Iso iec 27001 foundation training course by interprom
Download as PPTX, PDF1 like1,145 views
The document provides detailed information about the ISO/IEC 27001 foundation certification training course, which focuses on establishing and maintaining an information security management system (ISMS). It outlines the benefits of compliance, including enhanced security and improved business reputation, as well as the process for achieving compliance through familiarization, adoption, implementation, and improvement. Additionally, it describes the course structure, target audience, training formats, and associated fees for participation.
Iso iec 27001 foundation training course by interprom
- 1. ISO/IEC 27001 Foundation Certification Training Course For more information please visit us at www.interpromusa.com, email us at Contact@interpromusa.com, or call us at (+1)480-699-9642 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 1 by MART ROVERS INTERPROM
- 2. “What’s Up?” • ISO/IEC 27001 Explained • Typical Benefits • Unexpected Benefits • Four Steps to Compliance • ISO/IEC 27001 Foundation Course • Wrap-up Agenda ©InterProm USA – Confidential and Proprietary Information 24/23/2020
- 3. WHAT’S THE BUZZ? ISO/IEC 27001 Explained ©InterProm USA – Confidential and Proprietary Information 34/23/2020
- 4. What is ISO/IEC 27001:2013? • The standard has been designed to “provide requirements for establishing, implementing, maintaining and continually improving an information security management system or ISMS” • The standard “can be used by internal and external parties to assess the organization’s ability to meet the organization’s own information security requirements” • The standard also includes “requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this International Standard are generic and are intended to be applicable to all organizations, regardless of type, size or nature” ©InterProm USA – Confidential and Proprietary Information 44/23/2020
- 5. Current State ISO/IEC 27000 Series ©InterProm USA – Confidential and Proprietary Information 5 Currently the documents forming the standard are: • ISO/IEC 27000:2012 : Overview of the ISO/IEC 27000 standard family • ISO/IEC 27001:2013 : Information security management system requirements • ISO/IEC 27002:2013 : Code of practice for information security controls • ISO/IEC 27003:2010 : Guidance on ISMS implementation • ISO/IEC 27004:2016 :Metrics for information security management measurement • ISO/IEC 27005:2011 : Information security risk management • ISO/IEC 27006:2011 : Guidance on certification or registration process for accredited ISMS certification or registration bodies • ISO/IEC 27007:2011 : Guidance on auditing an ISMS • ISO/IEC TR 27008:2011 : Guidance on auditing technical controls • ISO/IEC 27009 : Compliance for various versions of ISO/IEC 27001 • ISO/IEC 27010:2012 : Guidance on information security management of inter-sector and inter- organizational communications • ISO/IEC 27011:2008 : Guidance on the telecommunications organizations • ISO/IEC 27013:2012 : Guidance on the joint implementation of ISO/IEC 27001 and ISO/IEC 20000-1 • ISO/IEC 27014:2013 : Guidance on information security governance 4/23/2020
- 6. Current State ISO/IEC 27000 Series (Continued) ©InterProm USA – Confidential and Proprietary Information 6 Currently the documents forming the standard are: • ISO/IEC TR 27015: Guidance on financial services organizations • ISO/IEC TR 27016: Economics of information security • ISO/IEC 27004:2009 :Metrics for information security management measurement • ISO/IEC 27017: Guidance on secure cloud computing • ISO/IEC 27018: Privacy in the cloud • ISO/IEC TR 27019: Information security for process control – based on ISO/IEC 27002 for process control systems specific to the energy utility industry • ISO/IEC 27031:2011 : Focusing on business continuity • ISO/IEC 27032:2012 : Focusing on cybersecurity • ISO/IEC 27033: Developing standard focussing on network security • ISO/IEC 27034: Partially published guidance on application security • ISO/IEC 27035:2011 : Focusing on incident management • ISO/IEC 27036: Upcoming standard providing guidance on supplier relationships • ISO/IEC 27037:2012 : Guidance on the management of digital evidence • ISO/IEC 27038: An upcoming specification for digital redaction • ISO/IEC 27039: Focusing on intrusion detection and prevention • ISO/IEC 27040: Guidance on secure storage • ISO/IEC 27102:2019 Guidance on cyber insurance iso.org 4/23/2020
- 7. ISO/IEC 27001 • Risk-based Standard • The ISMS: – Preserves the confidentiality, integrity and availability of information by applying a risk management process – Is part of and integrated with the organization’s processes and overall management structure • Information security is considered in the design of processes, information systems, and controls. Characteristics ©InterProm USA – Confidential and Proprietary Information 74/23/2020
