Risk, Compliance and Fraud Management
Implementing an ISO 27001 ISMS with Proteus Enterprise™
Course Description
Organisations today have an increased awareness of the value of information and perceive an increasing need to protect their information assets. An Information Security Management System (ISMS) is a risk management approach to maintaining the confidentiality, integrity and availability of the organization’s information. This five-day course leads you through a series of exercises following the requirements of ISO 27001:2005 for ISMS implementation; and the way Proteus Enterprise™ can streamline your management process to maintain the security and continuity of your operations. Understanding of key ISMS implementation stages is reinforced by exercises allowing hands-on experience of the leading information risk management suite.
You will learn practical information risk management techniques that cover the advice and requirements of the ISO 27000 series of standards for information security management; their relation to ISO 17799, BS7799 and BS 25999 for business continuity management; as well as future developments in best practice. The ISO 27000 series is an emerging body of international standards designed to help you maintain information security in your organization, replacing the ISO 17799 and BS 7799 standards. In the coming years, the ISO 27000 series will become a comprehensive body of documents providing a certification specification for information security management systems; a code of practice on security safeguards or controls; and a number of reference documents on implementation guidance, measurements or metrics, and risk management methodology.
Who Should Attend?
This is not a technical IT security course; it concerns information security management and the use of the Proteus Enterprise™ specialized software to streamline the management process. While it is suitable for managers from a wide range of disciplines, it is aimed at those tasked with improving information security management in your organization. Attendees should have a basic knowledge of information technology systems, and competence in using normal office software.
Course Structure
- Introduction to information security management systems (ISMS)
- Objectives of an ISMS
- ISO 27001:2005 and the ISO 27000 series of standards
- Use of Proteus Enterprise™ in assessing compliance with standards
- Defining the scope and boundaries of an ISMS
- Information security policy
- Information risk assessment
- Use of Proteus Enterprise™ in identifying the risks
- Use of Proteus Enterprise™ in analysing and evaluating the risks
- Information risk management
- Use of Proteus Enterprise™ in identifying control objectives and controls
- Use of Proteus Enterprise™ in developing and managing action plans
- Implementing and operating the ISMS
- Monitoring and reviewing the ISMS
- Maintaining and improving the ISMS
- Use of Proteus Enterprise™ in the day-to-day, Plan-Do-Check-Act activities of implementing, operating, monitoring, reviewing, maintaining and improving the ISMS
- Business continuity management
- Use of Proteus Enterprise™ in incident management and business continuity management
- Certification to ISO 27001:2005
Course Director
David Pye is Director – South East Asia / Pacific for Veridion Inc., the global distributors of the Proteus Enterprise™ risk management software, and has been commissioned by InfoGov to write and direct this course. He is trained in the British Standards Institution’s methodologies for both implementing and auditing information security management systems. With a background of World Bank, government and private technical project management around Asia since 1990, David specializes in planning and implementation. He works with a number of educational institutions and private training providers in the Asian region; maintains strategic partnerships with security practitioners around the world; participates in security and standards-related organizations, and has written occasional articles for the Singapore and Malaysia press. David is a member of the Singapore working group contributing to the development of the ISO 27000 series of standards.
Course Materials
David Pye’s information security management courses have been well received in India, Malaysia, Singapore, Sri Lanka, Sudan and Thailand. Some summary statistics of evaluations from course attendees by year are given in the table below.
 2004 |
2005 |
2006 |
|
| Instructor preparation | 92% | 95% | 91% |
| Instructor subject knowledge | 90% | 91% | 92% |
| Instructor teaching ability | 87% | 90% | 92% |
| Course content | 87% | 83% | 86% |
| Course Materials | 85% | 85% | 88% |
| Overall | 88% | 89% | 90% |
Comments from course attendees are given below.
“Thank you for all your efforts and exercises which make the session very exciting and valuable.”
“The course was well managed and presented in its entirety. I believe everyone benefited a lot.”
“The exercises allow hands-on experience and better understanding of the subject matter.”
“The consistent format of the presentation slides facilitates understanding of the topic.”
“The course is truly practical. I benefit a lot from diagrams, matrices and synopsis.”
“Best experiences: doing the exercises and presenting to the audience.”
“Good methodology, exercises and comprehensive handouts.”
“Competent on subject matter. Patient and understanding.”
“The trainer was able to present the concepts well.”
“Course is lively and interactive.”
“Excellent course.”
[Note: some comments edited for grammar and brevity]