Description
Our 1.0 day onsite course will explain and interpret the ISO 27001:2013 requirements for an information security management system at your organization. See the course outline below for the topics, class workouts, and team activities.
Course Outline
Concepts
Annex L, Appendix 2 (was Annex SL)
Clause Structure
Requirement Grouping
Introduction to ISO 27001:2013
0.1 General
ISO 27001 Family of Standards
0.2 Compatibility with Other Management System Standards
Clause Structure in PDCA Cycle
1. Scope
2. Normative References
3. Terms and Definitions
Context of the Organization
4.1 Understanding the Organization and its Context
ISO 31000 Internal and External Context
4.2 Understanding the Needs and Expectations of Interested Parties
4.3 Determining the Scope of the Information Security Management System
4.4 Information Security Management System
Class Workout – Clause 4
Team Activity – Clause 4
Leadership
5.1 General
5.2 Quality Policy
5.3 Organizational Roles, Responsibilities, and Authorities
Class Workout – Clause 5
Team Activity – Clause 5
Planning
6.1 Actions to Address Risks and Opportunities
6.1.1 General
6.1.2 Information Security Risk Assessment
6.1.3 Information Security Risk Treatment
6.2 Information Security Objectives and Planning to Achieve Them
Class Workout – Clause 6
Team Activity – Clause 6
Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented Information
7.5.1 General
7.5.2 Creating and Updating
7.5.3 Control of Documented Information
Class Workout – Clause 7
Team Activity – Clause 7
8. Operation
8.1 Operational Planning and Control
8.2 Information Security Risk Assessment
8.3 Information Security Risk Treatment
Class Workout – Clause 8
Team Activity – Clause 8
9. Performance Evaluation
9.1 Monitoring, Measurement, Analysis, and Evaluation
9.2 Internal Audit
9.3 Management Review
Class Workout – Clause 9
Team Activity – Clause 9
10. Improvement
10.1 Nonconformity and Corrective Action
10.2 Continual Improvement
Class Workout – Clause 10
Team Activity – Cause 10
Annex A
A.5 – Information security policies
A.6 – Organization of information security
A.7 – Human resource security
A.8 – Asset management
A.9 – Access control
A10 – Cryptography
A11 – Physical and environmental security
A.12 – Operations security
A.13 – Communication security
A.14 – System acquisition, development, and maintenance
A.15 – Supplier relationships
A.16 – Information security incident management
A.17 – Information security continuity
A.18 – Compliance with legal and contractual requirements
Team Activity – Annex A
Course Summary
Questions and Answers
Course Evaluations
Student Certificates
Course Handouts
Copy of Presentation Slides
Annex L – Appendix 2
Clause Quick Reference
Duration
1.0 days
Class Hours
8:30 AM to 4:30 PM
Price
An onsite class is $2000, plus instructor travel expenses, plus $50 per student for materials. An all-inclusive price will be quoted.
A copy of the standard will not be needed for the course exercises. The class size should be at least 4 students and no more than 25 students.
NOTE: If you are interested in scheduling an onsite class, please send an email to Larry@WhittingtonAssociates.com.