Program Description
Information is always the most important asset to any organization, no matter how big or small it is. Nothing as valuable as the company’s own financial and technical data then protecting it plays crucial role to the organization. Therefore, Information Security Management Systems(ISMS) shall be the function in place to protect and in the end secure company’s information assets from potential risks inside and outside their organization.
Furthermore, the asset are in various format range from paper-based information to electronic or soft copy version. All-of-all, the implementation always depends on how the respective data is created, stored, archived and destroyed. The course emphasizes on how ISMS with ISO27001 could be used as an effective tool for establishing a robust information security (InfoSec) systems.
Program Objectives
In details, at the end of this training, participants will be able to:
- Have good knowledge on InfoSec Management, its technical and management controls
- Understand InfoSec standard and framework
- Have deep understanding on ISO27001
- Value stakeholder’s priorities and assets
- Commence required resource
- Document InfoSec plan and procedure
- Design InfoSec strategy
- Implement and maintain InfoSec Management Systems
- Understand InfoSec Management, its components and standards
Program Content
NO |
SESSIONS |
1 |
Commence InfoSec Management standard of ISO27001 |
2 |
Value security organization and policy |
3 |
Implement asset classification and control |
4 |
Elaborate personnel, physical and environmental security |
5 |
Understand segregation of duties and confidentiality agreements |
6 |
Assess access control and change control |
7 |
Commence privilege and password management |
8 |
Value incident management |
9 |
Identify implementation risks and success factors |
10 |
Conduct Gap Analysis |
11 |
Plan for continuous assessment |
Training Methodology
In order for effective learning and full appreciation, the course will be delivered with 30% of the time devoted to important concepts and other theory topics and 70% allotted for hands-on lab exercise and case studies. Training lead will be assisted by presentation slides and actual demonstrations for clear understanding and smooth follow-through during the sessions. Active participation will be encouraged through individual work and collaborative effort.
Targeted Participants
Officers, supervisors and managers or any personnel who are eager to understand, have the know-how, enhance, improve their skills and better practices in Information Security Management with ISO27001 within their organization.