Most organisations have a number of information security controls. Without an ISMS, however, the controls tend to be somewhat disorganised and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention. Maturity models typically refer to this stage as “ad hoc”. The security controls in operation typically address certain aspects of IT or data security, specifically, leaving non-IT information assets (such as paperwork and proprietary knowledge) less well-protected on the whole. Business continuity planning and physical security, for example, may be managed quite independently of IT or information security while Human Resources practices may make little reference to the need to define and assign information security roles and responsibilities throughout the organization.
DOES YOUR COMPANY INVEST IN MISS-OUTS?
ISO/IEC 27001 requires that management:
- Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts;
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
BENEFITS FOR YOUR ORGANISATION
We offer a range of ISO 27001 training courses designed to help you achieve one of the most widely recognised IT security management systems worldwide – helping you to manage information risks and providing the required governance within an organisation.
COURSE DURATION: 2 DAYS
This course enables participants to learn about the best practices for implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2022, as well as the best practices for implementing the information security controls of the eleven domains of the ISO 27002. This training also helps to understand how ISO 27001 and ISO 27002 relate with ISO 27003 (Guidelines for the implementation of an ISMS), ISO 27004 (Measurement of information security) and ISO 27005 (Risk Management in Information Security).
WHO SHOULD ATTEND:
- Members of an information security team
- IT Professionals wanting to gain a comprehensive knowledge of the main processes of an Information Security Management System (ISMS)
- Staff involved in the implementation of the ISO 27001 standard
- Technicians involved in operations related to an ISMS
- Auditors
- CIO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
PRE-REQUISITE:
This is an introductory level of training to ISO 27001 and no prior knowledge of the ISO standard or management system is required. It is recommended that a minimum educational level of NQF level 4 (Matric) be attained to cope with the content
OUTCOME:
With the successful completion of this course the participant will be able to:
- Describe the implementation of an Information Security Management System in accordance with ISO27001
- Discuss the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
- Relate to the concepts, approaches, standards, methods and techniques allowing to effectively manage an Information Security Management System
- Acquire the necessary Knowledge to contribute in implementing an Information Security Management System (ISMS) as specified in ISO 27001
HOW WILL I BENEFIT?:
- ISO 27001 is an internationally recognised standard for the information security function of an organisation, covering all aspects of information security processes and functions within an organisations and defines the requirements of a competent information security management system.
COURSE VENUE:
Courses are presented at the DQS Head Office in Randburg, as well as major centres in South Africa.
ADDITIONAL INFORMATION:
- Certification and a (1 hour) exam fees are included in the price
- A student manual containing over 200 pages of information and practical examples will be distributed to participants
- A participation certificate of 14 CPE (Continuing Professional Education) credits will be issued to participant
- In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
COURSE DURATION: 5 DAYS
IMPLEMENTING AND MANAGING AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)
This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27001:2022. Participants will also gain a thorough understanding of best practices used to implement information security controls from all areas of ISO 27002. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems – Guidelines for Quality Management in Projects). This training is also fully compatible with ISO 27003 (Guidelines for the Implementation of an ISMS), ISO 27004 (Measurement of Information Security) and ISO 27005 (Risk Management in Information Security).
WHO SHOULD ATTEND:
- Project managers or consultants wanting to prepare and to support an organization in the implementation of an Information Security Management System (ISMS)
- ISO 27001 internal auditors who wish to fully understand the Information Security Management System implementation process
- CIO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
- Members of an information security team
- Expert advisors in information technology
- Technical experts wanting to prepare for an information security function or for an ISMS project management function
PRE-REQUISITE:
Previous attendance at an ISO 27001 Awareness or Introductory level course would be helpful. This course assumes the participant already has an introductory level of training in Information Security Management and is engaged in the introduction of an ISMS within their organisation or for a client..
OUTCOME:
With the successful completion of this course the participant will be able to:
- Describe the implementation of an Information Security Management System in accordance with ISO 27001
- Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an Information Security Management System
- Discuss the relationship between the components of an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
- Acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO 27001
- Acquire the necessary expertise to manage a team implementing ISO 27001
- Develop the knowledge and skills required to advise organizations on best practices in the management of information security
- Improve the capacity for analysis and decision making in the context of information security management
HOW WILL I BENEFIT?:
- Relate to the background and information security flow of the management of an ISMS approach.
