| Kursbeschreibung (description):|
|The increasing frequency of security vulnerabilities and the growing value of information mean that organisations need to better protect their data.|
The Information Security Management System (ISMS) provides a controlled and organized approach to handling an organizations sensitive information so that it is always secure and under control. Implementation affects people, processes and technical components.
The training SC120-EN Implementation according to ISO/IEC 27001:2022 covers the basics of an ISMS in accordance with ISO/IEC 27001:2022.
| Zielgruppe (target group):|
|The course is aimed at|
- Security Consultants
- all those who want to establish a formal information security management system in accordance with ISO 27001:2022
| Voraussetzungen (requirements):|
|The seminar SC120-EN Implementation according to ISO/IEC 27001:2022 is aimed equally at beginners and experienced professionals. Previous knowledge of management systems (e.g. ISO/IEC 27001, ISO 9001, etc.) is helpful, but not a mandatory requirement.|
If an ISMS has already been implemented in your own company, participants should inform themselves about it in advance in order to be able to ask questions and better understand the course content.
| Ziele (objectives):|
|The aim of the course is to fundamentally understand a management system in accordance with ISO/IEC 27001 and to be able to derive requirements for certifications and examinations. You will receive in-depth knowledge for the planning, implementation, monitoring, improvement and ongoing operation of an ISMS.|
In addition, the course forms a good basis for further advanced course SC150-EN ISMS Auditor/Lead Auditor ISO27001:2022 (IRCA A17608).
The aim of the course is not to present a set of templates and documentations, but is aimed at people who want to operate a standard-compliant management system. The course does not constitute legal advice on the application of legal and regulatory requirements.
On the last day of the training (approx. 4:00 p.m. - 5:00 p.m.) there is the opportunity to take an exam. Once passed, a separate qSkills certificate will be issued. All exam content will be discussed in the seminar.
| Preis und Dauer (price and duration):|
|Dauer (duration): 3 Tage|
Preis (price): 1650,- Euro zzgl. MwSt.
Eine Druckansicht dieses Workshops finden Sie hier.
| Termine (dates):|
|Termine auf Anfrage.|
Falls Sie einen Terminwunsch für diesen Workshop haben, werden wir dies gerne für Sie prüfen!
| Inhalte (agenda):|
- Short introduction: Understanding information security and the threat situation
- The ISO/IEC 27001 family of standards, BSI IT-Grundschutz
- Structure and interaction of ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27003
- The management system ISO/IEC 27001, Chapters 4 - 10
- Chapter 4: Context of the Organization
- What is the internal and external context, interested parties?
- How should the so-called scope of application be derived and how should a good scope document be constructed?
- Chapter 5: Management
- Requirements and roles of management in the ISMS
- Components of an information security guideline
- Roles and responsibilities in the ISMS
- Chapter 6: Planning
- ISMS risk management: standard requirements and practical solutions
- Components of risk management in accordance with ISO/IEC 27005
- Building a Statement of Applicability (SoA)
- How are company-specific measures implemented appropriately?
- Risk matrix, risk owner and risk treatment options/plans
- Chapter 7: Support
- Resources, competencies, awareness, documented information
- Chapter 8: Operation
- Requirements and challenges of maintaining a management system
- Chapter 9: Assessment and Performance
- Measuring and evaluating with metrics and KPIs
- Conducting internal audits, setting up audit plans and audit programs
- Components of a management review
- Chapter 10: Improvement
- Requirements for corrective actions from audits and safety incidents
- Establishing a CIP process
- Part 4: Selected topics from ISO/IEC 27001, Annex A
- Classification of information
- Handling of security incidents
- Information security aspects of business continuity management
- Part 5: Certification & Examinations
- The certification cycle
- The path to successful certification - what needs to be considered?