Information security management system internal auditor

(ISO 27001, ISO 19011)

This online course allows you to gain the necessary knowledge and skills to carry out an internal audit of the information security management system based on the ISO 27001:2013, ISO 19011:2018 standards.

Training participants will gain knowledge about various components of the information security management system (ISMS), including the following: leadership, risk management, necessary procedures, documentation, effectiveness measurement, review by management and continuous development, as well as tasks and roles of internal auditors during planning and carrying out audits, reporting, planning and monitoring activities and actions based on the results of audits.

Duration

36 hours

Language

English/Ukrainian

Format

100% online

Objectives

• Understand the principles of implementing the ISMS in accordance with the requirements of ISO 27001

• Get a complete understanding of the concepts, approaches, methods and techniques necessary for the effective management of the ISMS

• Gain knowledge in the scope of identifying risks and opportunities associated with ISMS

• Understand the relationship between the ISMS and compliance with the requirements of various stakeholders of the organization

• Develop the knowledge and skills necessary to advise organizations on the best practices for information security management and internal audit

• Get familiar with all stages of preparing and carrying out an internal audit

• Gain the necessary knowledge to manage an ISMS audit team

• Understand the operation of the ISMS in accordance with ISO 27001

• Improve the ability to analyze internal and external environments of an organization and make decisions in the context of the information security management system

Target audience

• Internal auditors

• Project managers and consultants who wish to become familiar with the business continuity management system audit process

• Members of an ISMS implementation team at the enterprise

• Professionals who want to gain in-depth knowledge of the ISMS

• Specialists involved in daily support of the ISMS processes

• Students of specialized faculties

Document on completion

ISMS internal auditor certificate, listed in the SIC international register

Evaluation scale

60.0-100.0 

0.0-59.9

Complies

Does not comply

Thematic plan

The course program includes 2 modules:

  1. Environmental management systems (ISO 14001)
  2. Internal audit (ISO 19011)

The program is designed for 36 hours, including time for studying theoretical material and taking tests.

Objectives

Module 1 Information Security Management Systems (ISO 27001)

Number of hours

1.1

Introduction

1,5

1.2

General provisions of the standard

2,5

1.3

Organization context

2

1.4

Leadership

2

1.5

Planning

2,5

1.6

Provision (resources)

2,5

1.7

Functioning

1

1.8

Performance evaluation

2,5

1.9

Improvement

1

1.10

Relation between goals (tasks) of management and means of their implementation

2

 

Testing

1

Module 2 Internal audit (ISO 19011)

Number of hours

2.1 Introduction                                                                   1
2.2 General provisions of the standard                         1,5
2.3 Audit program management (AP)                              5
2.4 Carrying out an audit                                                   5
2.5 Competence of auditors                                             2
Testing                                                                                  1

Module 1. Detailed content
1.1

Introduction:

–       Preface

–       Security solutions components

–       The main ways to communicate information

–       History of the Information Security Management System: Standards

–       Benefits of implementing the ISMS

–       Basic ISMS diagram

1.2

General provisions of the standard:

–       Structure of the standard

–       Scope of the standard

–       Terminology

1.3

Organization context:

–       Understanding the organization and its context, examples

–       Understanding needs and expectations of stakeholders, examples

–       Determining the scope of the ISMS, examples

–       ISMS and its processes

1.4

Leadership:

–       Leadership and obligations

–       Information security policy, examples of theses

–       Functions, responsibilities and authorities

1.5

 

Planning:

–       Actions on risks and opportunities, examples

–       Information security goals and planning for their achievement

–       Planning changes

1.6

Provision:

–       Competence

–       Awareness

–       Communications

–       Documented information

1.7

Functioning:

–       Operational planning and management

–       IS risks evaluation

–       IS risks treatment

1.8

Performance evaluation:

–       Monitoring, measurement, review and evaluation

–       Internal audit

–       Review by management

1.9

Improvement:

–       Inconsistencies and corrective actions

–       Continuous improvements

–       Relation between goals (tasks) of management and means of their implementation

1.10 Relation between goals (tasks) of management and means of their implementation
Module 2. Detailed content

2.1

Introduction:

–       Audit definition

–       Classification of audits

–       Audit criteria

–       History of the standard

2.2

General provisions of the standard:

–       Structure of the standard

–       Scope of application of the standard

–       Terminology

–       Principles

–       Auditor code of ethics

2.3

Audit program management (AP):

–       PDCA

–       General provisions

–       Diagram of the AP control process

–       AP Planning

–       Identification and assessment of risks and opportunities

–       Person in charge of the AP

–       Determining the scope of the AP

–       AP Resources

–       AP Execution

–       Determination of objectives, scope, and criteria for a specific audit

–       Selection and determination of audit methods

–       Selection of audit team members

–       AP records management

–       AP Monitoring

–       Reviewing and improving the AP

–       Unscheduled audits

2.4

Carrying out an audit:

–       Audit initiation

–       Preparation for an audit, an example of the Audit Plan.

–       Distribution of tasks in an audit team

–       Preparation of working documents, an example of a Checklist

–       Opening meeting

–       Exchange of information during audit

–       Collection and verification of information: examples of questions, spot check

–       Preparation of an Audit Report

–       Preparation of audit conclusions, example of a Statement of Nonconformities

–       Final meeting

–       Preparation and distribution of an Audit Report

2.5

Competence of auditors:

–       Competence assessment stages

–       Personal qualities

–       General knowledge and skills

–       General competence of an audit team leader

–       Support and improvement of the competence of an auditor