This training provides a deep understanding of planning, building, maintaining and improving an ISMS based on the ISO/IEC 27000 series and leads to the recognized certification as “ISO/IEC 27001 Information Security Officer”.

Main Topics

As a formal specification of the standard, ISO/IEC 27001 defines and includes the requirements for an information security management system:

• Introduction to the Information Security Management System (ISMS)
• Leadership and support
• Planning and operation
• Evaluation of performance and improvement
• Measures and objectives

Goals

The objective of the ISO/IEC 27001 Practitioner course is to provide persons involved in the implementation of the ISO/IEC 27001 standard with the following capabilities:

• understand the scope, objectives, key terminology and high level requirements of the ISO/IEC 27001 standard and how this is used in an organization to implement and maintain an information security management system.
• exhibit the competences required for the foundation qualification
• demonstrate that they can apply ISMS concepts to achieve the requirements of ISO/IEC 27001 and supporting standards within an organizational context
• assist and advise organizations in the achievement of conformance to ISO/IEC 27001 and certification
• understand, explain and advise on issues regarding applicability and scope definition
• understand and explain the relationship between ISO/IEC 27001 and supporting standards and how these can be used to support the achievement of certification to ISO/IEC 27001
• explain the relationship between the ISMS policy, objectives, processes and control
• apply the principles of risk management and appropriate treatments and controls to reduce business risk, support business objectives and improve information security
• identify and apply appropriate corrective actions to maintain ISMS compliance with ISO/IEC 27001
• analyze and evaluate deployed risk treatments and controls to assess their effectiveness and opportunities for improvement
• analyze and evaluate the effectiveness of the ISMS scope, objectives, policies and processes to continually improve the suitability, adequacy and effectiveness of the ISMS
• understand, create, apply and evaluate documentation required by ISO/IEC 27001

Requirements

In order to be able to take the “Information Security Officer” certificate, you need the “ISO/IEC 27001 Foundation” certificate, which you can acquire in this course. An ISO/IEC 27001 Foundation certification from TÜV SÜD Akademie as well as the ICO-CERT ISMS 27001 Foundation is also recognized. A copy of the certificate is required for exam registration.

Target Audience

This training is aimed at security specialists, in particular

• Internal managers and employees who work on the introduction, maintenance and operation of an ISMS within an organization
• External consultants who support an organization in the implementation, maintenance and operation of an ISMS
• Internal auditors, who must have applied knowledge of the standard

Certificate

ISO/IEC 27001 Practitioner – Information Security Officer Certificate, awarded by APMG

Exam language English / German

Teaching Materials

Teaching material in English includes:

• Student workbook
• Training-slides
• Exam simulator
  

The standard “ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems” is provided and used for training purposes in the course but cannot be handed in for copyright reasons.

Execution

• Class with max. 15 participants
• Can be performed with the following simulation:
  
  • Ocean’s99 – a Cyber Resilience Simulation