ISO/IEC 27001 provides a model for creating, implementing, exercising, auditing, maintaining and improving an information security management system. The structure and implementation of the system are based on the needs, objectives, information values, security requirements, processes and other characteristics of an organization.

Main Topics

As a formal specification of the standard, ISO/IEC 27001 defines and comprises the requirements for an information security management system:

• Information Security Management System
• Management responsibility
• Internal ISMS audits
• Management audit of the ISMS
• ISMS Optimization
• Control objectives and controls

The Foundation Training in ISMS according to ISO/IEC 27001 will teach you what an ISMS is and which minimum requirements companies should strive for in connection with ISO/IEC 27001. You will be trained to know and understand the explained terms and concepts.

Goals

The participants understand the scope, objectives, key terminology and high requirements of the ISO/IEC 27001 standard as used in an information security organization and the main elements of the certification process. In particular, they learn:

• The scope and purpose of ISO/IEC 27001 and how it can be used
• The key terms and definitions used in the ISO/IEC 27000 series
• The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement
• The processes, their objectives and high level requirements
• Applicability and scope definition requirements
• Use of controls to mitigate IS risks
• The purpose of internal audits and external certification audits, their operation and the associated terminology
• The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.

Requirements

No formal requirements

Target Audience

Internal and external persons who fulfill a role in the area of information security management or have an interest in this standard, even if the company itself is not (yet) certified: executives, management representatives, security officers, information security managers/officers, employees of the audit department, IT managers, IT consultants.

Certificate

ISO/IEC 27001 Foundation Certificate, awarded by APMG

Exam language English / German

Teaching Materials

Teaching material in English includes:

• Student workbook
• Training-slides
• Exam simulator
  

The standard “ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems” is provided and used for training purposes in the course but cannot be handed in for copyright reasons.

Execution

• Class with max. 15 participants
• Can be performed with the following simulation:
  
  • Ocean’s99 – a Cyber Resilience Simulation