Indonesian Youth Tech Summit 2020

LEAD IMPLEMENTER ISO 27001:2013

Why should you attend?

During this training course, you will also gain a thorough understanding of the best practices of Information Security Management Systems to secure the organization`s sensitive information and improve the overall performance and effectiveness.

After mastering all the necessary concepts of Information Security Management Systems, you can  sit for the exam and apply for a “PECB Certified ISO/IEC 27001 Lead  Implementer” credential. By holding a PECB Lead Implementer Certificate, you will be able to demonstrate that you have the practical knowledge and professional capabilities to implement ISO/IEC

27001 in an organization.

Who should attend?

• Managers or consultants involved in Information Security Management
• Expert   advisors   seeking   to   master   the   implementation   of   an   Information   Security
• Management System
• Individuals responsible for maintaining conformance with ISMS requirements
• ISMS team members

Learning objectives

• Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002 and other standards and regulatory frameworks
• Master the concepts, approaches, methods and techniques used for the implementation and effective management of an ISMS
• Learn  how  to  interpret  the  ISO/IEC  27001  requirements  in  the  specific  context  of  an organization
• Learn how to support an organization to effectively plan, implement, manage, monitor and maintain an ISMS
• Acquire  the  expertise  to  advise  an  organization  in  implementing  Information  Security
• Management System best practices

Educational approach

This training is based on both theory and best practices used in the implementation of an ISMS Lecture sessions are illustrated with examples based on case studies

Prerequisites

A   fundamental   understanding   of   ISO/IEC   27001   and   comprehensive   knowledge   of implementation principles.

Course Agenda

Introduction  to  Information  Security  Management  System  (ISMS)  concepts  as required by ISO/IEC 27001; Initiating an ISMS

Introduction to management systems and the process approach

Presentation  of  the  standards ISO/IEC 27001, ISO 27002 and ISO 27003  and regulatory framework

Fundamental principles of Information Security

Preliminary analysis  and  establishment of the level of the maturity level of  an  existing information security management system based on ISO 21827

Writing a business case and a project plan for the implementation of an ISMS

Planning the implementation of an ISMS based on ISO/IEC 27001

Defining the scope of an ISMS

Development of an ISMS and information security policies

Selection of the approach and methodology for risk assessment

Risk management: identification, analysis and treatment of risk (drawing on guidance from

ISO/IEC 27005

Drafting the Statement of Applicability

Implementing an ISMS based on ISO/IEC 27001

Implementation of a document management framework Design of controls and writing procedures Implementation of controls

Development of a training & awareness program and communicating about the information security

Incident management (based on guidance from ISO 27035) Operations management of an ISMS

Day 1

Rundown Pelatihan Lead Implementer ISO 27001:2013

13:00 – 13:30: Registrasi Ulang/Absensi

13.30 – 13:50: Pre-Test

13:50 – 15:00: In Class Training Part 1

15:00 – 15:15: Ice Breaking & Comfort Break

15:15 – 16:00: In Class Training Part 2

16:00 – 16:30: Workshop End of Day 1

Course :

• Introduction to management systems and the process approach
• Presentation of the   standards ISO/IEC 27001, ISO 27002 and ISO 27003   and regulatory framework
• Fundamental principles of Information Security
• Preliminary analysis and  establishment of the level of the maturity level of an  existing information security management system based on ISO 21827

Day 2

13:00 – 13:30: Registrasi Ulang/Absensi

13.30 – 13:50: Pre-Test

13:50 – 15:00: In Class Training Part 1

15:00 – 15:15: Ice Breaking & Comfort Break

15:15 – 16:00: In Class Training Part 2

16:00 – 16:30: Workshop End of Day 2

Course:

• Writing a business case and a project plan for the implementation of an ISM
• Defining the scope of an ISMS
• Development of an ISMS and information security policies
• Selection of the approach and methodology for risk assessme

Day 3

13:00 – 13:30: Registrasi Ulang/Absensi

13.30 – 13:50: Pre-Test

13:50 – 15:00: In Class Training Part 1

15:00 – 15:15: Ice Breaking & Comfort Break

15:15 – 16:00: In Class Training Part 2

16:00 – 16:30: Workshop End of Day 3

Course :

• Risk management: identification, analysis and treatment of risk (drawing on guidance from ISO/IEC 27005
• Drafting the Statement of Applicability
• Implementation of a document management framework Design of controls and writing procedures
• Design of controls and writing procedures

Day 4

13:00 – 13:30: Registrasi Ulang/Absensi

13.30 – 13:50: Pre-Test

13:50 – 15:00: In Class Training Part 1

15:00 – 15:15: Ice Breaking & Comfort Break

15:15 – 16:00: In Class Training Part 2

16:00 – 16:30: Workshop End of Day 4

Course :

• Implementation of controls
• Development of a training & awareness program and communicating about the information security
• Incident management (based on guidance from ISO 27035)
• Operations management of an ISMS