REGISTRATION IS FULL FOR THIS EVENT
On Saturday and Sunday, July 17 and 18, 2021, 9:00AM to 5:00PM Eastern, ISACA South Florida will host a free training discussing ISO 27K Standards. ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
Abstract
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
ISO 27001 is an international standard that provides the basis for effective management of confidential and sensitive information and the application of information security controls. It enables organizations to demonstrate excellence and prove best practice in information security management. Conformance with the standard requires commitment to continually improve control of confidential and sensitive information, providing reassurance to sponsors, shareholders and customers alike.
ISO 27001 is one of the most commonly used standards for information security management and compliance. Many organizations worldwide are implementing the standard and getting ISO certified.
This training includes the definition of basic information security concepts and components; evolution of the ISO/IEC 27001:2013 ISMS Standard; the structure of the standard; the systematic approach to managing information security; the articles within the standard; and review of the controls framework (Annex-A) attached to the standard. Some examples of usage, documentation related information, and quick exercises regarding controls will also take part within the training. An overview of the path to an ISO certification will be given, and some other ISO standards complementing ISO 27001 will also be taken into consideration.
Who Can Attend?
∙ Students or Academicians working in Information Security or Cyber Security domains. ∙ Persons who want to learn about a standard framework for understanding, supporting, implementing or managing Information Security – Cyber Security.
∙ Employees who work or want to work in Information Security – Cyber Security roles. ∙ Auditors (Internal / External / IT / …) and Risk Management related employees. ∙ Program/Project managers or consultants who initiate or facilitate Information Security related projects or host audits in the organizations.
∙ Employees responsible for the Information Security or conformity in an organization. ∙ Members of an information security team.
∙ Management level professionals who perform their jobs being exposed to critical information, confidential information processing, and deal with privacy issues. ∙ Employees, consultants, advisors in information technology who want to extend their knowledge in Information Security.
Contents
DAY 1 - Introduction
∙ Evolution of the ISO 27001 Standard
∙ Product family of ISO 27001and some relevant/complementary standards ∙ The basic definition of Information Security and its components (CIA Triad) ∙ ISO 27001 Standard, its Structure and Contents
∙ ISO Standards List (SL) common to all standards
Major Articles of the Standard
∙ Identification of Scope and Scope Definition
∙ Preparation of an Information Security Policy
∙ Risk Identification
∙ Risk Assessment
DAY 2 - ANNEX A – Control Objectives and Controls (114)
∙ Information Security Policy
∙ Organization of Information Security
∙ Human Resources Security
∙ Asset Management
∙ Access Controls
∙ Cryptography
∙ Physical and Environmental Security
∙ Operations Security
∙ Communications Security
∙ System Acquisition, Development and Maintenance
∙ Supplier Relationships
∙ Information Security Incident Management
∙ Information Security Continuity
∙ Compliance
(*) This session does not replace the official ISO 27001 course training for ISO 27001 Certifications; it is a review of the standard and experience sharing for using or implementing it.