OVERVIEW
The Information Security Management Systems (ISMS) Internal Auditor course teaches the fundamental requirements to conduct internal audits in accordance with ISO 27001:2005 "Information Security Management Systems Requirements" and ISO 19011:2002, “Guidelines for Quality and/or Environmental Management Systems Auditing.” The course provides with a firm understanding of the concepts that lead to effective audits through workshops, case studies, and open discussions. Role-playing audit scenarios helps develop a hands-on understanding that will facilitate the implementation of a good ISMS and audit program as well as provide a deep insight into the ISO 27001 standard.
Internal audit is a mandatory requirement of information security management systems based on the ISO 27001:2005 Information Security Management Systems standard.
TARGET AUDIENCE
This course is intended for employees or individuals responsible for managing, maintaining or participating in ISMS Internal Audits, including:
- Information Systems or MIS Directors or Managers
- Compliance Officers or Managers
- IT Professionals and Network Engineers
- Information Security Officers, Managers, ISM or ISMS Managers
- ISO coordinators or Management Representatives
This course is designed also for people who just want to get a firm understanding of the ISO 27001:2005 standard and their role in ensuring conformance to the organization's information security management system.
LEARNING OBJECTIVES
- Understand information security definitions, background and objectives of ISO 27001:2005
- Understand the requirements of the ISO 27001:2005 standard
- Understand risk assessment and the controls of Annex A
- Understand the roles and responsibilities of the auditor
- Prepare and conduct all phases of an internal audit (plan, execute, report, record, follow-up, closure)
- Prepare and present effective reports
- Understand to evaluate the effectiveness of responses to corrective and preventive actions
DURATION AND CLASS HOURS
The duration of this course is three days, with times allocated as follows:
- Day 1: 8:30 AM - 5:30 PM
- Day 2: 8:30 AM - 5:00 PM
- Day 3: 8:00 AM - 5:00 PM
PREREQUISITE
The ISMS Internal Auditor course is designed for individuals with little knowledge of ISO 27001. The first one and a half days of the course is dedicated to learning and understanding the ISO 27001:2005 standard.
COURSE MATERIALS
Students receive comprehensive course manuals with reference materials, including:
- Presentation slides
- Case studies
- Workshop exercises
- Forms used throughout the course
LANGUAGES
The full course, including all the workshops, can be taught in English or Spanish.
SUMMARY AGENDA
The topics in this course include:
- Introduction
- Information Security, Risk Assessment and Asset concepts and definitions
- Structure of ISO 27001:2005 Standard
- The ISO 27001:2005 Standard - Clause 4 through 8
- Control Objectives and Controls of Annex A
- The Risk Assessment Process Lifecycle
- Employees, Contractor, Vendor and Customer Security
- Physical Security o Network, IT Systems, Web and Mobile Security
- Information Security Incident Handling
- Business Continuity and Disaster Recovery
- The ISO 19011:2002 Standard
- Audit planning & preparation, document review
- Nonconformities
- Performing the audit
- Opening meeting
- Performing the Audit
- Reporting audit results
- Closing meeting
- Auditor responsibilities
- Audit Closure: Corrective and Preventive action verification and follow-up
- Fifteen (15) Workshops
PRICING
Total price for this course is $ 1080.
Print PDF Version
Register