ISO 27001: Information Security Management System

Course Code: IS 01 (Introduction to ISMS (ISO 27001))                                                  Duration: 01 Day


This course is designed to provide knowledge and awareness about ISMS to organizations related to IT Solutions, Information and Network System Development and Security Implementation, Financial Institutes, Banking, Database Management, Telecommunication, Military / Defense

Primary Objectives

At the end of course, delegates will be able to:

  • Understand and Interpret the requirements of ISO 27001 standard with clarity
  • Conduct initial Gap Analysis at respective organizations

Course Contents

  • Major requirements of ISO 27001:2005 Standard
  • How information can be secured.
  • Information Security Assets identification and evaluation
  • Confidentiality, Integrity & Availability (CIA)
  • Defining the Scope & Policy of ISMS
  • Documentation Requirements : Policies, Procedure , Security Manual etc
  • Risk Assessment/Risk Evaluation/Risk Management
  • Business Continuity Planning
  • Disaster Recovery
  • Network Security
  • System Security

Course Code: IS 02 (Advance Training on ISO 27001)                                                 Duration: 03 Days


  • To provide clear understanding  of ISO 27001:2005 standard requirements
  • To provide clear understanding of Applicable Control Objectives & Controls
  • To develop ISMS professionals for Certification as Lead Implementers and help their organization to maintain Information Security

Course Contents

Information Security Management System:

  • Detailed interpretation of requirements of ISO 27001:2005
  • Code of practice for information security based on best practices
  • Control objectives and related controls for information security

Asset Identification and Valuation:

  • What are your information assets
  • How do you evaluate in terms of classification and significance
  • How to secure your information assets

Physical Security:

  • How to secure your work place , equipment and personnel

Human Resource Security:

  • Prior to employment ;  During employment ; Change of employment

Risk Management (Risk Assessment & Evaluation):

  • Identification of Threats & Vulnerabilities
  • Identification & Evaluation of Risks
  • Determine significance of  risks & their impact
  • How to mitigate risks
  • Treatment of risks and residual risk acceptability
  • Statement of applicability

Business Continuity & Disaster Recovery:

  • Scope of BCP and Team Selection
  • Critical Operations Identification
  • Disaster  Recovery Planning
  • Disaster Recovery Site
  • Testing and Maintaining BCP & DR Site

Networks Security:

  • To ensure the protection of information in networks and the protection of the supporting infrastructure

Course Code: IS 03 (RISK MANAGEMENT (Based on ISO 27001))                                                 Duration: 01 Day


At the end of course, delegates will be able to:

  • Understand and Interpret the requirements of Risk Management with clarity
  • Conduct initial Risk Analysis at respective organizations

Course Contents

  • Basic concepts behind Risk, Threat and Vulnerability
  • Performing a Risk Assessment
  • Methodologies to calculate Risk Factor
  • Developing a Risk Treatment Plan
  • Defining Risk rating criteria
  • Modification of the Risk
  • Corrective and Preventive measures
  • Identification of information assets
  • Determination of the value of information assets
  • Identification of control objective
  • Individual and Group Exercises
  • Includes Practical Exercises of Asset Valuation, Risk Treatment Plan and Case Study Analysis