposed implementation approaches

Choose a methodological framework to manage the

implementation of an ISMS

Approach and methodology

Alignment with best practices
Module 6: Understanding the organization and its context

Mission, objectives, values, and strategies of the organization

ISMS objectives

Preliminary scope definition

Internal and external environment

Key processes and activities

Interested parties

Business requirements
Module 7: ISMS scope

Boundary of the ISMS

Organizational boundaries

Information security boundaries

Physical boundaries

ISMS scope statement
Module 8: Leadership and project approval

Business case

Resource requirements

ISMS project plan

ISMS project team

Management approval
Module 9: Organizational structure

Organizational structure

Information security coordinator

Roles and responsibilities of interested parties

Roles and responsibilities of key committees
Module 10: Analysis of the existing system

Determine the current state

Conduct the gap analysis

Establish maturity targets

Publish a gap analysis report
Module 11: Information security policy

Types of policies

Policy models

Information security policy

Specific security policies

Management policy approval

Publication and dissemination

Training and awareness sessions

Control, evaluation, and review
Module 12: Risk management

ISO/IEC 27005

Risk assessment approach

Risk assessment methodology

Risk identification

Risk estimation

Risk evaluation

Risk treatment

Residual risk
Module 13: Statement of Applicability

Drafting the Statement of Applicability

Management approval

Review and selection of the applicable information security

controls

Justification of selected controls

Justification of excluded controls
Module 14: Documented information management

Master list of documented information

Creation of templates

Documented information management process

Implementation of a documented information

management system

Management of records
Module 15: Selection and design of controls

Organization’s security architecture

Preparation for the implementation of controls

Design and description of controls
Module 16: Implementation of controls

Implementation of security processes and controls Introduction of Annex A controls
Module 17: Trends and technologie

Big data

The three V’s of big data

Artificial intelligence

Machine learning

Cloud computing

Outsourced operations

The impact of new technologies in information security
Module 18: Communication

Principles of an efficient communication strategy

Information security communication process

Establishing communication objectives

Identifying interested parties

Planning communication activities

Performing a communication activity

Evaluating communication
Module 19: Competence and awareness

Competence and people development

Difference between training, awareness, and communication

Determine competence needs

Plan the competence development activities

Define the competence development program type and structure

Training and awareness programs

Provide the trainings

Evaluate the outcome of trainings
Module 20: Security operations management

Change management planning

Management of operations

Resource management

ISO/IEC 27035-1 and ISO/IEC 27035-2

ISO/IEC 27032

Information security incident management policy

Process and procedure for incident management Incident response team

Incident management security controls

Forensics process

Records of information security incidents

Measure and review of the incident management process
Module 21: Monitoring, measurement, analysis, and evaluation

Determine measurement objectives

Define what needs to be monitored and measured

Establish ISMS performance indicators

Report the results
Module 22: Internal audit

What is an audit?

Types of audits

Create an internal audit program

Designate a responsible person

Establish independence, objectivity, and impartiality

Plan audit activities

Perform audit activities

Follow up on nonconformities
Module 23: Management review

Preparing a management review

Conducting a management review

Management review outputs

Management review follow-up activities
Module 24: Treatment of nonconformities

Root-cause analysis process

Root-cause analysis tools

Corrective action procedure

Preventive action procedure
Module 25: Continual improvement

Continual monitoring process

Maintenance and improvement of the ISMS

Continual update of the documented information

Documentation of the improvements
Module 26: Preparing for the certification audit

Selecting the certification body

Preparing for the certification audit

Stage 1 audit

Stage 2 audit

Follow-up audit

Certification decision
Module 27: Closing of the training course

PECB certification scheme

PECB certification process

Other PECB services

Other PECB training courses and certifications

About The Course

The best way to introduce the best security practices and protocols into your organization is to introduce a certified professional able to create a bespoke end-to-end solution based on what your organization needs. ISO 27001 (ISMS) Lead Implementer training equips professionals with this ability.

As a result, these professionals are always in demand and are consistently offered enticing starting packages with better perks and responsibilities than their non-certified counterparts.

Course Objectives

This course teaches you about core aspects such as;

Supporting an organization in operating, maintaining, and continually improving an ISMS based on ISO/IEC 27001
Explaining the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
Initiating and planning the implementation of an ISMS based on ISO/IEC 27001 by utilizing PECB’s IMS2 methodology and other best practices
Interpreting the ISO/IEC 27001 requirements for an ISMS from the perspective of an implementer
Preparing an organization to undergo a third-party certification audit.

Pre-Requisites

There is a single prerequisite learner must meet in order to sit this course; all participants must have a general understanding or some foundational knowledge around ISMS concepts and ISO/IEC 27001. This ISO 27001 Lead Implementer training course is designed to prepare participants to understand how to implement an ISMS system based on ISO/IEC 27001 in an organization.

The ISO 27001 Lead Implementer course allows students to acquire the knowledge needed to support an organization in effectively implementing, planning, monitoring, managing, and maintaining an information security management system. The aim is to provide a thorough knowledge of various best practices of the ISMS and its supporting framework for its continual management and improvement over a period of time.

What's included

40 Hours Training Course
Certificate
27 Module
24/7 Support

upskillfinder

4.8Instructor Rating

2

Students

246

Courses

4

Reviews

View Details

Certified ISO/IEC 27001 ISMS Lead Implementer

Sign in

What's included

Audience

upskillfinder

2

246

4