- 8. Contents ISO/IEC 27001 Information Security Management Systems - Requirements 1. Scope 2. Normative references 3. Terms and definitions 4. Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the information security management system 4.4 Information security management system 5. Leadership 5.1 Leadership and commitments 5.2 Policy 5.3 Organizational roles, responsibilities, and authorities 6. Planning 6.1 Actions to address risks and opportunities 6.2 Information security objectives and planning to achieve them 7. Support 7.1 Resources 7.2 Competence 7.3 Awareness 7.4 Communication 7.5 Documented information 8. Operation 8.1 Operational planning and control 8.2 Information security risk assessment 8.3 Information security risk treatment 9. Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation 9.23 Internal audit 9.3 Management review 10.Improvement 10.1 Nonconformity and corrective action 10.2 Continual improvement 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 8
- 9. Contents ISO/IEC 27002 Code of Practice for Information Security Controls 1. Scope 2. Normative references 3. Terms and definitions 4. Structure of this standard 5. Information security policies 5.1 Management direction for information security 6. Organizing for information security 6.1 Internal organization 6.2 Mobile devices and teleworking 7. Human resource security 7.1 Prior to employment 7.2 During employment 7.3 Termination and change of employment 8. Asset management 8.1 Responsibility for assets 8.2 Information classification 8.3 Media handling 9. Access control 9.1 Business requirements of access control 9.2 User access management 9.3 User responsibilities 9.4 System and application access control 8. Cryptography 10.1 Cryptographic controls 9. Physical and environmental security 11.1 Secure areas 11.2 Equipment 12. Operations security 12.1 Operational procedures and responsibilities 12.2 Protection from malware 12.3 Backup 12.4 Logging and monitoring 12.5 Control of operational software 12.6 Technical vulnerability management 12.7 Information systems audit considerations 13. Communications security 13.1 Network security management 13.2 Information transfer 14. System acquisition, development and maintenance 14.1 Security requirements of information systems 14.2 Security in development and support processes 15. Supplier relationships 15.1 Information security in supplier relationships 15.2 Supplier service delivery management 16. Information security incident management 16.1 Management of information security incidents and improvements 17. Information security aspects of business continuity management 17.1 Information security continuity 17.2 Redundancies 18. Compliance 18.1 Compliance with legal and contractual agreements 18.2 Information security reviews 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 9
- 10. WHAT’S TYPICAL? Benefits of ISO/IEC 27001 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 10
- 11. ISO/IEC 27001 Compliance 1. Increased security posture 2. Increased security awareness and employee satisfaction 3. Increased clarity around risks and risk ownership 4. Improved structure and transparency of responsibilities and focus 5. Reduction in the need for frequent audits 6. Easier to obtain an independent opinion about your security posture Typical Internal Benefits 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 11
- 12. ISO/IEC 27001 Compliance 1. Increased chances of winning new business 2. Avoidance of financial penalties and losses due to data breaches 3. Enhanced protection of your name and reputation 4. Easier compliance with legal, contractual and regulatory requirements 5. Internationally accepted standard Typical External Benefits 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 12
- 13. WHAT’S UNEXPECTED? Benefits of ISO/IEC 27001 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 13
- 14. ISO/IEC 27001 Compliance 1. Cross-enterprise commitment 2. Cross-enterprise participation 3. Incorporation of information security practices in existing practices (to-be) 4. Implementation of a management system 5. Compliance vs. Certification 6. 3rd-Party selection and integration 7. …Expect the unexpected… Unexpected Benefits 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 14
- 15. WHAT ARE THE FOUR STEPS? Comply with ISO/IEC 27001 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 15
- 16. ISO/IEC 27001 Compliance Phases Towards Compliance 1. Familiarize 2. Adopt 3. Implement 4. Improve 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 16 • Training and Awareness • Management Commitment • Program and Project Initiation • Organizational Change • Continual Improvement
- 17. TRAINING COURSE CHARACTERISTICS ISO/IEC 27001 Foundation Certification ©InterProm USA – Confidential and Proprietary Information 174/23/2020
- 18. ISO/IEC 27001 Foundation Qualification Scheme 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 18 Get qualified!
