Training

ISMS Implementation Course

About the Course

Due to the accessibility of information technology, companies are forced to give attention to the security of their assets. One of the most important tendencies is the fading of the perimeters. Where companies used to have only an internal network, the internet pushed aside this “secure” way of doing business.

Apart from the interconnection of the different branches, third parties like suppliers and service providers also get access to the corporate network. The use of defense tools and the necessity for a good security strategy become more and more obvious.

Like in a building, the fundamentals of the creation of this security policy are of utmost importance. If those do not satisfy the norm, one can never achieve a stable and robust security. The fundamentals to create a security strategy are the Security Policies. Those policies are the guideline of the whole process, starting from the introduction of security to the deployment of an Information Security management System (ISMS).

This course gives a good overview of the different steps that have to be undertaken to achieve a robust implementation of an ISMS related to the ISO 27001:2005 standard. Whether aiming for certification, or using the standard as a guide, the course provides an in-depth analysis of the standard in a comprehensive and practical style.

Who Should Attend?

All personnel who have access to company information and/or associated assets: Departmental Managers, Security Managers and Staff, IT Managers, Human Resource Managers and Internal Auditors.

Duration

3 (three) days

Course Times

Day 1: 08:30 - 17:00
Day 2: 08:30 - 17:00
Day 3: 08:30 - 17:00

Course Fee

Early bird*: Rp 7,000,000
Normal: Rp 9,000,000

* Early bird valid until June 16th 2008

Course Content

General introduction to Security

  • What is information security?
  • Why security
  • What are the benefits?
  • Plan-Do-Check-Action Model

ISO 27001 Requirements

  • Security policies and objectives
  • ISMS framework
  • Risk assessment and methodology
  • Documentation requirements
  • Management responsibility
  • Resource management
  • Internal ISMS audit
  • Management Review of ISMS
  • ISMS improvement

Development of an ISMS

  • Identification of assets
  • Vulnerabilities and threats
  • Risk analysis & control objectives
  • Creation of documents
  • Statement of applicability
  • Documentation of the ISMS

Implementation Steps of the ISMS

  • Implement controls selected
  • Measuring the effectiveness of control
  • Monitor and review the ISMS
  • Maintain and improve the ISMS
  • Awareness and training
  • Measuring compliances to ISO 27001

Case Study

** Students should note that the course does require evening work