1 Educators providing Courses delivered Live Online

  During this training course, you will acquire the knowledge and skills to plan and carry out internal audits in compliance with ISO 19011. About This Course   Based on a number of exercises, you will learn how to utilise audit techniques and become competent to manage an internal audit programme, communicate with customers, and manage conflict resolution. After acquiring the necessary expertise, you can sit for the exam and gain 'Certified ISO/IEC 27001: 2022 Internal Auditor' Certification. By holding this Certificate, you will demonstrate that you have the capabilities and competencies to audit organizations based on best practices. Learning objectives By the end of this training course, the participants will be able to: Explain the concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001: 2022 Analyse the ISO/IEC 27001: 2022 requirements for an ISMS from the perspective of an auditor Evaluate the ISMS conformity requirements Plan, conduct, and close an ISO/IEC 27001: 2022 compliance audit programme Assist an organisation in transitioning from ISO 27001: 2013 Deliver an ISO/IEC 27001: 2022 Internal audit programme Our approach This training is based on both theory and best practices used in ISMS audits Lessons are illustrated with examples based on case studies Practical exercises are based on a real world case study Practice tests are similar to the Certification Exam Course Overview Module 1 Foundational Audit principles and concepts of Information Security Management System (ISMS) Module 2 The Information Security Management System (ISMS) Module 3 ISO 19011 audit concepts and principles Module 4 Preparation of an ISO/IEC 27001 audit Module 5 Providing an ISO/IEC 27001 audit Module 6 Closing an ISO/IEC 27001 audit Module 7 Managing an ISO/IEC 27001 Internal audit programme Course Agenda Day 1: Introduction to the information security management system (ISMS) and ISO/IEC 19011 Day 2: Audit principles, preparation, and initiation of an audit Day 3: Audit activities, Closing the Audit and the Certification exam Accreditation Assessment   All candidates at official training courses are tested throughout their course with quizzes and exercises, in combination with a final exam held on the last day of the course. Both elements are a part of the overall score. For this course, the final exam constitutes a 10 question essay type which should be completed within 125 minutes. A passing score is achieved at 70%. Self-study candidates can purchase an exam voucher from our Store. Exam results are returned within 24 hours, with successful candidates receiving both a digital badge and a Certificate of Achievement Prerequisites     A general understanding of ISO/IEC 27001: 2022 and knowledge of audit principles.   Provided by   This course is Accredited by NACS and Administered by the IECB What's Included?   Refreshments & Lunch (Classroom courses only) Course Slide Deck Official Study Guides CPD Certificate The Exam Who Should Attend?   Auditors seeking to perform Internal Information Security Management System (ISMS) certification audits Managers or consultants seeking to master an Information Security Management System audit process Individuals responsible for maintaining conformance with Information Security Management System requirements Technical experts seeking to prepare for an Information Security Management System audit Expert advisors in Information Security Management

Duration 3 Days 18 CPD hours This course is intended for Security professionals. This module is intended for everyone who is involved in the implementation, evaluation and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification. Overview The module Information Security Management Professional based on ISO/IEC 27001 (ISMP.EN) tests understanding of the organizational and managerial aspects of information security.The subjects of this module are: Information security perspectives: business, customer, service provider/supplier Risk Management: analysis, controls, remaining risks Information security controls: organizational, technical, physical. Information security is the preservation of confidentiality, integrity and availability of information (ISO/IEC 27000 definition). Information security is gaining importance in the Information Technology (IT) world. Globalization of the economy is leading to an ever-increasing exchange of information between organizations (their staff, customers and suppliers) and an explosion in the use of networked computers and computing devices. The core activities of many companies completely rely on IT. Enterprise resource planning (ERP) management systems, the control systems that govern how a building runs or a manufacturing machine functions, day-to-day communications - everything - runs on computers. The vast majority of information - the most valuable commodity in the world - passes through IT. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. Companies and individual users of technology are also beginning to understand how important security is and are beginning to make choices based on the security of the technology or service. Information Security Perspectives The candidate understands the business interest of information security The canidate understands the customer perspective on governance The candidate understands the supplierïs responsibilities in security assurance Risk Mangement The candidate understands the principles of risk management The candidate knows how to control risks The candidate knows how to deal with remaining risks Information Security Controls The candidate has knowledge of organizational controls The candidate has knowledge of technical controls The candidate has knowledge of physical, employment-related and continuity controls

Duration 2 Days 12 CPD hours This course is intended for Die Zertifizierung EXIN Information Security Foundation based on ISO/IEC 27001 richtet sich an alle in der Datenverarbeitung tätigen Mitarbeiter. Das Modul eignet sich auch für kleine und mittelständische Unternehmer, die ein bestimmtes Grundwissen im Bereich der Informationssicherheit benötigen. Für Fachkräfte, die neu auf dem Gebiet der Informationssicherheit sind, ist dieses Modul ein guter Anfang. Overview Anwendungsbereich Mit einer Zertifizierung EXIN Information Security Foundation based on ISO/IEC 27001 können Professionals ihr Wissen in folgenden Bereichen nachweisen: Information und Sicherheit: der Begriff, der Wert, die Bedeutung und die Informationssicherheit Bedrohungen und Risiken: die Begriffe Bedrohung und Risiko und wie diese mit der Zuverlässigkeit von Informationen in Beziehung stehen Verfahren und Organisation: Sicherheitsrichtlinie und Sicherheitsorganisation einschließlich der Bestandteile der Sicherheitsorganisation sowie der Umgang mit (Sicherheits)vorfällen Maßnahmen: die Bedeutung von Sicherheitsmaßnahmen wie zum Beispiel physischen, technischen und organisatorischen Maßnahmen Gesetze und Vorschriften: die Bedeutung und Auswirkung von Gesetzen und Vorschriften ie EXIN-Module zum Thema Informationssicherheitsmanagement definieren Informationssicherheit wie folgt: Bei dem Informationssicherheitsmanagement geht es um die Definition, Umsetzung, Aufrechterhaltung, Einhaltung und Bewertung von koh„renten Kontrollen (Maánahmen), die die Verfgbarkeit, Integrit„t, und Vertraulichkeit der (manuellen und automatisierten) Informationsverarbeitung sichern. Das Modul EXIN Information Security Foundation based on ISO/IEC 27001 prft die Grundbegriffe der Informationssicherheit und ihre Beziehungen zueinander. Eine der Zielsetzungen des Moduls ist das Bewusstsein fr den Wert von Informationen zu wecken und ein Verst„ndnis fr die Schwachstellen der Informationsverarbeitung zu vermitteln, um zu verstehen, welche Maánahmen zum Schutz von Informationen notwendig sind. Information und Sicherheit Der Begriff Information Der Wert von Informationen Aspekte der Zuverl„ssigkeit Bedrohungen und Risiken Bedrohungen und Risiken Verfahren und Organisation Sicherheitsrichtlinie und Sicherheitsorganisation Bestandteile Incident Management Maánahmen Bedeutung von Maánahmen Physische Maánahmen Technische Maánahmen Organisatorische Maánahmen Gesetzgbeung und Vorschriften Gesetzgebung und Vorschriften