Training in Information Security Management
- Tel: 01-8079746
Training in Information Security Management
The purpose of our management training is to provide the learner with the skills and knowledge necessary to identify those assets which are vulnerable to threats to information security and to effectively manage the threats and risks posed to an organisation’s information. Information is critical to the operation and perhaps even the survival of an organisation. Being certified and trained to the ISO 27001:2013 standard will help you to manage and protect your valuable information assets. The standard is designed to ensure the selection of adequate and proportionate security controls. This helps you to protect your information assets and to provide the necessary confidence to any interested third parties and / or clients.
The following Information security management training as prescribed by ISO 27001 is considered in the context of the Data Protection Act 2003 and the nine OECD principles for the Security of Information Systems and Networks.
Who should Attend this Course
ISO 27001:2013 training is suitable for any individual or organisation, large or small and in any sector. The standard is particularly suitable where the protection of information is critical, such as in the finance, legal, health, public and IT sectors.
ISO 27001:2013 training is also highly effective for organisations which manage information on behalf of others, such as IT outsourcing companies, and document or information management organisations: it can be used to assure customers that their information is being protected.
There are no entry requirements. This training may be attended by any persons with an interest in Information Security or those working in a systems management or audit function, to include general management, quality management, IT or associated activities.
All QMS Solutions trainings are tailored to the specific training needs of the learner given their specific roles, responsibilities and training objectives. Training manuals are developed in consultation with the learner and / or client to ensure our trainings are practical in terms of the organisations needs now and into the future. Training manuals and course content are based on industry best practice, OECD principles, applicable legislation / regulatory requirements, FETAC criteria and international standards (ISO 27001).
As Quality Management Consultants the emphasis when developing management systems and subsequent provision of training is always customer / client focused.
Topics covered within our information security management modules include the following;
- Introduction to ISO 27001:2013
- Overview of the standard
- Structure and content of the standard
- Scope, description and application
- Establishing and Implementing an Information Security Management System (ISMS)
- Define the scope and boundaries
- Formulating policy
- Defining the risk assessment approach of the organisation
- Identify the risks
- Analysing and evaluating the risks
- Identifying and evaluating options for the treatment of risks
- Selecting and establishing control objectives
- Obtaining management approval and authorisation
- Preparing the statement of applicability
- Defining Individuals roles, responsibilities and authority towards Information Security Management
- Monitoring and reviewing the ISMS
- Defining and executing monitoring and reviewing procedures
- Reviewing the effectiveness of the ISMS
- Measuring the effectiveness of controls
- Reviewing risk assessments
- Internal ISMS Audits
- Management reviews of the ISMS
- Record actions and events
- Identify improvements
- Corrective/preventative action
- Communication of actions and improvements to all interested parties
- Ensuring that improvements achieve their intended objectives
- Management Responsibility and commitment with regard to the IS system
- Resource Management
- ISMS Improvement
- Continual Improvement
- Security Policy
- Organisation of Information Security
- Asset Management
- Human Resources Securit
- Physical & Environmental Security
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Information Security Incident Management
- Business Continuity Management
- OECD principles
- Risk Assessment
- Security Design and Implementation
- Security Management
- Data Protection Act, 2003
Training methodologies include the use of case studies, sample documentation / templates, and questionnaires. All learners are supplied with training manuals and supporting process documentation. Trainings are interactive in that learners are encouraged through the use of the above resources to participate and therefore, contribute their views and opinions based on their own experience.
The duration of the training course is subject to client specification and learner objectives. Minimum course duration is two days.
Two day training is charged @ €1500 and €90 per participant thereafter. Minimum Daily Rates Apply.
All learners are awarded a Certificate of Achievement on successful completion of the course.