- 19. ISO/IEC 27001 Foundation 1. Chief Information Security Officers (CISOs) 2. Information Security Officers 3. Information Security Subject Matter Experts 4. Program/Project Managers 5. Internal/External Auditors 6. Service/Product Managers 7. Consultants/Coaches 8. Anyone who is involved with an effort to become or uphold ISO/IEC 27001 compliance or certification Target Audience 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 19 No Prerequisites!
- 20. ISO/IEC 27001 Foundation • What are some of the definitions of information security management? • Who in my organization plays a role in information security? And what are these roles? • How to establish the information security management system? And what does it take to improve it? How do I know that it is effective? • What does it mean to manage information security risks? And what is risk treatment? • ISO/IEC 27001 has 114 information security controls? What are they? Why do I need them? And what does ISO/IEC 27002 have to offer? • What is the path to ISO/IEC 27001 certification? Training Course Curriculum 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 20 Get educated!
- 21. ISO/IEC 27001 Foundation Duration • 2 days for instructor-led courses • 2-4 days for self-paced courses Formats • Instructor-led – Live Online – Onsite • Self-paced online Training Course Duration and Formats 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 21 Learn from the best!
- 22. ISO/IEC 27001 Foundation Examination Institute • APMG International Exam • 40 multiple-choice questions • 60 minutes exam time • Paper-based or online • INTERPROM’s pass rate: 100% Certification Exam 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 22 With Exam Prep!
- 23. ISO/IEC 27001 Foundation Fees per Participant • Instructor-led – Live Online: USD $1,195 – Onsite: USD $1,495 • Self-paced online – USD $495 – 4 months access – Exam fees: $200 Training Course Fees 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 23 Exam included for Instructor-led!
- 24. ISO/IEC 27001 Foundation Schedule • Instructor-led – Live Online: https://interpromusa.com/events/?tribe_paged=1&tribe_ event_display=list&tribe-bar- search=ISO%2FIEC+27001+Foundation – Onsite: https://interpromusa.com/contact-us/ • Self-paced online https://interpromusa.com/product/isoiec-27001- foundation-course-self-paced-online/ Training Course Schedule 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 24 Sign up and learn!
- 25. MORE INFORMATION? Wrap-Up 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 25
- 26. ISO/IEC 27001 Foundation More Information • Visit Us – https://interpromusa.com/iec-iso- 27001-certification-training/ • Email Us – Contact@InterPromUSA.com • Call Us – (+1) 480-699-9642 Glad to Help! 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 26 See you soon!
- 27. About INTERPROM Elevating Business Performance through: • Coaching, Training, Workshop and Auditing Services • Specialty Areas: • Service Management • E.g. ISO/IEC 20000, FitSM, ITIL, VeriSM • Information Security Management • E.g. ISO/IEC 27001, NIST • Business Relationship Management • E.g. ISO 44001, BRMiBOK® • Organizational Change Management • E.g. CMBOK® • IT Governance • E.g. ISO/IEC 38500, COBIT® • Business Continuity Management • E.g. ISO 22301 • Risk Management • E.g. ISO 31000, MoR® ©InterProm USA – Confidential and Proprietary Information 274/23/2020
- 28. IF YOU HAVE ANY QUESTIONS OR FEEDBACK, PLEASE DO NOT HESITATE TO CONTACT US: CONTACT@INTERPROMUSA.COM / +1 480-699-9642 4/23/2020 ©InterProm USA – Confidential and Proprietary Information 28
Editor's Notes
- #2: ISO/IEC 27001 Foundation Certification Training Course