Developing an Information Security Management System
Today, information is key. For success, it is necessary to have the right information at the right time.
Unfortunately, information is prone to various risks, and the consequences of information loss, leak or theft may be very dire. Loss of information may impact not only the company image, competitive edge or financial liquidity, but also business continuity. It must also be remembered, that information processed in organizations fall under the regulations of the law, such as business confidentiality, personal data and classified information protection duties. Therefore, every organization must have an overriding goal to protect this information. That is why we fight crackers, spies, thieves, viruses and worms. We buy a leading edge hardware firewall with intrusion detection systems, a complex alarm system, anti-virus, anti-spyware, and anti-spam software. The reality is unfortunately such, that we buy nothing more but a deceptive sense of security. All protection, even the best and the most expensive, is useless, if a user tempted by the promise to see an interesting image, despite all the messages and warnings popped up by anti-virus software, opens an infected attachment. All protection is useless, if an employee talks about key business issues in the corridor, or passes important information over the phone to someone who claims to be a representative of technical support. Unfortunately, this is human nature: curiosity, inquisitiveness, inattention, sometimes overly trust, and many times simply foolishness. Various studies seem to confirm this, stating that the weakest link in the security system is the human factor. More than two thirds of all security breach incidents are caused by human error, often made by an employee of an internal organization. What may we do in such a situation? Unfortunately, there is currently no single easy way to handle all these issues. Skillful human resource management is the key, and so is implementing the right procedures, regulations, orders and prohibitions. But how to do it skillfully, so that no opposite effect is reached? Clearly prohibitions tempt many to break them! If you want to:
This training course aims to present key knowledge about developing and implementing an Information Security Management System (ISMS), compliant with the ISO/IEC 27001 and ISO/IEC 17799 standards. The course is not only about theoretical knowledge. The trainer interweaves theory with examples of real-life cases from various businesses. Special attention is also paid to most frequent mistakes. The participants will also be able to participate in a discussion and exchange their own experiences concerning information security. As part of the training course, participants will also receive:
After the training course is completed, participants will have a chance to take an exam and obtain an ISecMan Security Engineer Title for “Developing an Information Security Management System according to standards ISO/IEC 27001 and ISO/IEC 17799”.
It
is also worth mentioning, that the methodology presented during the
training course is based on a process approach, and a four-phase PDCA
(Plan-Do-Check-Act) model, which will definitely help those, who are
familiar with quality management systems (ISO 9001) or software
testing, assimilate the presented knowledge.
Participant Comments – what they liked about the training course? Most frequent answers:
|
