+88 01712 662292

ISO 27001 Foundation

ISO 27001 Foundation

Course Overview:

ISO/IEC 27001:2022 international standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. Information being a valuable asset and building block is important to the growth, success and maintaining credibility of any organization. Information needs to be suitably protected like any other important business asset. If this asset is compromised, then the organization may be exposed to various threats including cybersecurity threats, identity theft and risks which may lead to brand image erosion, business disruption, financial and productivity loss etc.

The course will be conducted by our experienced Foundations, who have audited numerous organizations. This intensive course is a pre-requisite in becoming a registered auditor / Foundation. The course is structured to provide the knowledge and skills required to assess the Information Security Management System of an organization in accordance with the requirements of the ISO/IEC 27001:2022 international standard.

This comprehensive five-day course is structured to provide an understanding of ISO/IEC 27001:2022 requirements blended with presentations, case studies, exercises, workshops and role-plays to ensure that the participant thoroughly understands the role of an auditor / Foundation and acquires the expertise needed to perform effective audits.

Why should you attend?

ISO/IEC 27001 Foundation training allows you to learn the basic elements to implement and manage an Information Security Management System as specified in ISO/IEC 27001. During this training course, you will be able to understand the different modules of ISMS, including ISMS policy, procedures, performance measurements, management commitment, internal audit, management review and continual improvement.

 After completing this course, you can sit for the exam and apply for the Certificate Holder in ISO/IEC 27001 Foundation” credential. A Foundation Certificate shows that you have understood the fundamental methodologies, requirements, framework and management approach.

Who should attend?

Managers and consultants seeking to know more about information security
Professionals wishing to get acquainted with ISO/IEC 27001 requirements for an ISMS
Individuals engaged in or responsible for information security activities in their organization
Individuals wishing to pursue a career in information security

Learning objectives:

Describe the main information security management concepts, principles, and definitions
Explain the main ISO/IEC 27001 requirements for an information security management system (ISMS)
Identify approaches, methods, and techniques used for the implementation and management of an ISMS

Duration:

Full 2 Days (16 Hours)

Course Content:

Domain 1:

Fundamental principles and concepts of an information security management system (ISMS).

Main objective:

Ensure that the candidate understands and is able to interpret the main ISO/IEC 27001 principles and concepts based on ISO/IEC 27001.

Competencies:

  1. Ability to explain the relation between ISO/IEC 27001 and other ISO standards, such as ISO/IEC 27002 and ISO/IEC 27003
  2. Ability to distinguish between other ISO management system standards
  3. Ability to interpret the definition of a management system
  4. Ability to explain the structure of ISO/IEC 27001
  5. Ability to identify the main requirements of ISO/IEC 27001 for an ISMS
  6. Ability to explain the main concepts of information security
  7. Ability to explain the relationship between information and assets
  8. Ability to interpret the concept of confidentiality, integrity, and availability of information
  9. Ability to explain the definition of threat, vulnerability, and information security risk
  10. Ability to interpret the relationship between information security concepts, such as vulnerability, threat, risk, and impact
  11. Ability to describe the main characteristics of artificial intelligence and cloud computing

Knowledge statements:

  1. Knowledge of the main standards of the ISO/IEC 27000 family
  2. Knowledge of other information security regulations, industry standards, and best practices
  3. Knowledge of the advantages of implementing an ISMS based on ISO/IEC 27001
  4. Knowledge of the definition of management system and management system standards
  5. Knowledge of the structure of ISO/IEC 27001
  6. Knowledge of the main requirements of ISO/IEC 27001, clauses 4 to 10
  7. Knowledge of the “Plan-Do-Check-Act” (PDCA) cycle
  8. Knowledge of the main concepts of information security related to ISO/IEC 27001
  9. Knowledge of the relationship between information security elements
  10. Knowledge of the concept of information confidentiality, integrity, and availability
  11. Knowledge of information security vulnerabilities, threats, and risks
  12. Knowledge of the main characteristics of artificial intelligence and cloud computing

Domain 2:

Information security management system (ISMS)

Main objective:

Ensure that the candidate is able to identify and interpret the requirements of ISO/IEC 27001 for an ISMS.

Competencies:

  1. Ability to analyze how ISMS objectives are set
  2. Ability to analyze the internal and external context of an organization
  3. Ability to identify the key roles and responsibilities of interested parties regarding the ISMS
  4. Ability to explain the requirements of ISO/IEC 27001 regarding leadership and commitment of the top management
  5. Ability to identify different types of policies
  6. Ability to interpret the development life cycle of an information security policy
  7. Ability to explain the different activities of the risk management process
  8. Ability to identify the criteria that should be considered when selecting a risk assessment methodology
  9. Ability to explain how risks are identified, analyzed, and evaluated
  10. Ability to interpret the requirements of ISO/IEC 27001 regarding information security risk treatment
  11. Ability to interpret the requirements of ISO/IEC 27001 regarding competence and awareness
  12. Ability to identify the resources required for the ISMS implementation
  13. Ability to interpret the concepts of training, awareness, and communication
  14. Ability to explain the requirements of ISO/IEC 27001 regarding documented information
  15. Ability to identify the main processes necessary for the operation of an ISMS
  16. Ability to interpret the requirements of ISO/IEC 27001 regarding performance evaluation
  17. Ability to distinguish between different types of audits
  18. Ability to explain the concept of nonconformity and the corrective action process
  19. Ability to interpret the requirements of ISO/IEC 27001 regarding management review
  20. Ability to interpret the requirements of ISO/IEC 27001 regarding continual improvement

Knowledge statements:

  1. Knowledge of typical ISMS objectives
  2. Knowledge of what typically constitutes an organization’s internal and external context
  3. Knowledge of the roles and responsibilities of interested parties relevant to ISMS
  4. Knowledge of the role of the top management in regards to the ISMS implementation
  5. Knowledge of different policies, such as high-level general, high-level specific, and topic-specific
  6. Knowledge of information security policy and its development life cycle
  7. Knowledge of the processes required to manage information security risks
  8. Knowledge of the selection of the risk assessment methodology
  9. Knowledge of risk identification, analysis, and evaluation
  10. Knowledge of risk treatment options
  11. Knowledge of the main competence and awareness activities
  12. Knowledge of resource management during the ISMS implementation process
  13. Knowledge of training and awareness activities and communication principles
  14. Knowledge of the types of documented information relevant to the ISMS
  15. Knowledge of operational planning requirements of ISO/IEC 27001
  16. Knowledge of the concepts of monitoring, measurement, analysis, and performance evaluation and their differences
  17. Knowledge of internal and external audits
  18. Knowledge of nonconformities, action plans, and corrective actions
  19. Knowledge of management review activities
  20. Knowledge of the definition and benefits of continual improvement
  21. Knowledge of the type and function of security controls
  22. Knowledge of Annex A controls of ISO/IEC 27001

About Us

For the focus on powerful enablers such as “Adaptability” and “Transformability” we have hand picked our team, full of subject matter experts from various walks of life; however their objective is not really to share what they know but to understand fully what is actually needed, and then, devise methods to genuinely fulfil it

With our collective mindset that is Progressive, Customer centric and with an unstinting zeal to Outperform it is certain that we can create ‘true value’ for our Partners, Customers and Benefactors.

Contact Us

Facebook Linkedin Behance

Create your account