Foundation / Practitioner
The adoption of an Information Security Management System (ISMS) is a strategic decision driving the coordination of operational security controls across all of the organisation’s electronic and physical information resources.
ISO/IEC 27001:2013 is the most widely recognised international standard specifically aimed at information security management. It provides:
- globally-accepted best-practice framework for the protection
of information assets
- assurance to external customers who increasingly are demanding evidence of security and compliance.
This certificate course is fully accredited by APMG and is based on the most recent (2013) version of the ISO/IEC 27001 standard. It comprises both a Foundation and a Practitioner module which can be taken separately or combined, according to needs.
The Foundation module (2 days) is designed for anyone who needs an overview of the Standard and an appreciation of what comprises best practice in an Information Security Management System.
The Practitioner module (3 days) builds on this knowledge to give participants a deeper understanding about how to actually apply the standard for implementation, management and improvement.
ISO/IEC 27001 is the international standard that provides the basis for effective management of confidential and sensitive information and the application of information security controls.
It enables organisations to demonstrate excellence and prove best practice in information security management. Conformance with the standard requires commitment to continually improve control of confidential and sensitive information, providing reassurance to sponsors, shareholders and customers alike.
Certified individuals help their organisations to:-
- Adopt and demonstrate compliance with a structured, internationally recognised approach to information security management;
- Improve the storage, processing and transfer of business and customer information, protecting confidential and sensitive information;
- Achieve a competitive differentiator for tendering and procurement;
- Ensure information security practices are ready for the scrutiny of internal and external audits.
Benefits for Individuals
- Learn about best practice in Information Security Management and apply this within your organisation.
- Realise the scope and purpose of the standard and how it can be implemented within an organisation.
- Understand the key terms and definitions used in ISO/IEC 27001 to effectively roll out the principles.
- Leverage the fundamental ISO/IEC 27001 requirements for an ISMS to address the need to continually improve.
- Recognise the purpose of internal audits and external certification audits, their operation and the associated terminology.
- Apply your knowledge to business scenarios to enhance control of information. (Practitioner qualification only)
Benefits for Organisations
- Establish a structured approach to information security management to secure information assets.
- Improve information security through adoption of best practices.
- Gain a competitive differentiator when tendering for business contracts.
- Enhance reputation with the secure management of confidential and sensitive information.
- Demonstrate compliance with an internationally recognised standard and the ability to satisfy customer security requirements.
Who should attend
ISO/IEC 27001 certification is designed for management and support personnel involved in the design, delivery, maintenance and improvement of an ISMS and supporting resources, equipping them with an understanding of the application of this best practice, internationally-recognised standard.
This course will ensure delegates understand the value to the business of the ISO/IEC 27001:2013 standard. There is an in-depth review of the key concepts and activities needed to properly plan for the implementation, management and improvement of an Information Security Management System. The course also ensures a thorough understanding of associated activities, roles, responsibilities, challenges, risks and critical success factors:
- Best practice in Information Security Management and how to apply this within your organisation
- Scope and purpose of the ISO/IEC 27001 standard and how it can be implemented within an organisation
- Understand the key terms and definitions used in ISO/IEC 27001 to effectively roll out the principles
- Leverage the fundamental ISO/IEC 27001 requirements for an ISMS to address the need to continually improve
- Recognise the purpose of internal audits and external certification audits, their operation and the associated terminology
- Apply your knowledge to business scenarios to enhance control of information.
- Establish a structured approach to information security management to secure information assets
- Improve information security through adoption of best practices
- Understand how ISO/IEC 27001 provides a competitive differentiator when tendering for business contracts
- Build reputation with the secure management of confidential and sensitive information
- Demonstrate compliance with an internationally recognised standard and the ability to satisfy customer security requirements
Face-to-face classroom training
Fees A$ per person
ISO/IEC 27001 Foundation Module (2 days)
$1850 + gst
ISO/IEC 27001 Practitioner Module (3 days)
$2250 + gst
Combined 2-module course
$2960 + gst
Course fee includes:
- Course materials
- Lunch and all catering
- Foundation and/or Practitioner Exams
The Foundation qualification is a prerequisite for the Practitioner qualification. There is no pre-requisite for the Foundation qualification but a background in information security or service management would be an advantage.
- Multiple choice format
- 50 questions per paper
- 25 mark or more required to pass (out of 50 available) - 50%
- 40 minute duration
- Closed book
- Objective Testing
- 4 questions per paper with 20 marks available per question
- 40 marks or more required to pass (out of 80 available) - 50%
- 2½ hour duration
- Open book.