Delivered in either Live Online (4 days) or in our Classroom (5 days), the ISO/IEC 27001 Lead Auditor training enables you to develop the necessary expertise to support an organization in establishing, implementing, managing and maintaining an Information Security Management System (ISMS) based on ISO 27001. During this training course, you will acquire the knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process. About This Course Based on practical exercises, you will be able to master audit techniques and become competent to manage an audit program, audit team, communication with customers, and conflict resolution. After acquiring the necessary expertise to perform this audit, you can sit for the exam and gain the "ISO/IEC 27001 Lead Auditor' credential. By holding this Lead Auditor Certificate, you will demonstrate that you have the capabilities and competencies to` audit organizations based on best practices. The training course is based on both theory and best practices used in ISMS audits Lecture sessions are illustrated with examples based on case studies Practical exercises are based on a case study which includes role playing and discussions Practice tests are similar to the Certification Exam The course is delivered both as a Live Online or Classroom environment, as follows; Day 1: Introduction to Information Security Management Systems (ISMS) and ISO/IEC 27001 Day 2: Audit principles, preparation and launching of an audit Day 3: On-site audit activities Day 4: Closing the audit and Examination Learning Objectives Understand the operations of an Information Security Management System based on ISO/IEC 27001 Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks Understand an auditor's role to: plan, lead and follow-up on a management system audit in accordance with ISO 19011 Learn how to lead an audit and audit team Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit Acquire the competencies of an auditor to: plan an audit, lead an audit, draft reports, and follow-up on an audit in compliance with ISO 19011 The exam covers the following competency domains: Domain 1: Fundamental principles and concepts of an Information Security Management System (ISMS) Domain 2: Information Security Management System controls and best practices based on ISO/IEC 27002 Domain 3: Planning an ISMS implementation based on ISO/IEC 27001 Domain 4: Implementing an ISMS based on ISO/IEC 27001 Domain 5: Performance evaluation, monitoring and measurement of an ISMS based on ISO/IEC 27001 Domain 6: Continual improvement of an ISMS based on ISO/IEC 27001 Domain 7: Preparing for an ISMS certification audit Prerequisites A foundational understanding of ISO/IEC 27001 and knowledge of audit principles. What's Included? Refreshments & Lunch (Classroom only) Course Slide Deck Official Study Materials CPD Certificate The Exam Who Should Attend? Auditors seeking to perform and lead Information Security Management System (ISMS) certification audits Managers or consultants seeking to master an Information Security Management System audit process Individuals responsible for maintaining conformance with Information Security Management System requirements Technical experts seeking to prepare for an Information Security Management System audit Expert advisors in Information Security Management Our Guarantee We are an approved IECB Training Partner for all of our courses. You can learn wherever and whenever you want with our robust classroom and interactive online training courses. Our courses are taught by qualified practitioners with commercial experience. We strive to give our delegates the hands-on experience. Our courses are all-inclusive with no hidden extras. The one-off cost covers the training, all course materials, and exam voucher. Our aim: To achieve a 100% first time pass rate on all our instructor-led courses. Our Promise: Pass first time or 'train' again for FREE. *FREE training and exam retake offered Accreditation Assessment Delegates sit a combined exam, consisting of in-course quizzes and exercises, as well as a final 12 question, essay type exam on Day 4 of the course. The overall passing score is 70%, to be achieved within the 240 minute time allowance. Exam results are provided within 24 hours, with both a Certificate and a digital badge provided as proof of success. Provided by This course is Accredited by NACS and Administered by the IECB
Get 7.5 hours of videos and downloadable lecture slides for Certified Information Security Manager (CISM) Domain 2
