35 CPE
About the Trainer
Eric Lachapelle (MBA, CISSP, CISA, CISM) CEO – He specializes in training and consulting services in information security, and more specifically on ISO 27001. He has over 15 years experience in the field of management and training in various countries, particularly in Asia and Latin America. Before creating the company Veridion, he was Director in charge of sales and strategic partnerships for the company Callio Technologies, which specializes in software development on information security. He holds a Bachelor's Degree in Anthropology, a Master's Degree in Business Administration (MBA) and a Master's Degree in International Management. Speaker at numerous symposiums and conferences, he is a trainer for the Standards ISO 27001, ISO 20000 and BS 25999. He is also a certified ISO 27001 Lead Auditor (RABQSA).
Live Class - Certified ISO 27001 Lead Implementer
This training is consistent with the good practices of project management established by the Project Management Institute (PMI) and ISO 10006:2003 (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO/IEC 27003:2009 (Guidelines for the Implementation of ISMS), ISO/IEC 27004:2009 (Measurement of Information Security) and ISO/IEC 27005:2008 (Risk Management in Information Security).
Why You Should Attend
This four-day intensive course enables the participants to develop an expertise to support an organization in implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2005. Participants will also master the best practices for implementing information security controls from the eleven areas of ISO/IEC 27002:2005.
Who Should Attend
Project manager or consultant wanting to prepare and to support and organization in the implementation of an Information Security Management System (ISMS)
ISO 27001 Auditor who wants to master the Information Security Management System implementation process
Person responsible for the information security or conformity in an organization
Member of the information security team
Expert advisor in information technology
Technical expert wanting to prepare for an information security function or for an ISMS project management function
Learning Objectives
Understanding the application of an Information Security Management System in the ISO/IEC 27001:2005 context
Mastering the concepts, approaches, standards, methods and techniques in allowing an effective management of an Information Security Management System
Understand the relationship between an Information Security Management System, including risk management and controls, and compliance with the requirements of different stakeholders of the organization
Acquiring expertise to support and organization in implementing, managing and maintaining an ISMS as specified in ISO/IEC 27001:2005 standard
Develop personal skills and knowledge required to advise organizations on best practices in management of information security
Improve the capacity for analysis and decision making in a context of information security management
Course Details
Day 1: Introduction to the management of an Information Security Management System (ISMS) based on ISO 27001 and launching an ISMS
Introduction to management systems and the process approach
Detailed presentation of the standards ISO/IEC 27001:2005, ISO/IEC 27002:2005 and ISO/IEC 27003:2009
Fundamental principles of Information Security
Preliminary analysis and determining the level of maturity of the existing management of the Information Security based upon ISO/IEC 21827:2008
Writing the business case and preliminary design of the ISMS
Developing a project plan of compliance to ISO/IEC 27001:2005
Day 2: Planning an ISMS based on ISO27001
Establishment of the Governance Framework
Definition of roles & responsibilities
Drafting of the ISMS policy
Defining the scope of the ISMS
Risk management according to ISO/IEC 27005:2008: identification, analysis and treatment of risk
Drafting the Statement of Applicability
Day 3: Launching and implementing an ISMS based on ISO27001
Implementation of a document management framework
Design of controls and writing procedures
Implementation of controls
Development of a training & awareness program and communicating about the information security
Incident Management according to ISO/IEC TR 18044:2004
Operations management of an ISMS
Day 4: Control, act and the certification audit of the ISMS according ISO 27001
Monitoring controls and the management of records
Development of metrics, performance indicators and the dashboard in accordance with ISO/IEC 27004:2009
Internal ISMS Audit
Management review of the ISMS
Implementation of a continuous improvement program
Preparing for the ISO/IEC 27001:2005 audit
Prerequisites
ISMS Foundation Training or a basic knowledge of ISO/IEC 27001:2005 and ISO/IEC 27002:2005 is recommended
What You Get
1. ISMS implementation toolkit as well as a student manual containing over 450 pages of information and practical
examples
2. Complimentary conference pass which includes lunches and coffee breaks (Worth $900)
3. Complimentary One Day Security Training on Oct 15 (Worth $799)
4. Lunch and two coffee breaks throughout the duration of the classes (Worth a minimum of $120)
Pricing
Register and pay by August 15, 2010: $2,135 per student
Register and pay after August 15, 2010: $2,435 per student
This class is brought to you by
