Introduction to Information Security Management Systems (ISMS)

An Information Security Management System (ISMS) is a controlled approach to managing sensitive company information so that it remains secure.
This course provides an in-depth examination of the business implications of the International Standard for International Security Management (ISO 27001:2005)

 

 

Internal Auditor ISO/IEC 27001:2005 Information Security Management Systems

The course aims to provide guidance and practical experience in planning, executing, and reporting Information Security Management System Audits.

Suitable for:

 

ISMS Auditor / Lead Auditor

This course prepares delegates for the qualification process for ISO 27001:2005 and trains them to plan, manage and implement the audit programme.  It also empowers them to give practical help and information to those who are working towards compliance and certification.

Suitable for:

ISO 27001 : 2005 ISMS Implementation

The objective of this course is to provide delegates with the necessary skills to implement an ISMS that is compliant with the requirements of ISO 17799 and meets the certification requirements of ISO 27001: 2005. The course will provide delegates with a framework for implementation.

Suitable for:

 

Business Continuity Planning

This detailed course for those staff in any organisation that have been tasked with implementing business continuity in their organisation. The current international standard for this is ISO 25999.

The course covers the following:

 

Security in Outsourcing – a Practical Approach

This course will show the user where outsourcing can fill a valuable role in the IT Director’s toolkit and how to maximise benefits from outsourcing. You will be taken through the outsourcing life cycle from the initial management decision to outsource through the negotiation stage to the implementation and management stage. A range of management solutions and checklists are introduced which will enable you to control the outsourcing process.

Who Should Attend:

 

Employee Vetting

Surveys have shown that most employee frauds are carried out by individuals whom, if they had gone through an effective screening process at the time of their original application, would not have been employed because of the discrepancies uncovered.  Basic employee screening or pre-employment vetting of applicants, organisations can reduce the risk of financial loss, fraudulent use of material or information, the misuse of staff time and harm to their reputation.  Employers need to ensure that the people they employ have genuine qualifications and experience. The need for efficient employee screening does not end with protection from dishonesty or harm to reputation. It also affords company directors a higher degree of protection from the likelihood of corporate liability claims.

Who Should Attend:

 

Initial Steps in Digital Forensics

The rise of computer related crime has created a need for more qualified examiners in computer forensics analysis. This course examines the theoretical part of investigations, forensic laboratories, maintaining a chain of custody, forensics tools and report writing. The second part of the course provides an overview of popular forensic tools and has a case study where the students have to search for public domain tools to recover the evidence. A chain of custody has to be maintained and a report written covering the case from initial contact to final recovery.

The following should attend:

 

Overview of Digital Forensics

This course delivers a brief overview of digital forensics for management staff. A case relating to a security breach can be lost before it is investigated if the evidence is tainted or corrupted; management must understand that digital evidence has to be handled properly. The course covers what digital forensics can and cannot do for an organisation.

Who Should Attend:

We can deliver a structured training programme that can help your organisation achieve compliance with ISO 27001 and ISO 27002, the International Standards for Information Security and Implementation.

Why ISO 27001 and 27002?

When an organisation adopts these standards, it will gain:

• a common basis for developing organisational security standards;
• an effective security management practice;
• a source of differentiation between competing organisations when tendering for business;
• the opportunity to make significant savings of up to 20% in professional indemnity and other types of insurance payments once your organisation is compliant with ISO27001 / 27002.

For some of our training, you may be able to obtain credit towards an MSc in Risk Management from Napier University. If you would like further details of this option, please contact us