Practices for supporting and improving information security management systems in accordance with the requirements of
ISO 27001
This online course will provide the top management of organizations with the necessary knowledge and skills to use the full capabilities of the information security management system to effectively and efficiently manage their business.
The course also contains a range of practical tools to help your management system work like a charm.
Duration
48 hours
Language
English/Ukrainian/Russian
Format
100% online
Objectives
- Successfully implement a systematic approach to business management
- Apply effective business planning tools
- Accurately identify processes, evaluate their performance, and manage them effectively and efficiently
- Effectively allocate responsibilities and authorities
- Correctly formulate the policy and strategy of your business
- Develop risk-based thinking
- Develop goals at the strategic, tactical and operational level
- Build a team of like-minded people, determine and maintain the competence of each employee, build a motivation system at your company
- Conduct regular reviews of your management system
- Get the most out of implementing the «Improvement» principle
Target audience
- Successful managers and leaders who wish to achieve maximum results
- Managers of all levels – to develop their own leadership and managerial abilities, as well as to develop their team and business
- Specialists who plan to take up managerial positions – to gain self-confidence and a deep understanding of the specifics of future work
Document on completion
Top manager certificate, specialization «Practices for supporting and improving information security management systems (ISMS) in accordance with the requirements of ISO / IEC 27001», listed in the SIC International Register
Evaluation scale
60.0-100.0
0.0-59.9
Complies
Does not comply
Thematic plan
The course program includes 2 modules.
The program is designed for 48 hours, including time for studying theoretical material and testing.
Objectives
Module 1 The practice of implementing, maintaining and improving the information security management system in accordance with the requirements of ISO 27001:2022
Number of hours
|
1 |
Introduction |
1,5 |
|
2 |
General provisions of the standard |
2,5 |
|
3 |
Context of the organization |
2 |
|
4 |
Leadership |
2 |
|
5 |
Planning |
2,5 |
|
6 |
Support (resources) |
2,5 |
|
7 |
Operation |
1 |
|
8 |
Performance evaluation |
3 |
|
9 |
Improvement |
1 |
|
10 |
Information security controls |
5 |
|
|
Testing |
1 |
Module 2 Tools and approaches for the development and continual improvement of the management system
Number of hours
|
1.1 |
Understanding the organization and its context |
3 |
|
1.2 |
Understanding the needs and expectations of stakeholders |
1 |
|
1.3 |
MS scope and processes |
1 |
|
1.4 |
Leadership |
2 |
|
1.5 |
Policy and strategy |
1 |
|
1.6 |
Roles, responsibilities and authorities |
1 |
|
1.7 |
Actions to address risks and opportunities |
2 |
|
1.8 |
MS objectives |
1 |
|
1.9 |
Planning of changes |
1 |
|
1.10 |
Resources |
2 |
|
1.11 |
Documented information |
1 |
|
1.12 |
Operational planning and control over current activities |
1 |
|
1.13 |
Internal audits |
1 |
|
1.14 |
Management review |
2 |
|
1.15 |
Nonconformity and corrective action |
1 |
|
1.16 |
Improvement |
2 |
|
|
Testing |
2 |
Module 1. Detailed content
|
1 |
Introduction: – General – The most popular cyber security threats – Information security management systems: benefits – ISMS standards: history – Changes to the latest edition of ISO/IEC 27001 |
|
2 |
General provisions of the standard: – Framework of the standard – Scope – Terms and definitions |
|
3 |
Context of the organization: – Understanding the organization and its context, examples – Understanding the needs and expectations of interested parties, examples – Determining the scope of the information security management system – ISMS and its processes |
|
.4 |
Leadership: – Leadership and commitment – Policy, topic-specific IS policies – Organizational roles, responsibilities and authorities |
|
5
|
Planning: – Actions to address risks and opportunities – Information security objectives – Planning of changes |
|
6 |
Support: – Resources, examples – Competence – Awareness – Communication, examples – Documented information, list of mandatory documents |
|
7 |
Operation: – Operational planning and control – Information security risk assessment – Information security risk treatment |
|
.8 |
Performance evaluation: – Monitoring, measurement, analysis and evaluation – Internal audit – Management review |
|
9 |
Improvement: – Nonconformity and corrective action – Continual improvement |
|
10 |
Information security controls: – Organizational controls – People controls – Physical controls – Technological controls |
Module 2. Detailed content
| 1.1 |
Understanding the organization and its context: – SWOT analysis: strengths, weaknesses, opportunities, threats – SWOT matrix – PEST analysis: – The PEST analysis main stages |
| 1.2 |
Understanding the needs and expectations of stakeholders: – Stakeholders: types, categories, handling of needs and expectations |
| 1.3 |
MS scope and processes: – Determining the scope – Process identification – Responsibilities and authorities – Actions for effectiveness and efficiency |
| 1.4 |
Leadership: – Leadership in management systems – A leader and leadership qualities |
|
1.5
|
Policy and strategy: – Role of the MS policy – Strategy formulation model |
| 1.6 |
Roles, responsibilities and authorities: – Distribution of roles, process-based approach – Responsibility matrix |
| 1.7 |
Actions to address risks and opportunities: – The impact of risks and opportunities on the organization’s activities – Management levels – Identifying critical points – Documented information |
| 1.8 |
MS objectives: – Developing objectives at the strategic, tactical, and operational level – SMART technology |
| 1.9 | Planning of changes |
| 1.10 |
Resources: – Resources – Knowledge base – Competence – Awareness – Communication |
| 1.11 |
Documented information: – Documentation development principles |
| 1.12 |
Operational planning and control over current activities: – Operational control methods – Factors – Outsourced process |
| 1.13 |
Internal audits: – Purpose and frequency of internal audits |
| 1.14 | Management review: suitability, adequacy, effectiveness |
| 1.15 |
Nonconformity and corrective action: – Root cause analysis – Problem statement: The «5 Whys» Principle |
| 1.16 |
Improvement: – The «Improvement» principle: benefits – Setting objectives – Education and training of personnel – Review of improvement projects – Development and implementation of improvements – Acceptance of improvements |