Duration 3 Days 18 CPD hours This course is intended for This course is ideal for Professionals preparing to become CRISC certified. Risk practitioners Students or recent graduates Overview At course completions, students will understand the essential concepts in the 4 ISACA CRISC domains: Governance IT Risk Assessment Risk Response and Reporting Information Technology and Security This 3 Day CRISC course is geared towards preparing students to pass the ISACA Certified in Risk and Information Systems Control examination. The course covers all four of the CRISC domains, and each section corresponds directly to the CRISC job practice. CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyze, evaluate, assess, prioritize and respond to risks. This enhances benefits realization and delivers optimal value to stakeholders. GOVERNANCE - a. Organizational Governance Organizational Strategy, Goals, and Objectives Organizational Structure, Roles, and Responsibilities Organizational Culture Policies and Standards Business Processes Organizational Assets GOVERNANCE - b. Risk Governance Enterprise Risk Management and Risk Management Framework Three Lines of Defense Risk Profile Risk Appetite and Risk Tolerance Legal, Regulatory, and Contractual Requirements Professional Ethics of Risk Management IT RISK ASSESSMENT - a. IT Risk Identification Risk Events (e.g., contributing conditions, loss result) Threat Modelling and Threat Landscape Vulnerability and Control Deficiency Analysis (e.g., root cause analysis) Risk Scenario Development IT RISK ASSESSMENT - b. IT Risk Analysis and Evaluation Risk Assessment Concepts, Standards, and Frameworks Risk Register Risk Analysis Methodologies Business Impact Analysis Inherent and Residual Risk RISK RESPONSE AND REPORTING - a. Risk Response Risk Treatment / Risk Response Options Risk and Control Ownership Third-Party Risk Management Issue, Finding, and Exception Management Management of Emerging Risk RISK RESPONSE AND REPORTING - b. Control Design and Implementation Control Types, Standards, and Frameworks Control Design, Selection, and Analysis Control Implementation Control Testing and Effectiveness Evaluation RISK RESPONSE AND REPORTING - c. Risk Monitoring and Reporting Risk Treatment Plans Data Collection, Aggregation, Analysis, and Validation Risk and Control Monitoring Techniques Risk and Control Reporting Techniques (heatmap, scorecards, dashboards) Key Performance Indicators Key Risk Indicators (KRIs) Key Control Indicators (KCIs) INFORMATION TECHNOLOGY AND SECURITY - a. Information Technology Principles Enterprise Architecture IT Operations Management (e.g., change management, IT assets, problems, incidents) Project Management Disaster Recovery Management (DRM) Data Lifecycle Management System Development Life Cycle (SDLC) Emerging Technologies INFORMATION TECHNOLOGY AND SECURITY - b. Information Security Principles Information Security Concepts, Frameworks, and Standards Information Security Awareness Training Business Continuity Management Data Privacy and Data Protection Principles
Duration 3 Days 18 CPD hours This course is intended for The intended audience for this course is information security and IT professionals, such as network administrators and engineers, IT managers, and IT auditors, and other individuals who want to learn more about information security, who are interested in learning in-depth information about information security management, who are looking for career advancement in IT security, or who are interested in earning the CISM certification. Overview Establish and maintain a framework to provide assurance that information security strategies are aligned with business objectives and consistent with applicable laws and regulations. Identify and manage information security risks to achieve business objectives. Create a program to implement the information security strategy. Implement an information security program. Oversee and direct information security activities to execute the information security program. Plan, develop, and manage capabilities to detect, respond to, and recover from information security incidents. In this course, students will establish processes to ensure that information security measures align with established business needs. Prerequisites Information security governance Information risk management Information security program development Information security program management Incident management and response 1 - Information Security Governance Develop an Information Security Strategy Align Information Security Strategy with Corporate Governance Identify Legal and Regulatory Requirements Justify Investment in Information Security Identify Drivers Affecting the Organization Obtain Senior Management Commitment to Information Security Define Roles and Responsibilities for Information Security Establish Reporting and Communication Channels 2 - Information Risk Management Implement an Information Risk Assessment Process Determine Information Asset Classification and Ownership Conduct Ongoing Threat and Vulnerability Evaluations Conduct Periodic BIAs Identify and Evaluate Risk Mitigation Strategies Integrate Risk Management into Business Life Cycle Processes Report Changes in Information Risk 3 - Information Security Program Development Develop Plans to Implement an Information Security Strategy Security Technologies and Controls Specify Information Security Program Activities Coordinate Information Security Programs with Business Assurance Functions Identify Resources Needed for Information Security Program Implementation Develop Information Security Architectures Develop Information Security Policies Develop Information Security Awareness, Training, and Education Programs Develop Supporting Documentation for Information Security Policies 4 - Information Security Program Implementation Integrate Information Security Requirements into Organizational Processes Integrate Information Security Controls into Contracts Create Information Security Program Evaluation Metrics 5 - Information