Home | Press | Contact Us | Testimonials | Clients | Sitemap


Getting Started with ISO 27001 & 27002

The Standard for Information Security, Worldwide
A 1-day Workshop - Training Program Presented At Your Site

The gold standards for information security initiatives worldwide are:

  • ISO 27001
  • ISO 27002

The focus of this 1-day workshop - training program is on both these standards, the ISO 27001, Information security management systems requirements, and ISO 27002, Code of practice for information security management.

The ISO 27001 International Standard is about requirements related to security techniques for information technology and information security management systems. The ISO 27001 International Standard was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).

The adoption of an ISMS should be a strategic decision for an organization.

ISO 27002, an information security standard entitled Information technology - Security techniques - Code of practice for information security management, provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad (confidentiality, integrity and availability).

Bring this valuable 1-day ISO 27001 and 27002 workshop to your site today!

Learning Objectives

From this ISO 27001 & 27002 training program you will:

  • Examine the core requirements of the ISO 27001 standard.
  • Understand the core elements of an Information Security Management System (ISMS).
  • Review the PDCA model defined in the ISO 27001 standard.
  • Step through the core requirements of the Payment Card Industry (PCI) Data Security Standard (DSS).
  • Walk through several sample security policy templates that an organization may use to address regulatory requirements.
  • Understand how a Business Impact Analysis (BIA) helps an organization establish critical requirements for developing a comprehensive Business Continuity Management program.
  • Examine the clauses, categories, and controls defined in the ISO 27002 standard.

Target Audience

The 1-day ISO 27001 & 27002 training program is of value to compliance professionals and managers, security officers, security practitioners, privacy officers and senior IT professionals.

On-Site Training

The 1-day ISO 27001 and 27002 program is delivered worldwide, at the client's site. ecfirst will customize the session to meet your organization's specific requirements and time frames. Call ecfirst at 1.877.899.9974 x17 today to discuss details about the program.

Course Outline

Module 1: The ISO 27001 Standard

    • Introduction
    • Definition - ISMS
    • Scope
    • The PDCA Model
    • Framework Organization
      • Definition
      • Requirements

Case Study: Sample Information Security Policy Templates

Step through key sections of critical information security templates in-class. Review sample policy types and organization.

Use these templates to create or update your enterprise information security policies. Policies templates are influenced by the requirements of several regulations, including the ISO 27001 and 27002.

Module 2: The ISO 27002 Standard

    • Introduction
    • Scope
    • Introductory Clause
    • Clauses, Categories & Controls
      • Definition
      • Requirements

Case Study: Conducting a Business Impact Analysis (BIA) 

Step through key activities that organizations must conduct to complete a comprehensive Business Impact Analysis (BIA). Understand critical processes for a BIA initiative and identify areas that must be addressed in a BIA Report.

Reference Materials


ecfirst

ecfirst is passionate about developing and validating information security compliance knowledge. ecfirst, in business since 1999, was recognized as an Inc. 500 fastest growing privately held business in the United States in its first year of eligibility. ecfirst is an organization with deep hands-on experience in compliance and IT services.

ecfirst serves a Who's Who client list of over 1,400 that includes Principal Financial, numerous hospitals including Edward, Sherman, Condell, BSA, Mercy, Northwest Community, Samaritan and many others. State and county governments that have been trained by ecfirst include the State of Oregon, Iowa, and Illinois. U.S. government agencies that have participated in ecfirst training programs include the U.S. Department of Veterans Affairs, Air Force, Coast Guard, Homeland Security, Coast Guard and several others.

Disclaimer

This document is a guide to those interested in the ISO 27001 and 27002 training program. No representations or warranties are made by ecfirst that the use of this guide or any other associate publication will assure candidates of ISO certification.

Disclosure

Copyright © 2009 by ecfirst. Reproduction or storage in any form for any purpose is not provided without prior written permission from ecfirst. No other right or permission is granted with respect to this work. All rights reserved.

Contact Information

14225 University Avenue, Suite 240
Waukee, Iowa 50263, United States
Phone: +1.515.453.8247 x17
Fax: +1.515.453.8471

Email: Lorna.Waggoner@ecfirst.com

Web-site: www.ecfirst.com

Program Architect - Cyber Security & Compliance Expert

Uday Ali Pabrai, CISSP (ISSAP, ISSMP), Security+, is the chief executive of ecfirst, an Inc. 500 business. A highly sought after information security and Your browser may not support display of this image.regulatory compliance expert, he has successfully delivered solutions on compliance and information security to organizations worldwide.

Author of the forthcoming book, Precision Security, he developed a unique security methodology called, BizShield: The Seven Steps to Enterprise Security. BizShield today provides the framework for many security initiatives at client organizations worldwide.

Mr. Pabrai was the creator of the world's most successful Internet skills certification, CIW. Mr. Pabrai also established the industry's first certification program on HIPAA - Certified HIPAA Professional (CHP) and Certified HIPAA Security Specialist (CHSSTM). He also launched the Certified Security Compliance Specialist (CSCSTM) program. Mr. Pabrai is the co-creator of the Security Certified Program (SCP) – a program approved by the U.S. Department of Defense Directive 8570.1M and one of the industry's most comprehensive hands-on information security certification programs.

Mr. Pabrai has presented opening keynote and other sessions at several conferences, including ISSA, HCFA, HIPAA Summit, Microsoft Tech Forum (HIMSS), Internet World, DCI Expo, Comdex, Net Secure, Nurse Practitioners Conference, National Council for Prescription Drug Programs (NCPDP), HIMSS Midwest Conference, National Council for State Board of Nursing IT Conference, and many others.

He has delivered fast paced, high energy briefings in many cities worldwide including New Delhi, Bangalore and Mumbai (India), Tsukuba City (Japan), Dubai (UAE), Karachi and Lahore (Pakistan), London (UK), and across the United States.

Mr. Pabrai's clients have included hundreds of hospitals, long term care facilities, Microsoft, Kemin, Ernst&Young, Elkay, Intuit, Pella, Principal Financial, U.S. Naval Surface Warfare Center, U.S. Defense Intelligence Agency, U.S. Department of Veteran Affairs, as well as numerous federal, state and county governments.

His career was launched with the U.S. Department of Energy's nuclear research facility, Fermi National Accelerator Laboratory in Chicago. During his career, he has served as Vice Chairman and in several senior Officer Positions with NASDAQ-based firms. Mr. Pabrai is a member of the U.S. FBI InfraGard.

He can be reached at Pabrai@ecfirst.com or at +1.949.260.2030.