Information Security

Our digital footprint continues to expand exponentially as organizations now store more information about individuals and record our interactions. Managing how that information is stored, shared, accessed and controlled is complex, complicated to manage and prone to risk.

Risk isn’t restricted to the digital domain either as breaches can occur in unexpected ways such as photographs of highly sensitive information being captured by the press and publicized, to devices with private data becoming lost or stolen.  

Organizations today need to be equipped to manage the security of their information or risk exposing themselves to culpability, criminality and liability.

ISO/IEC 27001:2013 is the current international standard that sets out the requirements to establish, implement and continually improve an information security management system.

A management system based on this standard will take into account the needs and objectives of the organization, the security requirements, the business processes, the size and structure of the organization and it can adapt to changes in these areas over time.

An effective management system will also enhance stakeholder confidence when looking at a business’s ability to adequately protect its information assets.

Our courses follow a structure to help you familiarize yourself with the standard in the Requirements course to learning how to implement an ISMS in an organization. To check your ISMS conforms with the standard, we can teach you how to audit or lead a team to conduct the auditing of it. We also have courses for individuals and lead auditors handling the transition from the previous version of the standard, ISO/IEC 27001:2005 to the current version, ISO/IEC 27001:2013.

 

Training Courses

  1. Information Security Management Systems (ISMS) Training Course: Requirements of ISO/IEC 27001:2013
    Setting up an ISMS can be as simple or as sophisticated as your organization needs it to be. However, even knowing where to start when considering setting up an ISMS can be challenging.

    In this one day course, our expert tutors will explain the requirements of the current standard to help you understand how it could apply to your organization and the potential benefits of adopting it.

    You will therefore be better prepared to carry out an implementation of an ISMS that conforms to the current standard, as the background, updated concepts, principles, terms and definitions used in ISO/IEC 27001:2013 are fully explained and discussed.

    The requirements course will also help you understand how the standard works in preparation for attending the internal and lead auditing training courses.
  2. Information Security Management Systems (ISMS) Training Course: Implementing ISO/IEC 27001:2013
    In this three day course, our experienced tutors teach you how to consider the state of your organization’s current information security management practices in preparation to put in an ISMS.

    You should already have a good understanding of the requirements of the current standard and our tutors will tap into that knowledge so that you can develop your skill and understanding of the practicalities involved when setting up a typical management system framework that conforms with ISO/IEC 27001:2013.

    This will enable you to play a key role in ensuring your organization is compliant to ISO/IEC 27001:2013.

    ISO/IEC 27001:2013 provides the model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS to protect your information assets.

    After attending this course, you will be in a position to use this model and be able to develop an ISMS suitably appropriate for your organization.
  3. Information Security Management Systems (ISMS) Training Course: Lead Implementer ISO/IEC 27001:2013
    In this five day course, our experienced tutors teach you everything you need to know to be able to set up an ISMS that conforms to ISO/IEC 27001:2013 in an organization.

    You will cover the requirements of the standard and consider the state of your organization’s current information security management practices in preparation to put in an ISMS.

    We will help you develop your skills and understanding of the practicalities involved when setting up a typical management system framework that conforms with the standard. This includes learning how to set up policies, processes and procedures for your ISMS.

    Additionally, you will also focus on developing your project management ability to lead a team with the implementation of an ISMS in your business. This can be crucial if your ISMS will need to scale throughout your organization.

    An examination is held on the final day and successful delegates will be awarded the BSI Lead Implementer certificate.     

    After attending the course and passing the examination, you will be able to play a pivotal role in ensuring your organization can set up an ISMS that is compliant to ISO/IEC 27001:2013.
  4. Information Security Management Systems (ISMS) Training Course: Internal Auditor ISO/IEC 27001:2013
    In this two day course, our expert tutors will teach you how to plan, execute and report on an audit of an ISMS in an organization assessing its conformance withISO/IEC 27001:2013.

    You should already have a good understanding of the requirements of the current standard, and our tutors will expand on your existing knowledge to help you develop the specialized skill and expertise to conduct an internal audit.

    We’ll show you how to manage the entire process end-to-end from initiating an audit to reporting on the assessment and conducting a follow-up.

    Your learning will rapidly develop using a balance of theory and practical activity, so that you can apply your knowledge effectively during an audit. 
  5. Information Security Management Systems (ISMS) Auditor/Lead Auditor Training Course (BS ISO/IEC 27001:2013)
    In this five day course certified to IRCA* guidelines, our experienced tutors will teach you how to lead, plan, execute and report on an audit of an ISMS in an organization assessing its conformance with ISO/IEC 27001:2013.

