-
Registered Students:
42
-
Duration:
--
-
Sections:
12
-
Difficulty Level:
Intermediate
- DESCRIPTION
- CURRICULUM
- FAQ
- ANNOUNCEMENT
ISO 27001 is an international standard published by the International Standardization Organization (ISO), and it describes how to manage information security in a company. The latest revision of this standard was published in 2013, and its full title is now ISO/IEC 27001:2013. The first revision of the standard was published in 2005, and it was developed based on the British standard BS 7799-2.
ISO 27001 can be implemented in any kind of organization, profit or non-profit, private or state-owned, small or large. It was written by the world’s best experts in the field of information security and provides a methodology for the implementation of information security management in an organization. It also enables companies to become certified, which means that an independent certification body has confirmed that an organization has implemented information security compliant with ISO 27001.
Learning Objectives
– Principles, concepts and the requirements of ISO/IEC 27001:2013.
– How to Develop an ISMS.
– ISO 27001:2013 Annex A.
Audience Profile
Those who need to know what ISO 27000 is all about.
Exam Details
– Format: Multiple choice
– Questions: 40
– Language: Spanish/English/Portuguese
– Pass Score: 24/40 or 60%
– Duration: 60 minutes maximum
– Delivery: This examination is available Online.
– Supervised: It will be at the Partner’s discretion
Certification Details
– Certification Type: Foundations
– Certification Code: I27001F
Prerequisites
There are no formal prerequisites for this certification.
-
1. Introduction and Background
History of the Standard
ISO/IEC 27001:2013 Structure
ISO 27000 Standard Family -
2. Key Concepts
General Information and Principles
Information Security
The Management System
ISMS Success Critical Factors
Benefits of the ISMS Family Guidelines -
3. Terms and Definitions (See Annex)
ISO/IEC 27001 Structure
PDCA and ISMS Deming Cycle -
4. Organizational Context
4.1 Understanding the Organization and its Context
25 Minutes Workshop: Determine the Organizational Context Using a SWOT Analysis Matrix
4.2 Understanding the Stakeholders Needs and Expectations
4.3 Determination of the Information Security Management System Scope
4.4 Information Security Management System
25 Minutes Workshop: Define ISMS Scope -
5. Leadership
5.1 Leadership and Commitment
5.2 Policy
5.3 Roles, Responsibilities and Authorities in the Organization -
6. Planning
6.1 Actions to Treat Risks and Opportunities
Risk Treatment Plan
6.1 Actions to Treat Risks and Opportunities
ISO 31000 Standard Structure Risk Management – Guidelines
25 Minutes Workshop: Define Statement of Applicability to Five Annex A Controls
6.2 Information Security Objectives and Achievement Planning
25 Minutes Workshop: Define Security Information Objectives -
7. Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented Information -
8. Operation
8.1 Planning and Operational Control
8.2 Information Security Risk Assessment
8.3 Information Security Risk Treatment
Risk Assessment and Treatment -
9. Performance Assessment
9.1 Follow up, Measure, Analysis and Assessment
9.2 Internal Audit
Audit
9.3 Direction Revision -
10. Improvement
10.1 Non-Conformity and Corrective Actions
10.2 Continuous Improvement
-
Annex 1: Terms and Definitions
25 Minutes Workshop: Revise Information Security Terms and Conditions
3.1 Access Control
3.2 Analytical Model
3.3 Attack
3.4 Attribute
3.5 Audit
3.6 Audit Scope
3.7 Authentication
3.8 Authenticity
3.9 Availability
3.10 Basic Measure
3.11 Competency
3.12 Confidentiality
3.13 Conformity
3.14 Consequence
3.15 Continuous Improvement
3.16 Control
3.17 Control Objective
3.18 Correction
3.19 Corrective Action
3.20 Data
3.21 Decision Criteria
3.22 Derived Measure
3.23 Documented Information
3.24 Effectiveness
3.25 Event
3.26 Top Management
3.27 External Context
3.28 Information Security Governance
3.29 Governance Body
3.30 Indicator
3.31 Information Needs
3.32 Information Treatment Resources (Facilities)
3.33 Information Security
3.34 Information Security Continuity
3.35 Information Security Event or Happening
3.36 Information Security Incident
3.37 Information Security Incident Management
3.38 Community that Shares Information
3.39 Information System
3.40 Integrity
3.41 Interested Party
3.42 Internal Context
3.43 ISMS Project
3.44 Risk Level
3.45 Likelihood
3.46 Management System
3.47 Measure
3.48 Measurement
3.49 Measuring Function
3.50 Measuring Method
3.51 Measuring Results
3.52 Supervision, Follow up or Monitoring
3.53 Non-Conformity
3.54 No-Rejection
3.55 Object
3.56 Objective
3.57 Organization
3.58 Outsourcing (Verb)
3.59 Performance
3.60 Policy
3.61 Process
3.62 Reliability
3.63 Requirement
3.64 Residual Risk
3.65 Revision
3.66 Revised Object
3.67 Revision Objective
3.68 Risk
3.69 Risk Acceptance
3.70 Risk Analysis
3.71 Risk Appreciation
3.72 Risk Communication and Search
3.73 Risk Criteria
3.74 Risk Assessment
3.75 Risk Identification
3.76 Risk Management
3.77 Risk Management Process
3.78 Risk Owner
3.79 Risk Treatment
3.80 Scale
3.81 Security Implementation Standard
3.82 Stakeholder
3.83 Threat
3.84 Top Management
3.85 Trusted Entity for the Communication of Information
3.86 Measuring Unit
3.87 Validation
3.88 Verification
3.89 Vulnerability
3.90 Information
3.91 Asset -
Conclusions
Conclusions
The course is self paced. This means that you can learn at your own time and schedule, while completing the program you receive both the attendance certificate and certification through online exams.
The Seminar Tuition fee is € 150 and you can pay through PayPal, Credit/Debit card or Bank deposit.
Who is CertiProf®?
CertiProf® is an Examination Institute founded in 2015, in the USA. Located in Sunrise, Florida.
Our philosophy is based on community knowledge, and for that purpose its collaborative network is
made up of:
• CKA’s (CertiProf Knowledge Ambassadors), are influential people in their fields of expertise or
mastery, coaches, trainers, consultants, bloggers, community builders, organizers and evangelists,
who are willing to contribute in the improvement of content
• CLL’s (CertiProf Lifelong Learners), Certification candidates are identified as Continuing Learner
proven their unwavering commitment to lifelong learning, which is vitally important in today’s
ever-changing and expanding digitalized world. Regardless of whether they win or fail the exam
• ATP’s (Accredited Trainer Partners), Universities, training centers and facilitators around the
world that make up the partner network
• Authors (co-creators), Industry experts or practitioners who, with their knowledge, develop
content for the creation of new certifications that respond to the needs of the industry
• Internal Staff, our distributed team with operations in India, Brazil, Colombia and the United
States that support day by day the execution of the purpose of CertiProf®