Information Security Management Systems Manager (ISO 27001)

This online course allows you to gain the necessary knowledge and skills to develop, implement and maintain the information security management system (ISMS) based on ISO 27001:2022.

Training participants will gain knowledge about various components of the information security management system (ISMS), including the following: leadership, risk management, necessary procedures and information security controls, documentation, performance evaluation, management review, continual development and improvement of the ISMS.

View Our Work

Duration

24 hours

Language

English/Ukrainian/Russia

Format

100% online

Objectives

Understand the principles of implementing the ISMS in accordance with the requirements of ISO 27001
Get a complete understanding of the concepts, approaches, methods and techniques necessary for the effective management of the ISMS
Gain knowledge in the scope of identifying risks and opportunities associated with the ISMS
Understand the relationship between the ISMS and compliance with the requirements of various stakeholders of the organization
Improve the ability to analyze the internal and external environment of an organization and make decisions in the context of the information security management system
Determine which of the 93 information security controls are applicable to your organization

Target audience

Heads and specialists of departments responsible for information security
Project managers and consultants who wish to master the process of developing and implementing an information security management system
Members of the ISMS implementation team at the enterprise
Professionals who wish to gain in-depth knowledge of the ISMS
Specialists involved in the day-to-day support of the ISMS processes
Students of specialized faculties

Document on completion

ISMS Manager Certificate, listed in the SIC international register

Evaluation scale

60.0-100.0

0.0-59.9

Complies

Does not comply

Thematic plan

The course program includes:

1 Module “Information security management systems (ISO/IEC 27001)”

The program is designed for 24 hours, including time for studying theoretical material and taking tests.

Objectives

Module 1 Information Security Management Systems (ISO 27001)

Number of hours

1	Introduction	1,5
2	General provisions of the standard	2,5
3	Context of the organization	2
4	Leadership	2
5	Planning	2,5
6	Support (resources)	2,5
7	Operation	1
8	Performance evaluation	3
9	Improvement	1
10	Information security controls	5
	Testing	1

Detailed content of the program Module 1Information Security Management Systems (ISO 27001)

Introduction:

– General

– The most popular cyber security threats

– Information security management systems: benefits

– ISMS standards: history

– Changes to the latest edition of ISO/IEC 27001

General provisions of the standard:

– Framework of the standard

– Scope

– Terms and definitions

Context of the organization:

– Understanding the organization and its context, examples

– Understanding the needs and expectations of interested parties, examples

– Determining the scope of the information security management system

– ISMS and its processes

Leadership:

– Leadership and commitment

– Policy, topic-specific IS policies

– Organizational roles, responsibilities and authorities

Planning:

– Actions to address risks and opportunities

– Information security objectives

– Planning of changes

Support:

– Resources, examples

– Competence

– Awareness

– Communication, examples

– Documented information, list of mandatory documents

Operation:

– Operational planning and control

– Information security risk assessment

– Information security risk treatment

Performance evaluation:

– Monitoring, measurement, analysis and evaluation

– Internal audit

– Management review

Improvement:

– Nonconformity and corrective action

– Continual improvement

Information security controls:

– Organizational controls

– People controls

– Physical controls

– Technological controls