Security Program Management Manage Information Security Program Resources Enforce Policy and Standards Compliance Enforce Contractual Information Security Controls Enforce Information Security During Systems Development Maintain Information Security Within an Organization Provide Information Security Advice and Guidance Provide Information Security Awareness and Training Analyze the Effectiveness of Information Security Controls Resolve Noncompliance Issues 6 - Incident Management and Response Develop an Information Security Incident Response Plan Establish an Escalation Process Develop a Communication Process Integrate an IRP Develop IRTs Test an IRP Manage Responses to Information Security Incidents Perform an Information Security Incident Investigation Conduct Post-Incident Reviews
The “ISO 22301:2019 Lead Implementer ” course provides comprehensive training in the ISO 22301:2019 standard and all its requirements from the Implementer ’s point of view, as well as basic skills necessary to execute the requirements. It’s a practical-oriented training that should be considered “a must” for every ISO 22301:2019 Implementer. This intensive course is specifically designed to participants to serve as ISO 22301:2019 Lead Implementers.
Duration 4.125 Days 24.75 CPD hours This course is intended for The job roles best suited to the material in this course are: Project managers and consultants involved in and concerned with the implementation of an ISMS, expert advisors seeking to master the implementation of an ISMS, individuals responsible for ensuring conformity to information security requirements within an organization Overview Master the concepts, approaches, methods and techniques used for the implementation and effective management of an ISMS Learn how to interpret the ISO/IEC 27001 requirements in the specific context of an organization Learn how to support an organization to effectively plan, implement, manage, monitor and maintain an ISMS Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks Acquire the expertise to advise an organization in implementing Information Security Management System best practices This training course is designed to prepare you to implement an information security management system (ISMS) based on the requirements of ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement. Introduction to ISO/IEC 27001 and initiation of an ISMS Training course objectives and structure Standards and regulatory frameworks Information Security Management System (ISMS) Fundamental information security concepts and principles Initiation of the ISMS implementation Understanding the organization and its context ISMS scope Planning the implementation of an ISMS Leadership and project approval Organizational structure Analysis of the existing system Information security policy Risk management Statement of Applicability Implementation of an ISMS Documented information management Selection and design of controls Implementation of controls Trends and technologies Communication Competence and awareness Security operations management ISMS monitoring, continual improvement, and preparation for the certification audit Monitoring, measurement, analysis, and evaluation Internal audit h Management review Treatment of nonconformities Continual improvement Preparing for the certification audit Certification process and closing of the training course
Duration 3 Days 18 CPD hours This course is intended for Risk managersBusiness Process OwnersBusiness Finance ManagersBusiness Risk ManagersRegulatory Compliance ManagersProject ManagementPersons responsible for information security or conformity within an organization Overview To understand the concepts, approaches, methods and techniques allowing an effective risk managementaccording to ISO 31000To understand the relationship between the risk management and the compliance with the requirements ofdifferent stakeholders of an organizationTo acquire the competence to implement, maintain and manage an ongoing risk management program accordingto ISO 31000To acquire the competence to effectively advise organizations on the best practices in risk management In this three-day intensive course participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Day 1 Introduction to the Risk Management framework according to ISO 31000 Concepts and definitions related to Risk Management Risk Management standards, frameworks and methodologies Implementation of a Risk Management framework Understanding an organization and its context Day 2 Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO 31000 Risk identification Risk analysis and risk evaluation Risk treatment Risk acceptance and residual risk management Risk communication and consultation Risk monitoring and review Day 3 Risk assessment methodologies according to ISO 31000 and Certification Exam Presentation of risk assessment methodologies Certification Exam
This module aims to develop knowledge and understanding of customs procedures associated with international trade. The module includes trade agreements, tariffs and taxes, immigration, intellectual property rights, clearance procedures, transport regulations, sanitary and Phyto-sanitary measures, customs valuation, preference systems and anti-dumping measures.
