Implementing ISO 27001 is a daunting task. Let us help you to be prepared for this life changing project by explaining and showing examples why do you do what you have to do. Our trainer, Zsolt Novak gives you the quintessence of ISO 27001, avoiding any time consuming, redundant repetition, focusing solely on what is important for your career. That's why it is no longer than 12 hours. Enjoy!
Trainer
Zsolt Novak
Topics
Introduction

Introduction:

- What is a certificate good for?

- Facts / Misconceptions.            

               

Audits:

- Selection of the Certification Body.

- Validation of the Certificates.

- Type of Audits.

- Failed / Pass. Type of Non-Conformities.

               

What you need to do before the Implementation Project:

- Understanding the organization and its context

- Determining of scope of ISMS

- Understanding the needs and expectations of interested parties

 - IS Objectives IS Metrics           

 

"A  Team is needed" (Ede Minarik, the laundry man):    

- Members of the Implementation Team.

- Organizational roles, responsibilities and authorities.

- Competence

- Management awareness.

Internal Audits, Management Review           

Documentation system

                

Asset Management,Risk Management

Asset management:      

"Type of Assets”:

 - IT Resources

 - CMDBA

 

Responsibility of Assets:

- Inventory of Assets

- Ownership

- Acceptable use of Assets

- Mobile devices + Teleworking

- Return of Assets

 

Information Classification:

- Classification of Information

 - C,I,A

- Type of damages

 - Handling of Asset

 

IS Risk Management / Analysis / Assessment:   

- The CRAMM Methodology

- Other Risk Assessment Methodologies

- Labelling of Information

 

Media handling Removable media:

-Disposal (reuse) of media

-Physical media transfer

Human Resource Security

-Background check

-Personal Data Handling

-Jd + NDA

-Segregation of duties

-IndoSec Awareness

-Discipline process

-Termination and change of employment

Access Control

-User Registration and de-registration

-Access Reviews

-Privileged Access Rights

Cryptography

-Key management

Physical and Environmental Security

-Physical security perimeter

-Physical entry controls

-Securing offices, rooms and facilities

-Protecting against external and environmental threats

-Equipment security

-Supporting Utilities

Operations Security

-Operational procedures and responsibilities

-Change management

-Capacity management

-Controls against malware

-Information backup

-Logging and monitoring

-Technical vulnerability management

Communication Security

-Network controls

-Security of network services

-Segregation in networks

-Information transfer

-Electronic messaging

System Acquisition, Development and Maintenance

-Security requirements of information systems

-Secure development policy

-System security testing + Test Data

-Secure development environment

Supplier Relationship

- Information security policy for supplier relationships

- Addressing security within supplier agreements.

- Monitoring and review of supplier services.

Information Security Incident management

- ITIL (iso20000) name convention

- Event, Incident, Problem, etc.

- Responsibilities and procedures

- Reporting information security events

- Assessment of and decision on information security events.

- Collection of evidence

- Learning from information security incidents

IS Aspects of Business Continuity Management

- Business Impact Analysis

- Business Continuity Plans

- Disaster Recovery Plans

- Planning information security continuity

- Verify, review and evaluate information security continuity

Compliance

- Identification of applicable legislation and contractual requirements

- Intellectual property rights

- Privacy and protection of personally identifiable information

Independent review of information security:

- Technical compliance review

TECHNICAL INFORMATION
Only participants in the course can view the detailed technical description!
Course questionnaire
Thank you for your feedback!