    To attend this course, you should already have knowledge of the key Plan-Do-Check-Act (PDCA) cycle within management systems.

    You should also have knowledge of Information Security Management principles, concepts and specifically the requirements of ISO/IEC 27001:2013.

    Tutors on our lead auditor courses will expand on your existing knowledge of the standard and develop your skills and ability to lead a team to conduct audits of an ISMS to the standard.

    Through a combination of tutorials, syndicate exercises and role play, you will learn everything you need to know about how an ISMS audit should be run including conducting second and third-party audits.

    *IRCA Certified Course (A17287)

    This course is certified by the International Register of Certificated Auditors (IRCA) and meets training requirements for those seeking registration as a lead auditor under their ISMS scheme.
  6. Information Security Management Systems (ISMS) Training Course: Transitioning from ISO/IEC 27001:2005 to ISO/IEC 27001:2013
    This one day course is aimed at those who already have or are implementing an ISMS conforming to ISO/IEC 27001:2005.

    As the updated standard ISO/IEC 27001:2013 is now available, all who have an interest in the standard can now learn what is required to conform to the current version. 

    This can be particularly helpful when your transition strategy will repurpose existing ISMS documentation and processes over to the current standard.

    You’ll learn the updated structure of ISO/IEC 27001:2013 and new concepts such as the context of an organization and performance evaluations.
  7. Information Security Management Systems (ISMS) Training Course: Lead Auditor Transitioning from ISO/IEC 27001:2005 to ISO/IEC 27001:2013  
    This two day course is aimed at existing lead auditors currently auditing, implementing or consulting ISMSs conforming to ISO/IEC 27001:2005.

    With the updated standard ISO/IEC 27001:2013 now available, there is a need for organizations to prepare for ISMS audits that check conformance with the current standard.

    Information security management lead auditors, after having passed this course and a two hour examination, will be able to meet that need.

    We will teach you the differences between the previous and current versions of the standard which will give you the knowledge to be able to inform and instruct a business about how conformance can be achieved.  

    This can be particularly helpful to organizations where the transition strategy will repurpose existing ISMS documentation and processes over to the current standard.

    Organizations will seek your input in preparation for an independent audit and of course you will be able to audit and lead audits yourself to the current standard once you have completed and passed the course and the examination.  
  8. ISO 27001 Information Security Management Briefing
    Have confidence in your information security management systems with our in-company ISO 27001 Information Security Management Briefing. And make the case for ISO 27001 standards in your business with training tailored to your needs.

    Our management briefing will be delivered on-site to help you review your information security managements systems in line with ISO 27001, ISO 27002 and ISO 27005. Learn how to achieve best practice across all business processes and procedures. And be confident maintaining ISO 27001 standards to avoid loss of data and meet legal requirements. 

    We can tailor workshops and tutor-led discussions to help you gain a thorough understanding and build a culture of information security awareness across your organisation. 

    This course can be supported by further training and mentoring. 

    ISO/IEC 27001 qualifications

  9. ISO 27001 Registered Auditor Qualification
    Ensure that your audit programme is performed to the highest standard by having your team qualified as BSI Registered Auditors. Your auditors will continue to improve their skills through the qualification, leading to improvements to your business and increased value and relevance of the audit results. 
  10. BCS Practitioner Certificate in Information Risk Management
    Excel in information risk management with an BCS qualification developed especially for IT security professionals. The Practitioner Certificate in Information Risk Management (PCiIRM) provides through guidance on building a business focused ISMS strategy.

    Demonstrate your ability to deliver a robust system in line with ISO 17799ISO 27001 and BS 7799-3 standards and make sure you are up-to-date with UK legislation, as well as international frameworks. Over five days you will work with BCS qualified professionals, learning how to understand and prevent threats to data within specific technical business environments
  11. BCS Certificate in Information Security Management Principles
    Fulfil your potential with an BCS Certificate in Information Security Management Principles (CiISMP). Work with our BCS (formerly ISEB) experts to gain vital knowledge of delivering effective information security management.

    Designed for information security professionals, the CiISMP course will help you define your business case for information security through better risk assessment and management. You will establish your role within your organisation and gain recognition as an BCS qualified professional.

    Learn to deliver an ISMS that takes into account all business needs, policies and procedures and ensure ISO and legal compliance by raising information security awareness across your organisation.

    Risk Management Training 

  12. ISO 31000 Application of Risk to Management Systems
    Application of Risk to Management Systems training course will give management representatives and people responsible for management systems the tools and techniques that will enable the effective application of risk methods to their systems.