During this training course, you will be able to understand the different modules of ISMS, including ISMS policy, procedures, performance measurements, management commitment, internal audit, management review and continual improvement. About This Course After attending this course, delegates will; Understand the basic concepts of Information Security Management Acknowledge the correlation between ISO/IEC 27001 and other standards and regulatory frameworks Understand the process approaches used to effectively manage Information Security Assessment Delegates sit a combined exam, consisting of in-course quizzes and exercises, as well as a final 40 question, multiple choice exam on Day 2 of the course. The overall passing score is 70%, to be achieved within the 150 minute time allowance. Exam results are provided within 24 hours, with both a Certificate and a digital badge provided as proof of success. Our Guarantee We are an Accredited Training Provider of IECB. You can learn wherever and whenever you want with our robust classroom and interactive online training courses. Our courses are taught by qualified practitioners with a minimum of 25 years commercial experience. We strive to give our delegates the hands-on experience. Our courses are all-inclusive with no hidden extras. The one-off cost covers the training, all course materials, and exam voucher. Our aim: To achieve a 100% first time pass rate on all our instructor-led courses. Our Promise: Pass first time or 'train' again for FREE. *FREE training offered for retakes - come back within a year and only pay for the exam. Accreditation Prerequisites Basic knowledge on Information Security Management is preferred. What's Included? Delegates will be provided with; Course Slide deck Participant Guide Exam fees Who Should Attend? Individuals interested in Information Security Management process approaches Individuals seeking to gain knowledge about the main principles and concepts of Information Security Management Individuals interested to pursue a career in Information Security Management Provided by This course is Accredited by NACS and Administered by theIECB
Overview This comprehensive course on Enterprise Risk Management and ISO 31000 Income will deepen your understanding on this topic. After successful completion of this course you can acquire the required skills in this sector. This Enterprise Risk Management and ISO 31000 Income comes with accredited certification from CPD, which will enhance your CV and make you worthy in the job market. So enrol in this course today to fast track your career ladder. How will I get my certificate? You may have to take a quiz or a written test online during or after the course. After successfully completing the course, you will be eligible for the certificate. Who is This course for? There is no experience or previous qualifications required for enrolment on this Enterprise Risk Management and ISO 31000 Income. It is available to all students, of all academic backgrounds. Requirements Our Enterprise Risk Management and ISO 31000 Income is fully compatible with PC's, Mac's, Laptop, Tablet and Smartphone devices. This course has been designed to be fully compatible with tablets and smartphones so you can access your course on Wi-Fi, 3G or 4G. There is no time limit for completing this course, it can be studied in your own time at your own pace. Career Path Learning this new skill will help you to advance in your career. It will diversify your job options and help you develop new techniques to keep up with the fast-changing world. This skillset will help you to- Open doors of opportunities Increase your adaptability Keep you relevant Boost confidence And much more! Course Curriculum 5 sections • 15 lectures • 02:13:00 total length •What is Risk and Risk Management?: 00:09:00 •Why Manage Risk?: 00:09:00 •Why Manage Risk?: 00:09:00 •Overview of ISO 31000 Principles, Framework and Process: 00:05:00 •Overview of COSO ERM 2013 Framework: 00:08:00 •Communication and Consultation: 00:05:00 •Establishing the Context: 00:03:00 •Risk Identification - Process and Tools: 00:16:00 •Risk Analysis - Process and Tools: 00:20:00 •Risk Evaluation - Process and Tools: 00:08:00 •Risk Treatment - Process and Tools: 00:12:00 •Monitoring and Review - Process and Tools: 00:09:00 •Risk Management Maturity and Aware Culture: 00:12:00 •Risk Managing Supply Chain Risk: 00:08:00 •Assignment - Enterprise Risk Management and ISO 31000: 00:00:00