PECB ISO/IEC 27002 Lead Manager (inglise keeles)
Training duration: 32 academic hours (4 days).
- Managers or consultants seeking to implement an Information Security Management System (ISMS) based on ISO/IEC 27001 and ISO/IEC 27002
- Project managers or consultants seeking to master the Information Security Management System implementation process
- Individuals responsible for the information security, compliance, risk, and governance, in an organization
- Members of information security teams
- Expert advisors in information technology
- Information Security officers
- Privacy officers
- IT professionals
- CTOs, CIOs and CISOs
Prerequisites: A fundamental understanding of ISO/IEC 27002 and comprehensive knowledge of Information Security.
Contents of this training
Trainer: PhD Andro Kull, certified ISO 27002 Lead Manager
Specific course content will include
- Day 1 Introduction to Information Security controls as recommended by ISO/IEC 27002
- Course objective and structure
- Standard and regulatory framework
- Fundamental Principles of Information Security
- Information Security Management System
- Information security policies
- Organization of information security
- Day 2 Information Security requirements and objectives based on ISO/IEC 27002
- Human resources security
- Asset Management
- Access Control
- Day 3 Monitoring, measurement, analysis, and evaluation of Information Security controls
- Physical and Environmental Security
- Operations Security
- Communications security
- Day 4 Continual improvement of an organization’s Information Security Management System performance
- System acquisition, development and maintenance
- Supplier Relationships
- Information security Incident Management
- Information security aspects of business continuity management
- Golden Rules and Conclusion
- Lead Manager Certification Scheme
- Closing the Training
- Master the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002
- Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective implementation and management of Information Security controls
- Comprehend the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance, and human behavior
- Understand the importance of information security for the strategy of the organization
- Master the implementation of information security management processes
- Master the formulation and implementation of security requirements and objectives
- certification exam;
- course materials;
- certification of attendance the course.
In addition we offer:
- snacks, tea and coffee;
- lunch on each training day.
Täienduskoolituse õppekavarühm: informatsiooni- ja kommunikatsioonitehnoloogia interdistsiplinaarne õppekavarühm
Andro Kull during his career, has worked in both sectors, public and private. In the previous years he has worked for the financial sector with regards to IT and information security, and for the energy sector with regards to IT risks, where security and continuity demands are very high. Kull started his career as IT specialist and IT manager, and has worked extensively as IT auditor and as IT risk manager for one of the largest company in Estonia. At the same time, he founded a small consulting company and managed projects related to IT risk assessment, the implementation of security measures, business continuity planning (BC), planning for recovery (DR), and crisis management mostly in public sector organizations.
The international environment is not new to Andro Kull, since he has participated in the European Central Bank internet payment security working group. Kull has been cooperating with the IT banking supervisors on an international level. Furthermore, he has organized one international conference in Tallinn. In addition, he has worked for European Union DG Connect as advisor connected with IT risk management recommendations development.
Andro Kull holds a PhD degree from the University of Tampere, concentrating on the IT oversight and compliance verification methodologies, and he currently is lecturing IT risk and information security management issues at the University of Tallinn.