Information Security Training Program
ISO/IEC 27001 Lead Auditor
Agility Business Services ISO/IEC 27001 Lead Auditor course is designed to provide expert-level training on the Information Security Management System (ISMS) auditing approach based on ISO/IEC 27001 and ISO 19011 standards. The course equips trainees with practical knowledge of ISMS auditing and covers related concepts, processes, methods, and techniques in accordance with ISO 19011 guidelines for MS auditing. Overall, the course offers a comprehensive overview of ISMS auditing.
Course Outline
- Introduction to Information Security
- ISMS Overview
- IS Standards and Best Practices
- Context of the Organization
- Leadership
- Planning
- Support
- Operation
- Performance Evaluation
- Improvement
- Information Security Policies
- Organization of Information Security
- Human Resources
- Asset Management
- Access Control
- Cryptography
- Physical and Environmental Security
- Operations Security
- Communications Security
- System Development and Maintenance
- Supplier Relationships
- Information Security Incident Management
- IS Aspects of Business Continuity Management
- Compliance
- Auditing based on ISO 19011
- Types of Audit
- Audit Principles
- Auditor Behavior and Performance
- Auditor Roles and Responsibilities
- Creating an Audit Program
- Establishing Audit Program
- Audit Program Implementation
- Audit Program Monitoring and Reviewing
- Audit Initiation
- Audit Planning
- Audit Execution
- Reporting
- Follow Up Auditing
Learning Objectives
- Gain knowledge and understanding of information security, including principles, fundamental concepts, standards, best practices, and laws/regulations.
- Be familiar with ISO/IEC 27001 requirements and controls and describe their function and operation.
- Be familiar with ISO/IEC 27001 – Annex A controls, and explain their purposes and auditing methods.
- Gain knowledge and understanding and participate in ISMS auditing projects and related activities.
- Gain knowledge and understanding and conduct audit ISMS projects and related activities.
Target Audience
- CISO, CTO
- External and/or Internal Auditor
- Data Processor
- Security Analyst
- Information Security Expert, Analyst, Consultant, Manager, Technician, or Officer
