SUPPLY CHAIN SECURITY

ENERGY MANAGEMENT TRAINING

RISK MANAGEMENT TRAINING

INFORMATION SECURITY TRAINING

IT SECURITY MANAGEMENT

ISO 27001:2013

DOES YOUR COMPANY INVEST IN MISS-OUTS?

Most organizations have a number of information security controls. Without an ISMS however, the controls tend to be somewhat disorganized and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention. Maturity models typically refer to this stage as “ad hoc”. The security controls in operation typically address certain aspects of IT or data security, specifically, leaving non-IT information assets (such as paperwork and proprietary knowledge) less well protected on the whole. Business continuity planning and physical security, for examples, may be managed quite independently of IT or information security while Human Resources practices may make little reference to the need to define and assign information security roles and responsibilities throughout the organization.

ISO/IEC 27001 requires that management:

  • Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts;
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and

Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.

BENEFITS FOR YOUR ORGANIZATION:

We offer a range of ISO 27001 training courses designed to help you achieve one of the most widely recognised IT security management systems worldwide – helping you to manage information risks and providing the required governance within an organisation.

COURSE DURATION:  2 DAYS

This course enables participants to learn about the best practices for implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013, as well as the best practices for implementing the information security controls of the eleven domains of the ISO 27002. This training also helps to understand how ISO 27001 and ISO 27002 relate with ISO 27003 (Guidelines for the implementation of an ISMS), ISO 27004 (Measurement of information security) and ISO 27005 (Risk Management in Information Security).

WHO SHOULD ATTEND:

  • Members of an information security team
  • IT Professionals wanting to gain a comprehensive knowledge of the main processes of an Information Security Management System (ISMS)
  • Staff involved in the implementation of the ISO 27001 standard
  • Technicians involved in operations related to an ISMS
  • Auditors
  • CIO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks

PRE-REQUISITE:

This is an introductory level of training to ISO 27001 and no prior knowledge of the ISO standard or management system is required. It is recommended that a minimum educational level of NQF level 4 (Matric) be attained to cope with the content

OUTCOME:

With the successful completion of this course the participant will be able to:

  • Describe the implementation of an Information Security Management System in accordance with ISO27001
  • Discuss the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
  • Relate to the concepts, approaches, standards, methods and techniques allowing to effectively manage an Information Security Management System
  • Acquire the necessary Knowledge to contribute in implementing an Information Security Management System (ISMS) as specified in ISO 27001

HOW WILL I BENEFIT?:

  • ISO 27001 is an internationally recognised standard for the information security function of an organisation, covering all aspects of information security processes and functions within an organisations and defines the requirements of a competent information security management system.

COURSE VENUE:

Courses are presented at the DQS Head Office in Randburg, as well as major centres in South Africa.

ADDITIONAL INFORMATION:

  • Certification and a (1 hour) exam fees are included in the price
  • A student manual containing over 200 pages of information and practical examples will be distributed to participants
  • A participation certificate of 14 CPE (Continuing Professional Education) credits will be issued to participant
  • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

COURSE DURATION:  5 DAYS

IMPLEMENTING AND MANAGING AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001:2013. Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO 27002. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems – Guidelines for Quality Management in Projects). This training is also fully compatible with ISO 27003 (Guidelines for the Implementation of an ISMS), ISO 27004 (Measurement of Information Security) and ISO 27005 (Risk Management in Information Security).

WHO SHOULD ATTEND:

  • Project managers or consultants wanting to prepare and to support an organization in the implementation of an Information Security Management System (ISMS)
  • ISO 27001 internal auditors who wish to fully understand the Information Security Management System implementation process
  • CIO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of an information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an information security function or for an ISMS project management function

PRE-REQUISITE:

Previous attendance at an ISO 27001 Awareness or Introductory level course would be helpful. This course assumes the participant already has an introductory level of training in Information Security Management and is engaged in the introduction of an ISMS within their organisation or for a client..

OUTCOME:

With the successful completion of this course the participant will be able to:

  • Describe the implementation of an Information Security Management System in accordance with ISO 27001
  • Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an Information Security Management System
  • Discuss the relationship between the components of an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
  • Acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO 27001
  • Acquire the necessary expertise to manage a team implementing ISO 27001
  • Develop the knowledge and skills required to advise organizations on best practices in the management of information security
  • Improve the capacity for analysis and decision making in the context of information security management

HOW WILL I BENEFIT?:

  • Relate to the background and information security flow of the management of an ISMS approach.
  • Realize the key importance of Information Security Management in a business operation and its impact on corporate governance.
  • Be able to participate in the development of the documentation for the businesses’ ISO 27001:2013 processes.

COURSE VENUE:

Courses are presented at the DQS Head Office in Randburg, as well as major centres in South Africa.

ADDITIONAL INFORMATION:

  • Certification and a (3 hour) exam fees are included in the price
  • A participant manual containing over 450 pages of information and practical examples will be distributed to participants
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants
  • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

COURSE DURATION:  5 DAYS

MANAGING THE AUDIT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO 27001

This five-day intensive course enables participants to develop the necessary expertise to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according to ISO 17021.Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.

WHO SHOULD ATTEND:

  • Internal auditors
  • Auditors wanting to perform and lead Information Security Management System (ISMS)  certification audits
  • Project managers or consultants wanting to master the Information Security Management System audit process
  • CIO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of an information security team
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information security audit function

PRE-REQUISITE:

It is recommended that delegates should have some prior knowledge of implementing an ISMS. A suggested minimum entry level would be a solid grounding in ISO 27001 fundamentals.

OUTCOME:

With the successful completion of this course the participant will be able to:

  • Acquire the expertise to perform an ISO 27001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006
  • Gain the necessary expertise to manage an ISMS audit team
  • Describe the operation of an ISO 27001 conformant information security management system
  • Discuss the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
  • Improve the ability to analyse the internal and external environment of an organization, its risk assessment and audit decision-making

HOW WILL I BENEFIT?:

  • Develop the expertise to perform an ISO 27001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006
  • Successfully manage an ISMS audit team;
  • Assist management in carrying out the process of continual improvement and changes necessary to assure good IT security business management and governance.

COURSE VENUE:

Courses are presented at the DQS Head Office in Randburg, as well as major centres in South Africa.

ADDITIONAL INFORMATION:

  • Certification and a (3 hour) exam fees are included in the price
  • A participant manual containing over 450 pages of information and practical examples will be distributed to participants
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants
  • In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions

9 + 1 =

Address: Boskruin Village, Boskruin Office Park, Building no 5, Randburg, South Africa | Phone: +27 (0)11 787-0060 | Fax: +27 (0)11 787-0115 | Email: dqs@dqs.co.za

Business Hours: Mon-Thurs 8:00am-4:30pm | Fridays 8:00am-3:00pm