ISO 27000 – Information Security Management System

Instructor by: Budi Sutedjo 09 – 12 Juni 2014, Jogjakarta Plaza Hotel, Yogyakarta DESCRIPTION This course has been designed to equip participants with the knowledge and skills needed to assess and report on the conformance and effective implementation of an information security management systems (ISMS) to protect organizations from risk. Those organizations that fail to operate coherent and comprehensive ISMS strategies leave themselves open to potential security failures. The purpose of the ISO 27000 Information Security Management Systems (ISMS) and to contribute to their continual improvement. The training helps you identify and control the threats an organization faces from any information security controls lapses and how to effectively put in place measures to address those risks. OUTLINE MATERI

1. Describe the responsibilities of an internal auditor and describe the role of internal audit in the maintenance and improvement of ISMS, in accordance with ISO 27000
2. Describe with reference to the Plan-Do-Check-Act (PDCA) cycle the requirements of ISO 27000
3. Explain the purpose and structure of ISO 27000
4. Plan and prepare for an internal audit, gather audit evidence through observation, interview and sampling of documents and records,
5. Write factual audit reports that help to improve the effectiveness of the ISMS
6. Suggest ways in which the effectiveness of corrective action might be verified

Training Method

• Presentation
• Discussion
• Case Study
• Evaluation

Facility

• Training Kit
• Handout
• Certificate
• Lunch + 2 X Coffee Break
• Souvenir
• Pick Up Participant