Information being a valuable asset and a building block is the key to the growth of any organization. Information needs to be suitably protected like any other important business asset. In the modern world this asset becomes crucial for success and maintaining credibility. If this asset is compromised then the organization may have to face various threats and risks like brand image erosion, business disruption, financial and productivity loss etc.
Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, maximize return on investments and increase business opportunities.
This implementer course on ISO 27001 equips professionals to gain an overview and understanding on the ISO 27001 standard, supported by ISO 27002 – Code of practices on information security controls and ISO 27003 – ISMS implementation guidelines.
• To give an overview of the Information Security Management System standard and interpretation of its requirements to the participants.
• To understand the key differences between ISO 27001:2005 and ISO 27001:2013.
• To understand its purpose in the context of information security.
• To develop a risk assessment and a risk treatment methodology through the application of the ISMS controls and to prepare a Statement of Applicability (SoA).
• To develop the mandatory documents as per the ISO 27001:2013 standard.
• To understand how to effectively establish, implement, maintain and continually improve the information security management system.