Without a formal Information Security Management System (ISMS), organisations are left vulnerable and can struggle to achieve their businessgoals and protect their information assets.
ISO/IEC 27001 is the international standard that defines best practice for an ISMS. It is safe to say that this standard is the foundation of information security management and applies to any kind of organisation, private or government, profit or non-profit, small or large.
ISO/IEC 27001 provides a reliable framework for protecting against cyber crime, improving corporate governance, and recovering from accidents.
The latest update to the ISO 27001 standard was published in October 2013 and replaces ISO 27001:2005 as the pre-eminent international standard.
• Introduction to Information Security Management Systems (ISMS)
• History of ISO 27001 and 27002 standards
• What is “Information” and “Information Assets”
• Information Security and ISMS concepts
• Why should you choose ISO/IEC 27001:2013 for implementing an ISMS
• Context of the organisation
• Leadership and commitment
• Planning, including Risk identification and treatment processes
• Support and Operation
• Performance evaluation, including Internal Audit and Management Review
• Annex-A: Control objectives and controls
• Statement of Applicability
• Five-phase approach as recommended by ISO 27003
• Scope of ISMS implementation
• Documentation requirements
• High-level transition guidance for moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013
• Critical success factors of a successful an Information security program
Fees HK$ per person
|ISO 27001 Overview||Contact ALC for fees.|