
Internal Quality Audit ISO 27001:2005
Seminar/Course Content
This training program is offered as a 2 day course, Training covers the standard
ISO/IEC 27001:2005 in detail with the domain and control objectives to perform the
internal Quality audit in the organization
Who Should Attend/Target
System Administration team, Chief Information Security officer, Network Team, Quality
Assurance Managers, Process Implementation Team Members, Internal Quality Audit
team
Recommended Training and/or Experience
Participants should have an basic understanding of the Security terminologies
Seminar Materials
Each participant will receive a seminar manual including case studies
Seminar Goals
Provide in detail of the Information security management system and their control
objectives to perform the internal Quality Audits
Seminar Outline
Day ITopics Covered
Session I
Introduction
Information Security A perspective
Business evolution
Various information threats
Myths about Information Security
Prime Concern protection of information
Parameters of Information security
Establishing ISMS
ISMS Definition
The ISO 27001 cycle and stakeholders (PDCA model)
Security Organization
Segregation of Duties
Key players of Security Function
Exercise
Form the Security organization and define the Roles and Responsibilities for the
same
Session - IIIS Standard
Evolution of ISO 27001
Why ISO 27001
Structure of ISO 27001
Risk Management
Overview of Risk Management
Methodology for Risk Assessment
Risk Treatment
Risk Mitigation
IS-Audit
Audit Methodology
Audit reporting
Corrective and Preventive action
Exercise
Conduct Risk Assessment for your organization
Day II
Session ISecurity Domains
Security Policy
Organization of Information Security
Asset Management
Human resources security
Physical and environmental security
Communications and Operations Management
Access Control
Exercise
For the given scenario, identify the relevant controls and define the policy for
that control
Session II
Security Domains Contd
Information systems acquisition, development and maintenance
Information security incident Management
Business continuity management
Compliance
Roadmap for ISO/IEC 270012005 Certification
Risk Management
IS policies
Statement of Applicability (Applicable controls)
Implementation of ISMS
Implementation Review of ISMS
Stage I audit
Stage II audit
Exercise
For the given scenario conduct the Information Security Audit
Course Sequence TTA TP21
ANDREW WEICHMANN | MANAGER MIDDLE EAST OPERATIONS
Omnex Dubai International FZ LLC | Office 211, Publishing Pavilion Building, | Dubai Production City, | P.O. Box No. 121348| Dubai, UAE.| Mobile: +971 55 262 9115 ,
Email:
info-me@omnex.com
|