What is this course about

ISMS logo

ISO/IEC 27001 is an international standard that provides a framework for establishing an Information Security Management System (ISMS). The standard is designed to help organizations of all sizes and types to select suitable and proportionate security controls for information held electronically, on paper or other media. It provides a structured approach to help organizations work through their business processes, identify their information security weaknesses and create a tailored ISM that takes account of their business risks.

With a stunning adoption rate of 20 folds over the past 5 years, ISO/ IEC 27001 Information Security Management System (ISMS) is one of the most look-upon standards today. ISO/ IEC 27001, with normative references of ISO/ IEC 17799, sets out the requirements for a management system in information security and many ISMS certified companies have benefited from the standards.

What you will learn from this course

Unit 1: An Overview of Information Security Management

  • An overview of Information Security Management
  • Information security
  • History and develop of ISMS standards (ISO/IEC 27001)
  • PDCA model applied to ISMS processes
  • Interrelationships between ISO/IEC 27001 and ISO/IEC 27002

Unit 2: ISMS and PDCA (Plan-Do-Check_Act) process approach

  • How the information security management apply Plan-Do-Check-Act process approach and continual improvement mechanism
  • ISMS application and Scope
  • What are the minimal requirements of ISMS documentations

Unit 3: Legal compliance and conformance

  • What are the purpose and benefits of ISMS
  • What are the technical and legal compliance requirements of ISMS
  • What are the applicable legal or legislation requirements for corporate information security management

Unit 4: Introduction to Information security risk management process

  • How to manage the information assets
  • How to conduct how the information security risk assessment process

Unit 5: Introduction to the best practice of Information Security Management

  • How to use the security controls in ISO/IEC 27001, Annex A and ISO/IEC 27002
  • What are the Information Security Incident Management requirements
  • What the Information Security Business Continuity requirements

Unit 6: Improve your Data Center security by using ISMS

  • The security concept and scope of a Data Center
  • ISMS and Data Center Security
  • Data Center certification

How is the course conducted and what you will do  

This is a 2-day course that includes extensive explanations, case-studies and real-life samples of how each of the modules could be applied to real-world situation in enterprise business environments. Listed below is our teaching methodology

  • Highly interactive - you will learn via power-point presentations, presentations, group discussions and worksheets.
  • Highly practical and experiential learning examples.
  • Lively discussions and informative Q&A sessions.
  • Highly informative and practical course notes for reference.

The venue options are designed to provide maximum flexibility to our participants.

  • At Charleston Management Centre
  • On-site (applicable to min group size of 6)

ISO/IEC 27001 Foundation Course takes you through the fundamentals of the standard. Passing the exam provides proof that you understand the standard and are able to apply it in practice. The Foundation level exam assesses knowledge of the contents and high level requirements of the standard. It is a multiple-choice examination consisting of 50 questions to be completed in 40 minutes. Candidates must achieve 25 correct answers (50%) to pass. Taking the qualification provides you with confidence to work effectively with best practice guidelines in the sensitive area of information security. The ISO/IEC 27001 Foundation qualification gives them much sought after, demonstrable skills in information security management.

What should you have before enrolling for this course

Participants should have basic knowledge of Information Security. ISO/IEC 27001 Foundation Course is recommended for people who are working to implement or maintain an ISMS within an organization or whose role calls for them to manage and improve ISMS. It satisfies the need to have a thorough, basic understanding of the standard.

Each participant is also required to bring along a Laptop and installed it with Microsoft Office application suite (2010).

Who should attend this course

This training course is highly recommended for CIOs, IT Managers, System Analysts, IT Security Specialists, System Administrators, etc.

When should you enroll for the course

We conduct this class on monthly basis. We can start a class if we have a minimum of 6 students.

What is the progression path

After obtaining ISO27001 Certified ISMS Foundation, you may choose to progress to ISO27001 Certified ISMS Lead Implementer.

This course provides everything you need to plan, lead and implement a successful ISO27001 project.

How much you need to pay

RM1,500 per person. The fee includes tea-break and course notes. Full fee is required during registration.