- Realize the key importance of Information Security Management in a business operation and its impact on corporate governance.
- Be able to participate in the development of the documentation for the businesses’ ISO 27001:2022 processes.
COURSE VENUE:
Courses are presented at the DQS Head Office in Randburg, as well as major centres in South Africa.
ADDITIONAL INFORMATION:
- Certification and a (3 hour) exam fees are included in the price
- A participant manual containing over 450 pages of information and practical examples will be distributed to participants
- A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants
- In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
COURSE DURATION: 5 DAYS
MANAGING THE AUDIT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO 27001
This five-day intensive course enables participants to develop the necessary expertise to audit an Information Security Management System (ISMS) and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO 19011 the certification process according to ISO 17021.Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit.
WHO SHOULD ATTEND:
- Internal auditors
- Auditors wanting to perform and lead Information Security Management System (ISMS) certification audits
- Project managers or consultants wanting to master the Information Security Management System audit process
- CIO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
- Members of an information security team
- Expert advisors in information technology
- Technical experts wanting to prepare for an Information security audit function
PRE-REQUISITE:
It is recommended that delegates should have some prior knowledge of implementing an ISMS. A suggested minimum entry level would be a solid grounding in ISO 27001 fundamentals.
OUTCOME:
With the successful completion of this course the participant will be able to:
- Acquire the expertise to perform an ISO 27001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006
- Gain the necessary expertise to manage an ISMS audit team
- Describe the operation of an ISO 27001 conformant information security management system
- Discuss the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
- Improve the ability to analyse the internal and external environment of an organization, its risk assessment and audit decision-making
HOW WILL I BENEFIT?:
- Develop the expertise to perform an ISO 27001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006
- Successfully manage an ISMS audit team;
- Assist management in carrying out the process of continual improvement and changes necessary to assure good IT security business management and governance.
COURSE VENUE:
Courses are presented at the DQS Head Office in Randburg, as well as major centres in South Africa.
ADDITIONAL INFORMATION:
- Certification and a (3 hour) exam fees are included in the price
- A participant manual containing over 450 pages of information and practical examples will be distributed to participants
- A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to participants
- In case of failure of the exam, participants are allowed to retake the exam for free under certain conditions
COURSE DURATION: 5 DAYS
Information Security Management Systems (ISMS)
ISO 27001:2022 specifies requirements for an Information Security Management System (ISMS) where an organisation wants to demonstrate its ability to protect the confidentiality, integrity and availability of its information. No organisation can afford to ignore its legal and contractual obligations, and its reputation regarding information security. Implicit in the successful management of information security is the development of an effective management system. This internationally recognised standard aims to identify the requirements for information security management throughout the business. ISO 27001:2022 is applicable to all organisations, regardless of size, who want to implement systems to protect the confidentiality, integrity and availability of their information. This five-day course teaches you about the various clauses contained in ISO 27001:2022 and the benefits of having it implemented in your organisation. Our experienced tutors will guide you through ISO 27001 in detail, assisting you to
understand the importance of an ISMS and assist your organisation to implement and maintain the confidentiality, integrity and availability of its information.
WHO SHOULD ATTEND:
- ISMS Implementation teammembers
- Those who are looking to implement an information security management system in their organisation
- Specialist advisors tasked with implementing the ISMS
- Project leaders and consultants who give guidance to the organisation for the implementation of an ISMS
- Any individual requiring knowledge of ISO 27001 as an ISMS
PRE-REQUISITE:
No prior knowledge of the ISO standard or management system is required. It is recommended that a minimum educational level of NQF level 4 (Matric) be attained to cope
with the content.
OUTCOME:
With the successful completion of this course the participant will:
- Relate to the requirements of ISO 27001:2022 within the context of your company
- Describe information about the specific clauses within the standard
- Discover how to undertake performance improvement of the information security management system
- Establish the importance of ISO documentation
- Gain an overview of assessment and certification procedures
COURSE VENUE:
Virtual
ADDITIONAL INFORMATION:
- Min. and max. number of participants: 6 – 15 (virtual); 10 -20 (classroom).
- Adequate internet connectivity and hardware required for virtual training