ISO27001/2 Workshop - ESP-P-017
- Track: Software, Technical, Management.
- Level: Practitioner level - Those who must incorporate security conscious practices into their daily processes
- Introduction
The purpose of this workshop is to provide clients with independent and expert advice and guidance on implementing information security management systems. A certified ISO auditor carries out this workshop.
- Outline
- Background
- Structure of the Standard Explained
- Scope
- Conducting a Risk Analysis
- Control Domains Explained
- Conducting a Gap Analysis
- Continuous Assessment
- This course is suitable for
Anyone involved in implementing ISO27001 within an organisation.
- Course duration
- 0.5 day
- Course dates
- There are currently no dates scheduled for this course.
.- Course location
Client or Espion Premises
- Content
Unit 1: Background
- a. What is ISO27001/2?
- b. How does the standard compare with others out there?
- c. Implement ISO27001 or ISO27002?
- d. Should one certify or not & how long does it take?
- e. Getting started with ISO27001
Unit 2: Structure of the Standard Explained
- a. Clauses
- b. Main Security Categories
Unit 3: Scope
- a. Scoping your target environment (what to include and exclude)
Unit 4: Conducting a Risk Assessment
- a. The goal of the risk management process
- b. The benefits of risk management
- c. The elements of risk management process
Unit 5: Controlled Domains Explained
- a. An overview of the 11 domains
- b. Types of controls
- c. Resources available to help progress quickly – free and commercial
Unit 6: Conducting a Gap Analysis
- a. Gap analysis objectives
- b. Gap analysis approach
- c. Gap analysis reporting
Unit 7: Continuous Assessment
- a. Maintaining a continuous improvement cycle - Plan Do Check Act