PECB Certified ISO/IEC 27001 Lead Implementer
ISO/IEC 27001 Lead Implementer training course enables participants to acquire the knowledge necessary to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an information security management system (ISMS).
Information security threats and attacks increase and improve constantly. The best form of defence against them is the proper implementation and management of information security controls and best practices. Information security is also a key expectation and requirement of customers, legislators, and other interested parties.
This training course is designed to prepare participants in implementing an information security management system (ISMS) based on ISO/IEC 27001. It aims to provide a comprehensive understanding of the best practices of an ISMS and a framework for its continual management and improvement.
After attending the training course, you can take the exam. If you successfully pass it, you can apply for a “PECB Certified ISO/IEC 27001 Lead Implementer” credential, which demonstrates your ability and practical knowledge to implement an ISMS based on the requirements of ISO/IEC 27001.
Target audience and prior prerequisites:
- Managers or consultants involved in and/or concerned with the implementation of an information security management system in an organization
- Project managers, consultants, or expert advisers seeking to master the implementation of an information security management system; or individuals responsible to maintain conformity with the ISMS requirements within an organization
- Members of the ISMS team
The main requirement for participating in this training course is having a general knowledge of the ISMS concepts and ISO/IEC 27001.
Technology needed for the course: Computer with internet browser.
Those who do not have the necessary computer can rent it by agreement with BCS Training. Please inform the training company in advance.
Program:
- Day 1: Introduction to ISO/IEC 27001 and initiation of an ISMS implementation
- Training course objectives and structure
- Standards and regulatory frameworks
- Information security management system based on ISO/IEC 27001
- Fundamental concepts and principles of information security
- Initiations of the ISMS implementation
- Understanding the organization and its context
- ISMS scope
- Day 2: Implementation plan of an ISMS
- Leadership and project approval
- Organizational structure
- Analysis of the existing system
- Information security policy
- Risk management
- Statement of Applicability
- Day 3: Implementation of an ISMS
- Selection and design of controls
- Implementation of controls
- Management of documented information
- Trends and technologies
- Communication
- Competenece and awareness
- Management of security operations
- Day 4: ISMS monitoring, continual improvement, and preparation for the certification audit
- Monitoring, measurement, analysis and evaluation
- Internal audit
- Management review
- Treatment of nonconformities
- Continual improvement
- Preparation for the certification audit
- Closing of the training course
This training course contains essay-type exercises, multiple-choice quizzes, examples, and best practices used in the implementation of an ISMS.
The participants are encouraged to communicate with each other and engage in discussions when completing quizzes and exercises.
The exercises are based on a case study.
The structure of the quizzes is similar to that of the certification exam.
Study methods: You can participate in the study by joining the training through the online environment. Instructions will be sent to you prior to the training.
The volume of training is 32 hours incl. 21 hours of practical exercises in the training environment.
By the end of this training course, the participants will be able to:
- explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001;
- interpret the ISO/IEC 27001 requirements for an ISMS from the perspective of an implementer;
- initiate and plan the implementation of an ISMS based on ISO/IEC 27001, by utilizing PECB’s IMS2 Methodology and other best practices;
- support an organization in operating, maintaining, and continually improving an ISMS based on ISO/IEC 27001;
- prepare an organization to undergo a third-party certification audit.
After the training participant can take the international certificate exam which is included in the price of the course.
Assessment criteria: After successfully passing the exam, you can apply for one of the credential leading you to the international certification. You will receive the ISO/ IEC 27001 certification once you comply with all the requirements related to the selected credential.
Completion of training: A graduate of the training receives a course certificate if one performs all the practical exercises given during the training. Participants who have not achieved the learning outcomes will be issued a certificate of participation in the training upon request.
Trainer:
Dr Andro Kull received his PhD degree from University of Tampere (Finland) in 2012. During 2012-2015 he worked part time at Tallinn University, Institute of Informatics as a lecturer preparing and leading IT risk management and information security courses for IT management master students. Starting 2015, he joined Tallinn University of Technology as a lecturer for course Information and Cyber Security Assurance in Organisations under international cyber security master program. His research interests are connected with information security management discipline and include IT risk analysis, information security governance, IT auditing and information security assurance aspects, but also business continuity planning and critical infrastructure protection. Andro has around 15 years practical work experience in public sector as IT specialist and IT manager, in financial sector as IT auditor and in energy sector as IT risk manager.
The price includes:
- Training
- Training materials in pdf
- Exam voucher for the certification exam
- Personal consultation by the trainer via email after the training on the topics learned