Information Security Management

Training in ISO 27001 Information Security Management

Training in Information Security Management ISO 27001:2022

Course Description

The purpose of this information security management training is to provide the learner with the skills and knowledge necessary to identify information assets and information systems and their vulnerability to information security threatsand to effectively manage the threats and risks posed to an organisation’s information.
Information is critical to the operation and perhaps even the survival of an organisation. Being trained to the ISO 27001standard will help you to manage and protect your valuable information assets. The standard is designed to ensure the selection of adequate and proportionate security controls. This helps you to protect your information assets and to provide the necessary confidence to any interested third parties and / or clients.
The following Information security management training as prescribed by ISO 27001 considers the EU General Data Protection Act GDPR, and the nine OECD principles for the Security of Information Systems and Networks.

Who should attend:

This ISO 27001 training is suitable for any individual or organisation, large or small and in any sector. The standard is particularly suitable where the protection of information is critical, such as in the finance, legal, health, public and IT sectors.
ISO 27001 training is also highly effective for organisations which manage information on behalf of others, such as IT outsourcing companies, and document or information management organisations: it can be used to assure customers that their information is being protected.
There are no entry requirements. This training may be attended by any persons with an interest in Information Security or those working in a systems management or audit function, to include general management, quality management, IT or associated activities.

Training Approach

All QMS Solutions trainings are tailored to the specific training needs of the learner given their specific role, responsibilities and training objectives. Training manuals are developed in consultation with the learner and / or client to ensure our trainings are practical, reflect your work environment and add real value in terms of learner outcomes. Training manuals and course content are based on industry best practice, applicable legislation / regulatory requirements and international ISO standards (ISO 27001).
Trainings are delivered by qualified trainers and experienced management consultants.

Course Programme

Topics covered within our medical devices management training include:

  • Introduction to ISO 27001:2022 standard for Information Security
    • Legal and standards framework
  • Overview of the standard as a framework for Information Security
  • Relationship with other Information Security standards (SOC, NIST, Cyber Essentials, Hi Thrust
  • Structure and content of the standard
  • Scope of the standard and application
  • Management commitment and leadership
  • Information assets
  • Information systems
  • Information classification
  • Information security risk management
  • Defining the risk assessment approach of the organisation
    • Identify the risks
    • Analysing and evaluating the risks
    • Identifying and evaluating options for the treatment of risks
    • Selecting and establishing control objectives
    • Obtaining management approval and authorisation
  • Preparing the statement of applicability
    • ISO 27001:2022 Statement of Applicability,
    • ISO 27017:2015 Statement of Applicability. Guidelines for information security controls applicable to the provision and use of cloud services,
    • ISO 27701:2019 Statement of Applicability. Privacy information management — Requirements and guidelines
    • ISO 27701:2019 Statement of Applicability. Privacy information management — Requirements and guidelines
  • Information security components of risk
    • Asset Management
    • Human Resources Security
    • Physical & Environmental Security
    • Communications and Operations Management
    • Access Control
    • Information Systems Acquisition, Development and Maintenance
    • Information Security Incident Management
    • Business Continuity Management
    • Compliance

Training Methodologies

Training methodologies include the use of case studies, sample documentation / templates, and questionnaires. All
learners are supplied with training manuals and supporting process documentation. Trainings are interactive in that
learners are encouraged through the use of the above resources to participate and therefore, contribute their views and
opinions based on their own experience.

Course Duration

The duration of the training course is subject to client specification and learner objectives. Minimum course duration is two days.

Course Fees

Two day training is charged @ €1500 and €90 per participant thereafter. Minimum Daily Rates Apply.

Certification

All learners are awarded a Certificate of Achievement on successful completion of the course.