Latest News

Information Security Management System (ISMS) Based on ISO 27001/2 Training and Examinations


Course Overview                     Click to Fill the Form Online

ISO 27001 formally defines the mandatory requirements for an Information Security Management System (ISMS). It uses ISO 27002 to indicate suitable information security controls within the ISMS, but since ISO 27002 is merely a code of practice/guideline rather than a certification standard, organizations are free to select and implement other controls, or indeed adopt alternative complete suites of information security controls as they see fit. ISO 27002 is a code of practice – a generic, advisory document, not a formal specification such as ISO 27001. It recommends information security controls addressing information security control objectives arising from risks to the confidentiality, integrity and availability of information. Organizations that adopt ISO 27002 must assess their own information security risks, clarify their control objectives and apply suitable controls (or indeed other forms of risk treatment) using the standard for guidance.

 Benefits of ISO 27001:2013 Training includes the following:

  • Adopting the best framework for complying with information security legal, regulatory and contractual requirements.
  • Better organizational image because of the certification or benchmarking issued by a professional body.
  • Proof that senior management is committed to the security of the organization, including customer’s information.
  • Directed focus on reducing the risks for information that is valuable for the organization.
  • It provides a common goal.
  • Optimized operations within the organization because of clearly defined responsibilities and business processes.
  • It builds a culture of security.

Outcome: The objective of this training is to equip the participants with practical experience based on the best practices in Information Security Management System (ISMS) based on ISO 27001:2013.

 Who Should Attend

This interactive and practical training is designed for senior executives involved in information management, policy and strategy formulation, and implementation including Head of Departments, Finance Officers, Information Officers, Technology Officers, Chief Information Security Officers, Internal Auditors, Quality Assurance Officers and Line Managers.

Scope of the Training: The training is based on the information security framework which provides an essential tool for managing security using the following security controls (or safeguards) that are to be used to improve security of information:

  1. Information security policies
  2. Organization of information security
  3. Human resources security
  4. Asset management
  5. Access control
  6. Cryptography
  7. Physical and environmental security
  8. Operational security
  9. Communications security
  10. System acquisition, development and maintenance
  11. Supplier relationships
  12. Information security incident management
  13. Information security aspects of business continuity management
  14. Compliance

Training Details

This training employs blended mode of delivery including presentations, case studies, discussions and hand-on practice which provide the participants with a greatly interactive pedagogy. Coupled with our regionally renown facilitators’ rich experience both in the industry and academia, it will be an invaluable opportunity for those responsible for information handling and management. The two days training will run from 22nd to 23rd November 2016, 0900 hrs to 1600 hrs.

Training Cost:                       Kshs. 30,000 + VAT

Examinations Cost:              Kshs. 19,200

Venue:                                   Acacia Premier, Kisumu, Kenya.

Telephone:         +254 20 2527160, +254 701 32 99 77, 0789 344 322

E-mail:                 info@cictgov.co.ke

Click to Fill the Form Online