ISO 27001 Foundation Course - Course Code: TN223

Course Duration	: 2 Day - Face-To-Face Intructor Led Workshop
Course Fee	: Available upon request (Write to us at info@tlcpak.com)
Course Location	: TLC (Karachi), Customer Onsite, and Online
	: Online workshop are delivered in four days, two units each day between 11 am to 1 pm and 3 pm to 5 pm
Course Code	: TN223
Deliverables	: Comprehensive Student Guide and Workshop Certificate

Customer onsite workshop can also be conducted for customers in Lahore, and Islamabad

PURPOSE:
ISO/IEC 27001 Foundation course allows you to acquire the core fundamentals how to implement and manage an Information Security Management System as specified inISO/IEC 27001.
During this workshop, students will be able to understand the different modules of ISMS, including ISMS policy, procedures, performance measurements, management commitment, internal audit, management review and continual improvement.

The course is organized into 6 module units, where each unit has video demonstrations and F2F lectures followed by unit assessment at the end of each module that will help you learn more quickly

ABOUT THE INSTRUCTOR
This workshop shall be delivered by TOGAF 9 Certified/IBM Certfied Infrastructure System Architect and an experienced trainer with 25+ years of career experience imparting education and training services both locally and internationally and have worked for international enterprise technology vendors including IBM, Fujitsu, and ICL. Our instructor holds various industry professional certifications in the space of enterprise servers and storage technologies, Information Security (ISO/IEC 27002), Enterprise Architecture, ITIL, Cloud, Virtualization, Green IT, and a co-author of 10 IBM Redbooks.

TARGETED AUDIENCE

Individuals involved in Information Security Management.
Individuals seeking to gain knowledge about the main processes of Information Security Management Systems (ISMS).
Individuals interested to pursue a career in Information Security Management.
Technology professionals from all business verticals participating in their upcoming ISMS project helping them to grasp basic knowledge and taking organizational vision to the next level as one team.

Workshop Summary

Understand the key elements and operations of an Information Security Management System (ISMS) including standard guidelines and best practices.
Identify the core relationship between ISO/IEC 27001, ISO/IEC 27002and other standards and regulatory frameworks.
Able to understand basic approaches, ISO standards, methods and techniques used for the implementation and management of an ISMS.
In a nut shell, this course provide an opportunity to learn everything you need to know about ISO 27001, including all the requirements and best practices for compliance.

PREREQUISITES:
Participants attending this course should be familiar with basic Information Technology (IT) concepts, business challenges and the role of general system wide infrastructure technologies and their applications.

COURSE OUTLINE

Unit 1 – Introduction to ISO 27001

What we need to know all about security.

A world without cybersecurity.

Top Security Concerns for the Executive Management.

What is the meaning and purpose of ISO 27001?

What are the 3 ISMS security objectives?

Why do we need ISMS?

How does ISO 27001 work?

What are the requirements for ISO 27001?

What are the requirements for ISO 27001? Requirement and Security Controls.

What are the 14 domains of ISO 27001?

What are the ISO 27001 controls?

How do you implement ISO 27001 controls?

ISO 27001 mandatory documents –Implementation and Certification.

What are the ISO 27000 standards?

Unit Assessment.

Unit 2 – The Planning Phase

Understanding your organization and its context.

Understanding the needs and expectations of interested parties.

Determining the scope of the ISMS.

Leadership and commitment [clause.

Information Security Policy.

Organizational roles, responsibilities and authorities.

Information security objectives.

Resources, Competenceand Awareness.

Communication and Documented information.

Unit Assessment.

Unit 3- Risk Management

Risk Management Approach, key objectives and benefits.

Qualitative Risk Assessment –Simple and Detailed Risk Assessment

Possible vulnerabilities that one cannot ignore.

Types of Comprehensive Vulnerability Assessments.

Understand 9 Layers of IT Infrastructure Foundation from overall Security perspective.

Outside Threat Protection –The bigger picture.

Cyber incident recovery tools.

Top 10 recommendations for closing the security gap.

Risk Management Approach, key objectives and benefits.

Recommendations for closing the security gap.

Information security risk assessment – Risk identifi.

Information security risk assessment – Risk analysis and evaluation.

Information security risk treatment.

Statement of Applicability.

Risk treatment plan.

Why ISO 27001 projects fails to deliver benefits to the business?

Unit 4 – The Do Phase

Implementing the risk treatment plan.

Operational planning and control.

Operating the ISMS.

Managing outsourcing of operations.

Controlling changes.

Risk assessment review.

Unit Assessment.

Unit 5 – The Check and Act Phase

Monitoring measurement, analysis, and evaluation.

Internal audit.

Management review.

Nonconformities and corrective actions.

Continual improvement.

Unit Assessment.

Unit 6 – Annex A –Control Objectives and Controls

Introduction to Annex A –Reference control objectives and controls

What are the ISO 27001 controls and do you implement them?

Information security policies.

Organization of information security.

Human resources security.

Asset management.

Access control.

Cryptography.

Physical and environmental security.

Operational security.

Communications security.

System acquisition, development and maintenance.

Supplier relationships.

Information security incident management.

Information security aspects of business continuity management.

Compliance.

Unit Assessment.