Planning and Implementing Information Security According to ISO 27001 / ISO 27002
(Three Days; 24 CPE Hours)

Where do you stand in complying with this international standard?

Citigroup, Federal Reserve Bank, United Nations and World Bank are among those that have already been certified. 

Companies which have already passed official certification according to Standard ISO/IEC 27002 (17799) and 27001 include  CANON, Fuji Xerox, Fujitsu, Hitachi, Mitsubishi Electric, NEC, Sony, Toshiba, Federal Reserve Bank of New York, Telecom Italia, Japan Telecom, divisions of Siemens, British Telecom, T-Mobile, Ericsson, Samsung, Hyundai, and  Vodafone.

IT Security has become more important than ever for organizations like yours. Your organization needs to be able to protect the vital information resources your company depends on, or it will suffer direct financial consequences of losses due to poor access control and poor data integrity maintenance. Failing to protect your information has also become less of a choice in light of rapidly changing legal compliance requirements for financial institutions, telecommunications companies, insurance organizations, energy companies, and even public utilities. Globally impacting laws such as Sarbanes-Oxley, the U.K. Combined Code of 2003, and the emerging Canadian Multi-Lateral Instrument 52-109 are enforcing mandatory information security governance and internal control management. Many other countries around the world are also enacting privacy legislation that radically affects the way your organization can do business in a global marketplace. Failing to prepare properly to comply with the security requirements of many new information security related laws could mean a costly plan of remedy later, or could even potentially limit your organizations ability to continue compete.   

What you will learn:

Exploring the use of ISO/IEC 27001, the single global standard for information security best practice, this course provides critical information for understanding the business drivers for information security, as well as the core concepts for planning and implementing information security according to the internationally accepted best practices.  Want a preview? Click here.

Here are just a few of the things you will be learning:

• The development of IT governance
• New regulations and implications for information security deployment and monitoring
  • Sarbanes Oxley
  • Multi-Lateral Instrument 52-109
• Global threats and vulnerabilities for networked organizations
• Project managing a successful ISO 27001 internal controls implementation
• Core ISO 27001 best practices relating to:
  • Information security policy and scope
  • Risk assessment and Statement of Applicability
  • External party controls
  • Asset management
  • Human Resources security
  • Physical and environmental security
  • Equipment security
  • Communications and operations management
  • Malicious software controls
  • Network security management and media handling
  • Exchange of information
  • Electronic commerce
  • E-mail and internet security
  • General access control
  • Network access control
  • Operating system access control
  • Application access control and teleworking
  • Systems acquisition, development and maintenance
  • Cryptographic controls
  • Development and support process security
  • Monitoring of information security and incident management
  • Business continuity management
  • Compliance
• Preparing for an ISO/IEC 27001 audit

This course is augmented with additional downloadable templates and other emerging tools relating to information security deployment.

Target Audience:

• Information Security Managers
• Chief Information Officer (CIO / CISO)
• Compliance Officer
• Revenue Protection Management
• Business Continuity Planners, Coordinators, and Team Members
• IT Managers
• IT Administrators
• Risk Managers
• Facility Managers
• Business Process Owners (Department Heads)
• IT/Systems Auditors

Led by Allen Keele, this course delivers advanced information security knowledge essential to your organization, and delivers it in a way that does not rely upon prerequisite knowledge.  However, this course has been designed with management staff in mind.  We recommend at least two years of professional experience associated with any of the above target audience in order to gain maximum benefit from this course.

Upon Course Completion:

At the end of the course, students will have an excellent understanding of a wide variety of information security topics.  This training serves as excellent preparation for CIS' Risk Management Approach to Auditing and Implementing Internal Controls: Aligning Internal Controls with Corporate Governance. Since this course was specifically designed to completely cover all ISACA^® published exam objectives for the CISM^® certification exam, this course provides the best and most comprehensive CISM^® preparation available today.

Course Pricing, Scheduling, and Registration:

Our courses are offered at various locations across the United States and around the world.  Please visit our online event schedule for a current listing of course times and locations, or to request course pricing or other information.