PECB Certified ISO 27001 Lead Implementer
The training course enables participants to acquire the knowledge necessary to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an information security management system (ISMS).
Training duration: 32 ac h (4 days). Certification exam is held on day 5.
Target audience:
- Managers or consultants involved in Information Security Management
- Expert advisors seeking to master the implementation of an Information Security Management System
- Individuals responsible for maintaining conformance with ISMS requirements
- ISMS team members
Prerequisites: earlier practical exposure in managing the business continuity or auditing. The main requirement for participating in this training course is having a general knowledge of the ISMS concepts and ISO/IEC 27001.
Contents of this training
ISO/IEC 27001 Lead Implementer training enables you to develop the necessary expertise to support an organization in establishing, implementing, managing and maintaining an Information Security Management System (ISMS) based on ISO/IEC 27001. During this training course, you will also gain a thorough understanding of the best practices of Information Security Management Systems to secure the organization`s sensitive information and improve the overall performance and effectiveness.
This training course is designed to prepare you to implement an information security management system (ISMS) based on the requirements of ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement.
After mastering all the necessary concepts of Information Security Management Systems, you can sit for the exam and apply for a “PECB Certified ISO/IEC 27001 Lead Implementer” credential. By holding a PECB Lead Implementer Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to implement ISO/IEC 27001 in an organization.
Trainer: PhD Andro Kull, certified ISO 27001 Lead Implementer
Course agenda:
Day 1: Introduction to ISO/IEC 27001 and initiation of an ISMS
Day 2: Planning the implementation of an ISMS
Day 3: Implementation of an ISMS
Day 4: ISMS monitoring, continual improvement, and preparation for the certification audit
Day 5: Certification exam
Specific course content will include
- Day 1
- Introduction to ISO/IEC 27001 and initiation of an ISMS
- Course objectives and structure
- Standards and regulatory frameworks
- Information Security Management System (ISMS)
- Fundamental principles of Information Security Management Systems
- Initiating the implementation of an ISMS
- Understanding the organization and clarifying the Information Security objectives
- Analysis of the existing management system
- Day 2
- Plan the implementation of an ISMS
- Leadership and approval of the ISMS project
- ISMS scope
- Information Security policies
- Risk assessment
- Statement of Applicability and top management`s decision to implement the ISMS
- Definition of the organizational structure of Information Security
- Day 3
- Implementation of an ISMS
- Definition of the document management process
- Design of security controls and drafting of specific policies & procedures
- Communication plan
- Training and awareness plan
- Implementation of security controls
- Incident Management
- Operations Management
- Day 4
- ISMS monitoring, measurement, continuous improvement and preparation
for a certification audit - Monitoring, measurement, analysis and evaluation
- Internal audit
- Management review
- Treatment of non-conformities
- Continual improvement
- Preparing for the certification audit
- Competence and evaluation of implementers
- Closing the training
- ISMS monitoring, measurement, continuous improvement and preparation
Intended outcome
Learning objectives:
By the end of this training course, the participants will be able to:
- explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001;
- interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an implementer;
- initiate and plan the implementation of an ISMS based on ISO/IEC 27001, by utilizing PECB’s IMS2 Methodology and other best practices;
- support an organization in operating, maintaining, and continually improving an ISMS based on ISO/IEC 27001;
- prepare an organization to undergo a third-party certification audit.
The price includes:
- training;
- certification exam voucher;
- course materials;
- certification of attendance the course.
Täienduskoolituse õppekavarühm: andmebaaside ja võrgu disain ning haldus (0612 ISCED)
Trainer
-
Andro KullAndro Kull during his career, has worked in both sectors, public and private. In the previous years he has worked for the financial sector with regards to IT and information security, and for the energy sector with regards to IT risks, where security and continuity demands are very high. Kull started his career as IT specialist and IT manager, and has worked extensively as IT auditor and as IT risk manager for one of the largest company in Estonia. At the same time, he founded a small consulting company and managed projects related to IT risk assessment, the implementation of security measures, business continuity planning (BC), planning for recovery (DR), and crisis management mostly in public sector organizations.
The international environment is not new to Andro Kull, since he has participated in the European Central Bank internet payment security working group. Kull has been cooperating with the IT banking supervisors on an international level. Furthermore, he has organized one international conference in Tallinn. In addition, he has worked for European Union DG Connect as advisor connected with IT risk management recommendations development.
Andro Kull holds a PhD degree from the University of Tampere, concentrating on the IT oversight and compliance verification methodologies, and he currently is lecturing IT risk and information security management issues at the University of Tallinn.
