Information being a valuable asset is a building block and key to the growth of any organization, hence it needs to be suitably protected like any other important business asset. In the modern world this asset becomes crucial for success and maintaining credibility of an organization. If the protection to this asset is compromised, the organization may be exposed to a wide range of threats that may exploit existing vulnerabilities and cause damage which may lead to brand image erosion, business disruption, financial and productivity loss etc.
ISO / IEC 27001:2013 international standard is one such tool which can be used to assist an organization to identify and address the risks associated with their business and to ensure information security continuity within their business continuity management system, minimize business risk, maximize return on investments and increase business opportunities.
Our Lead Auditor training and risk management courses are structured to provide an in depth understanding of ISO / IEC 27001:2013 requirements in auditing context and to ensure that the learning objectives are met.
What will you learn / Learning Objectives:
• To conduct effective Information Security Management System audits of an organization based on ISO / IEC 27001:2013 international standard requirements.
• Understand roles and responsibilities of an auditor.
• To plan, execute, report and follow-up on an Information Security Management System audit.
Who should attend?
• Information Security Practitioners
• Head – IT, Chief Information Security Officer (CISO)
• Information Security Management System Consultants or Management Representatives
• Information Security Managers
• Core group members or professionals responsible for establishing, implementing, maintaining, auditing and improving Information Security Management Systems
Course length / Duration: 5 consecutive days.
• This course is registered with CQI IRCA (Chartered Quality Institute | International Register of Certificated Auditors) and fulfils all compliances of CQI IRCA.
• Maximum time will be spent on exercises and role plays with an “accelerated learning” approach to equip the participants with the required auditing knowledge and skills to conduct effective audits.
• Lead auditor training course will be conducted by experienced trainers who have also got vast experience in auditing. This is a good platform for learning and sharing knowledge.
• Meeting international benchmarks of security cover.
• Effectively securing sensitive information and prevention of information security breaches.
• Building credibility, trust and confidence in your customer.
• Facilitates compliance with legal laws.
• Risk management
Essential pre-requisite for this program
The participants who are interested to attend this course must have prior knowledge of management system and principles and concepts of Information Security Management. Participants are expected to have the following prior knowledge:
a) Management Systems
• Understand the Plan-Do-Check-Act (PDCA) cycle
• The High Level Structure
b) Information Security Management
• Knowledge of the information security management principles and concepts:
• Awareness of the need for information security,
• Roles and responsibilities in information security;
• Understanding management commitment and the interests of stakeholders.
• Using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk.
• Incorporating security as an essential element of information networks and systems;
• Preventing and detecting information security incidents;
• Continual reassessment of information security and making improvements as appropriate.
c) ISO/IEC 27001
• Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000, which may be gained by completing an ISMS Foundation Training course or equivalent.
*Relevant proofs to be submitted
This course is not for filling gaps in the knowledge about the standard; but for enhancing the knowledge about the same with regards to audit context.
Examination and Certification:
• Participants will be assessed throughout the course for punctuality, presentation skills, interactive approach, involvement, role-play, daily tests etc. and finally through a written examination (closed book) at the end of the course. Minimum passing criteria is 70%.
• Participants who scores 70% and above in both the continuous assessment and written examination will be issued a CQI IRCA accredited certificate. Unsuccessful candidates will be issued a certificate of attendance.