driving worldwide
business excellence

> Training and Workshops

Auditing Your ISMS - Internal Auditor Course Based on ISO/IEC 17799:2005 and ISO/IEC 27001:2005

Seminar Content

This 2-day course, leading to a Certified Information Security Management System - Internal Auditor for ISO/IEC 27001:2005 (CISMS-IA) Certification, provides a solid foundation in all aspects of the Information Security audit process. The aim of this course is to enable participants to understand, develop and implement an in-house ISMS audit program which fulfills the requirements for internal audits to ISO/IEC 27001:2005. Professionally planned audits will identify potential and actual security weaknesses in the company, thus providing the opportunity to initiate action before a security breach has the chance to cause damage.

Who Should Attend

Managers who need an understanding of the security issues within their company, those nominated to perform security audits, and consultants who desire information on the ISO/IEC 27001:2005 methodology.

Recommended Training and/or Experience

This course does not require a prior knowledge of the standard. Previous experience in Information Security and auditing will help.

Seminar Materials

All students will receive a copy of seminar materials.

Seminar Goals

At the end of this course, delegates will be able to:

• Understand the key principles of auditing an Information Security
• Management System using the auditing best practices defined by ISO 19011:2002
• Understand the key requirements of ISO/IEC 17799:2005 and ISO/IEC 27001:2005
• Learn how to conduct effective internal audits of an ISMS based on ISO/IEC 27001:2005
• Understand how to plan, execute, report, and follow-up on a security audit
• Find out how the audit process facilitates the continual improvement of security controls
• Learn how to audit suppliers and subcontractors with respect to Information Security
• Know how to deal with typical auditing difficulties

Seminar Outline

Train your auditors with this course, and give them practice with each step of the audit process. The training covers the ISO/IEC 27001:2005 standard, gives the students a chance to work with it and get familiar with the requirements. Then the training guides the students through the audit process. They will prepare an audit plan, conduct opening meetings, audit documents and records, document their findings, hold a closing meeting and write the audit report.

A combination of tutorials, exercises and role-playing are used to cover the following topics:

• Introduction to information security audits and the Process Approach to Auditing
• Clarifying and validating stakeholders' expectations of internal audits
• Assessing current internal audit structure, methodologies, resources and capabilities
• Programming/Scheduling Audits--planning and preparation
• Audit guidance tools
• Presentation of audit findings
• Follow-up activities
• Identifying opportunities to improve internal audit capabilities and processes
• Developing actionable strategic plans to align internal audit with corporate goals
• Internal Audit Forms used to plan and conduct the audit
  ISMS Manual, Procedures and Forms from the fictional “Reachout International” - a company that needs an Internal Audit from your team.

To achieve certification, students must:

• Pass the continuous assessment by demonstrating acceptable levels of performance in formal continuous assessment processes.
• Pass the written Examination: students must clear the written ISMS Internal Auditor examination.

Course Sequence: ISMS2DIAT

Sitemap | Privacy Policy | Terms of Use

© 2008 Omnex Inc, USA. All rights reserved
Questions or comments regarding this website: webmaster@omnex.com
Powered By Omnex Communications

This site is designed for Netscape 6x, Internet Explorer 5x, and Mozilla 1x