ISO/IEC 27002 - Manager


Summary

This three day intensive course enables participants to develop the expertise needed to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC 27002. Participants will also be given a thorough grounding in best practices used to implement information security controls from all areas of ISO/IEC 27002.
Participants will also be given a thorough grounding in best practices used to implement information security controls from all the areas of ISO/IEC 27002. This training is consistent with the project management practices established in ISO 10006 (Quality Management Systems - Guidelines for Quality Management in Projects).

 

Who should attend?

  • Managers or consultants wanting to implement an Information Security Management System (ISMS)
  • Project managers or consultants wanting to master the Information Security Management System implementation process
  • Persons responsible for the information security or conformity in an organization
  • Members of information security teams
  • Expert advisors in information technology
  • Technical experts wanting to prepare for an Information Security Audit function

 

Learning objectives

  • To understand the implementation of an ISMS
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS
  • To acquire the necessary expertise to support an organization implementing, managing and maintaining an ISMS
  • To acquire the necessary expertise to manage a team implementing ISO/IEC 27002

 

Course Agenda

Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO/IEC 27002

  • Course objective and structure
  • Standard and regulatory framework
  • Fundamental Principles of Information Security
  • Information Security Management System
  • Information security policies
  • Organization of information security
  • Human resource security

Day 2: Human resources, Asset Management and Access Control according to ISO/IEC 27002

  • Asset Management
  • Access Control
  • Cryptography
  • Physical and Environmental Security
  • Operations Security

Day 3: Operations and communications security and Certification Exam

  • Communications Security
  • System acquisition, development and maintenance
  • Supplier Relationships
  • Incident Management
  • Information Security Aspects of Business Continuity Management
  • Compliance
  • Golden Rules and Conclusion
  • Applying for certification and closing of the training
  • Certification Exam

 

Prerequisites

None

Educational approach

  • This training is based on both theory and practice:
    • Sessions of lectures illustrated with examples based on real cases
    • Practical exercises based on case studies
    • Review exercises to assist the exam preparation
    • Practice test similar to the certification exam
  • To benefit from the practical exercises, the number of training participants is limited

Examination and Certification

  • The “Certified ISO/IEC 27002 Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
    • Domain 1: Fundamental principles and concepts for Information Security Controls
    • Domain 2: Information Security Control Best Practice based on ISO/IEC 27002
      • Domain 2.1: Guidance for Information Security Controls
      • Domain 2.2: Evaluate the need and applicability of each control
  • The “Certified ISO/IEC 27002 Manager” exam is available in different languages (the complete list of languages can be found in the examination application form)
  • Duration: 2 hours
  • For more information about the exam, refer to PECB section on ISO/IEC 27002 Manager Exam
  • After successfully completing the “ISO/IEC 27002 Manager” exam, participants can apply for the credentials of Certified ISO/IEC 27002 Provisional Manager or Certified ISO/IEC 27002 Manager, depending on their level of experience
  • A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements related to the selected credential
  • For more information about ISO/IEC 27002 certifications and PECB certification process, refer to PECB section on ISO/IEC 27002 Manager Certifications

General Information

  • Exam and certification fees are included in the training price
  • A student manual containing over 350 pages of information and practical examples will be distributed to participants
  • A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to participants