Course: ISO/IEC 27002 Compliance

Description:

The objective of this course is to provide delegates with the necessary skills to implement a corporate Information Security Management System (ISMS) framework that is compliant with the requirements of ISO/IEC 27002, UK Data Protection Act, EU Directive on Privacy, HIPAA Security, FFIEC, GLB Act, Sarbanes-Oxley Act (Security), FACT Act, PCI Data Security, California SB-1386, OSFI, PIPEDA, PIPA, Canadian Bill C-198 and meets certification requirements of ISO/IEC 27001.

Who should attend?

  • Staff tasked with ensuring compliance with UK Data Protection Act, EU Directive on Privacy, HIPAA Security, SOX Security, FFIEC, GLBA, California SB1386, FACT Act, PCI Data Security, NIST 800-53, OSFI, PIPEDA, PIPA, Canadian Bill C-168 and other regulations.
  • Information Security Consultants or Third Party Auditors.
  • Auditors (External and Internal).
  • Information Security Officers.
  • IT Managers/Directors.
  • Privacy/Compliance Officers.

Benefits to Your Business

  • Learn how to adopt international best practices pertaining to Information Security.
  • Take the knowledge and skills imparted during this exercise and use them to improve confidentiality, integrity and availability of information systems.
  • Gain competitive advantage.
  • Improve customer and investor confidence.
  • Show due diligence and due care.

Course Content

The course is designed for people who have a reasonable awareness of Information security management.

  • History of ISO/IEC 17799 / BS 7799 / ISO 27000 series.
  • Comparison of ISO/IEC 17799:2000 and ISO/IEC 27002:2005.
  • ISO/IEC 27001 certification requirements.
  • Determination of scope.
  • Identification of information assets.
  • Determination of the value of information assets.
  • Determination of risk.
  • Determination of policy(ies) and the degree of assurance required from controls.
  • Identification of control objective and controls.
  • Definition of polices, standards and procedures to implement the controls.
  • Production and implementation of policies, standards and procedures.
  • Completion of ISMS documentation requirements.
  • Establishment of Management Framework and Security Forum.
  • Audit and review of ISMS.
  • Case Studies.