This Objective of this course is to equipped students with knowledge and skills required to perform audits of information security management system against ISO 27001:2005 and National International specification, standards, statutory requirements and regulations using the principles of ISO 19011.
The Objective of this course is to provide students with an over view of the purpose and requirements of ISO 27001:2005 as a tool for business improvement
By the end of this course, participants will be able to:
• Complete knowledge of the purpose of a Information security management system and explain the process involved in establishing, implementing, operating, monitoring, reviewing and improving ISMS including significance of these for ISMS Auditors.
• Learn the purpose content and interrelation ship if ISO 27001:2005, ISO/IEC 13335 Part 1 and 2 and the legislative framework relevant to ISMS.
• Interpret the requirements of ISMS 27001 in the context of an audit.
• Effectively plan and conduct an audit of the management in operation of an organization in accordance with requirements of ISO 27001 audit criteria and ISO 19011.
• Report the audit including writing valid, factual and value adding non conformity reports and undertake audit follow-up activities, including evaluating the effectiveness of Corrective and Preventive actions.
• Plan, perform, conduct and follow up an audit in accordance with ISO 19011 and through analysis of ISO 27001.
• IT and corporate security managers
• Corporate governance managers
• Risk and compliance managers
• Information security consultants