Starts:  Jul 17, 2021 09:00 (ET)
Ends:  Jul 18, 2021 17:00 (ET)
Associated with  South Florida Chapter

Saturday and Sunday, July 17 and 18, 2021, 9:00AM to 5:00PM Eastern, ISACA South Florida will host a free training discussing ISO 27K Standards. ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.


ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining  and continually improving an information security management system within the context of  the organization. It also includes requirements for the assessment and treatment of  information security risks tailored to the needs of the organization. The requirements set out  in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations,  regardless of type, size or nature. 

ISO 27001 is an international standard that provides the basis for effective management of  confidential and sensitive information and the application of information security controls. It  enables organizations to demonstrate excellence and prove best practice in information  security management. Conformance with the standard requires commitment to continually  improve control of confidential and sensitive information, providing reassurance to sponsors,  shareholders and customers alike. 

ISO 27001 is one of the most commonly used standards for information security management  and compliance. Many organizations worldwide are implementing the standard and getting  ISO certified.  

This training includes the definition of basic information security concepts and components;  evolution of the ISO/IEC 27001:2013 ISMS Standard; the structure of the standard; the  systematic approach to managing information security; the articles within the standard; and  review of the controls framework (Annex-A) attached to the standard. Some examples of  usage, documentation related information, and quick exercises regarding controls will also  take part within the training. An overview of the path to an ISO certification will be given,  and some other ISO standards complementing ISO 27001 will also be taken into  consideration. 

Who Can Attend? 

Students or Academicians working in Information Security or Cyber Security domains. Persons who want to learn about a standard framework for understanding, supporting,  implementing or managing Information Security – Cyber Security. 

Employees who work or want to work in Information Security – Cyber Security roles. Auditors (Internal / External / IT / …) and Risk Management related employees. Program/Project managers or consultants who initiate or facilitate Information Security  related projects or host audits in the organizations.

Employees responsible for the Information Security or conformity in an organization. Members of an information security team. 

Management level professionals who perform their jobs being exposed to critical  information, confidential information processing, and deal with privacy issues. Employees, consultants, advisors in information technology who want to extend their  knowledge in Information Security. 


DAY 1 - Introduction 

Evolution of the ISO 27001 Standard 

Product family of ISO 27001and some relevant/complementary standards The basic definition of Information Security and its components (CIA Triad) ISO 27001 Standard, its Structure and Contents 

ISO Standards List (SL) common to all standards 

Major Articles of the Standard 

Identification of Scope and Scope Definition 

Preparation of an Information Security Policy 

Risk Identification 

Risk Assessment 

DAY 2 - ANNEX A – Control Objectives and Controls (114) 

Information Security Policy 

Organization of Information Security 

Human Resources Security 

Asset Management 

Access Controls 


Physical and Environmental Security 

Operations Security 

Communications Security 

System Acquisition, Development and Maintenance 

Supplier Relationships 

Information Security Incident Management 

Information Security Continuity 


(*) This session does not replace the official ISO 27001 course training for ISO  27001 Certifications; it is a review of the standard and experience sharing for  using or implementing it.


Online Instructions:
Event Image