The ISO/IEC 27001 standard was formerly known as the ISO17799 standard, and is a code of practice for information security. It outlines eleven security categories, with several control objetives and a wide range of controls. They may be implemented under the framework provided within ISO 27001. It outlines hundreds of potential controls and control mechanisms and may be implemented under the guidance provided within ISO/IEC 27001.
The ISO/IEC 27001 standard may be used for the design of the information security process and contains the requirements of an Information Security Management System (ISMS). The ISO/IEC 27001 standard, which is also known as the “Code for Information Security” or the “Code of Practice,” contains control measures for various topics in the field of information security. The ISO/IEC 27001 standard covers organizational, procedural, physical, technical and logical aspects of information security.
Course and Learning Objectives:
Through the interactive sessions and practical experiences, this course presents the following
- Information and security: Basic concepts, the value of the information and the importance
of its reliability
- Threats and risks: The relationship between threats and reliability
- Approach to the organization of the Information Security Policies
- Security measures: Organizational, procedural, physical, technical and logical aspects
- Legislation and regulations: Its importance and compliancy implications
- Design and implementation of the ISMS according to the ISO/IEC 27001 standard Certification of the ISMS according to the ISO/IEC 27001 standard
During this course, participants will learn, through a number of interactive sessions, the most significant aspects of the ISO/IEC 27001 standard, its objectives, requirements, value to the organization, and its relation with the ISO/IEC 27001 standard as well as with other standards. Additionally, participants will learn about the benefits and improvements that may be achieved by organizations that have an ISO/IEC 27001-certified ISMS.
The Information Security Foundation based on ISO/IEC 27001 is a three-day course that prepares participants for the ISO/IEC 27001 certified exam (optional), which is an integral part of the course’s curriculum.
This is an introductory course for everyone in an organization who is involved with the information management lifecycle. The module is also suitable for small independent businesses for which some basic knowledge of information security is necessary. This module may be a good start for new information security professionals.
This course prepares the participant for the official exam and to obtain the ISO/IEC 27001 Foundation Certificate.