At the end of the course you will be able to
1. Design and implement an ISMS complying with all the mandatory elements specified in the main body of ISO/IEC 27001,
2. Identify and assess the information security risks facing those parts of the organization that are declared in scope for your ISMS,
3. Systematically check and record the status of your security risks and controls,
4.Once your ISMS is operating normally, the metrics are looking good and you have amassed sufficient evidence , it can be formally audited for compliance with '27001 by an accredited certification body.
Where does ISO 27001 fit in?
ISO 27001 is the international standard that provides the specification for a best-practice ISMS and covers the compliance requirements.
While ISO 27001 offers the specification, ISO 27002 provides the code of conduct – guidance and recommended best practices that can be used to enforce the specification.
Benefits of an ISMS
An ISO 27001-compliant ISMS does more than simply help you comply with laws and win business. It a can also:
Respond to evolving security threats: Constantly adapting to changes both in the environment and inside the organisation, an ISMS reduces the threat of continually evolving risks.
Improve company culture: An ISMS’s holistic approach covers the whole organisation, not just IT. This enables employees to readily understand risks and embrace security controls as part of their everyday working practices.
Secure your information in all its forms: An ISMS helps protect all forms of information, whether digital, paper-based or in the Cloud.
Increase your attack resilience: Implementing and maintaining an ISMS will significantly increase your organisation’s resilience to cyber attacks.
Manage all your information in one place: An ISMS provides a central framework for keeping your organisation’s information safe and managing it all in one place.
Reduce costs associated with information security: Thanks to the risk assessment and analysis approach of an ISMS, organisations can reduce costs spent on indiscriminately adding layers of defensive technology that might not work.
Protect the confidentiality, availability and integrity of your data: An ISMS offers a set of policies, procedures, technical and physical controls to protect the confidentiality, availability and integrity of your information.