ISO 27001 Information Security Management System Internal Auditors PDF Print E-mail
Friday, 04 September 2009 17:41

Duration: 2 days

 

Course description

Information security is now recognised as an important business process which if not managed correctly and efficiently may impact upon an organization's ability to deliver its products and services to their customers. Just as important, lack of security has the potential to impact upon revenues. The highly specialised skills and practical knowledge needed to assess an organisation's capability in managing all aspects of information security is one that can be learnt.

This two-day information security training course provides a solid foundation in all aspects of the audit process. Stage by stage delegates are taken through a structured programme that includes a balance of theory and practise using a combination of workshops and practical exercises enabling delegates to gain an understanding of the key activities for auditing.

The course presents the ISO 27001:2005 requirements regarding the application of an Information Security Management System, in order to achieve confidentiality (access by authorized personnel only), availability (uninterrupted access and use) and integrity (maintenance of the accuracy and modification only by authorized personnel) of information.

The course will present in detail the documentation requirements of the Information Security Management System, risk assessment methodologies, control objectives and best practices.

The standard is applicable not only to IT systems and relevant information but to all corporate information and data.

Following this course, participants will be able to implement and audit a fully ISO 27001:2005 compliant Information Security Management System.

 

Who should attend

The course is aimed at consultants, Information Security Managers and all staff involved in the design and implementation of an Information Security Management System.

 

Course syllabus

Day 1

  • Introduction, overview of the course and the training material
  • The ISO 27001:2005 standard: Principles, definitions, requirement
  • ISO 27001:2005 course and contents
  • Information Security Management System structure
  • Information Security Risk Assessment methodology
  • Information Security Controls and Control selection

Day 2

  • Internal Audits: concepts and definitions
  • Planning, preparing, implementing internal audits and reporting audit results
  • Internal audits and the review of the Information Security Management System
  • Requirements for auditor certification
  • Review questions - exercises

General information

The course cost includes: Certificate of Attendance, Coffee Breaks & Lunch Break.

  • The course cost must be prepaid by bank transfer (Account number: ALPHA BANK 131 00 2320 00 2311)
  • The seminar may be subsidized by the LAEK OAED 0,45 program.
  • The course will be delivered in the seminar room of PRIORITY.
  • Additional information can be provided by Ms. Ε. Lykaki, Tel. 210-2509900, This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Course date

The course will be delivered on June 2 - 3, 9am - 5pm.