T 74v13 - E-learning - ISO 27001 training package - Readiness and audit of your ISMS version 2013

 T 24v13 ISO 27001 readiness version 2013

Discover the ISO 27001 standard version 2013 and

• its content
• its principles
• its requirements
• the stakes

Get used to

• information security approach
• information security management system (ISMS)
• process approach
• risk-based thinking
• information security terminology
• continual improvement

The important and fundamental elements of an information security management system

• information security approach (quality management principles, PDCA cycle)
• process approach (definitions, process types, mapping)
• context of the company (customer requirements)
• leadership of top management (commitments, responsibilities)
• planning of the ISMS (risks, actions, objectives)
• product realization and service provision (operational control, risk assessment and treatment)
• performance evaluation (monitoring, measure, analysis, internal audits, management review)
• improvement (nonconformities, corrective actions, continual improvement)
• controls (Annex A)

The menu of the course

• Presentation
• MCT Beginning (10 questions)
• 1 Information security
  • 1.1 History
  • 1.2 Scope
  • 1.3 Principles and steps
• 2 Standards, definitions, books
  • 2.1 Standards
  • 2.2 Definitions
  • 2.3 Books
• MCT Information security (9 questions)
• 3 Process approach
  • 3.1 Process
  • 3.2 Process map
  • 3.3 Process approach
• MCT Process approach (7 questions)
• 4 Context
  • 4.1 The organization and its context
  • 4.2 Needs and expectations of interested parties
  • 4.3 Scope
  • 4.4 ISMS
• Case Interested parties
• Case Customer and need
• Case Priority tasks
• Summary of clause 4
• MCT Context (7 questions)
• 5 Leadership
  • 5.1 Leadership and commitment
  • 5.2 Policy
  • 5.3 Roles, responsibilities and authorities
• Case New line
• Summary of clause 5
• MCT Leadership (7 questions)
• 6 Planning
  • 6.1 Actions to address risks
  • 6.2 Objectives
• Case New risk
• Case Risk treatment
• Case Risk register
• Summary of clause 6
• MCT Planning (9 questions)
• 7 Support
  • 7.1 Resources
  • 7.2 Competence
  • 7.3 Awareness
  • 7.4 Communication
  • 7.5 Documented information
• Case Communication
• Summary of clause 7
• MCT Support (7 questions)
• 8 Operation
  • 8.1 Operational planning and control
  • 8.2 Risk assessment
  • 8.3 Risk treatment
• Case Design review
• Case Process stability
• Summary of clause 8
• MCT Operation (6 questions)
• 9 Performance
  • 9.1 Inspection, analysis and evaluation
  • 9.2 Internal audit
  • 9.3 Management review
• Case Audit readiness
• Case Auditor question
• Case Audit program
• Case Audit report
• Case Management review
• Summary of clause 9
• MCT Performance (7 questions)
• 10 Improvement
  • 10.1 Nonconformity and corrective action
  • 10.2 Continual improvement
• Case Nonconformities
• Case Kaizen and problem
• Summary of clause 10
• MCT Improvement (8 questions)
• Annex A
• A.5-A.9 Information security organization
• Case Classification of information
• Case Password
• Summary of annexes A.5-A.9
• MCT Annexes A.5-A.9 (9 questions)
• A.10-A.13 Operational security
• Case Incident log
• Summary of annexes A.10-A.13
• MCT Annexes A.10-A.13 (7 questions)
• A.14-A.18 Protection of information systems
• Case Selecting suppliers
• Case Response to an incident
• Summary of annexes A.14-A.18
• MCT Annexes A.14-A.18 (8 questions)
• MCT End (20 questions)

T 44v13 ISO 27001 internal audit version 2013

Discover the internal audit in an ISO 27001 certified company and

• locate the audit in the information security approach
• identify the stakes
• understand the requirements
• control the tools

Get used to

• best practices
• good behavior
• the terminology
• the questionnaire
• the report

The important and fundamental elements of an internal audit

• scope
• normative references
• principles
• audit program (responsibilities, records)
• audit conducting (objectives, evidence, conclusions)
• auditor competence (knowledge, training)

The menu of the course

• Presentation
• MCT (multiple-choice test) Beginning (10 questions)
• 1 Scope
• 2 Normative references
• 3 Definitions
• 4 Principles
  • 4.1 Management principles
  • 4.2 Audit principles
  • 4.3 ISMS performance
• MCT Internal audit (7 questions)
• 5 Audit program
  • 5.1 General
  • 5.2 Objectives
  • 5.3 Risks
  • 5.4 Establishing
  • 5.5 Implementing
  • 5.6 Monitoring
  • 5.7 Reviewing and improving
• Case Audit program
• MCT Audit program (11 questions)
• 6a Audit preparation
  • 6.1 General
  • 6.2 Initiating
    • 6.2.1 First contact
    • 6.2.2 Situations and feasibility
  • 6.3 Preparing the audit
    • 6.3.1 Document review
    • 6.3.2 Audit plan
• Case Audit readiness
• MCT Audit preparation (8 questions)
• 6b Conduct an audit
  • 6.4 Audit activities
    • 6.4.1 Opening meeting
    • 6.4.2 Audit evidence
    • 6.4.3 Audit conclusions
  • 6.5 Audit report
  • 6.6 Completing the audit
  • 6.7 Audit follow-up
• Case Audit report
• Case Management review
• MCT Conduct an audit (8 questions)
• 7 Competence and evaluation of auditors
  • 7.1 General
  • 7.2 Auditor competence
  • 7.3 Evaluation criteria
  • 7.4 Evaluation methods
  • 7.5 Auditor evaluation
  • 7.6 Improving competence
• Case Auditor question
• MCT Auditor competence (7 questions)
• MCT End (20 questions)