IT Governance & Service Management

ISO/IEC 27001 Foundation Including Exam

PM-ISO27001F

Type

Virtual

Classroom ILT

Skill Level

Introduction

Available dates

April 29, 2024

June 3, 2024

August 5, 2024

Learning Path

Cybersecurity

Virtual

Duration

2 Days

1 Day

TYPE

Virtual

Classroom ILT

LEARNING PATH

Cybersecurity

SKILL LEVEL

Introduction

DURATION

2 Days

AVAILABLE DATES

April 29, 2024

June 3, 2024

August 5, 2024

Choose date

From: R8 000,00

Price excluding VAT

Introduction

The purpose of the Foundation course is to confirm that a candidate has sufficient knowledge of the contents and high-level requirements of the ISO/IEC 27001 standard and understands at a foundation level how the standard operates in a typical organization.

This course is designed to provide the basic knowledge of ISO/IEC 27001 required as a prerequisite for the Practitioner course.

ISO/IEC 27001 Standard Overview

ISO/IEC 27001 is an international standard for Information Security Management. It provides a model to establish, implement, maintain and continually improve a risk-managed Information Security Management System (ISMS).

The standard forms the basis for effective management of sensitive, confidential information and for the application of information security controls. An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement of control over its sensitive and confidential information.

ISO/IEC 27001, therefore, provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security. Due to the diversity of different organizations’ information assets – the ISO/IEC 27001 standard is adaptable according to an organization’s requirements. The design and implementation of the ISMS is tailored to the organization’s objectives, information assets, operational processes, governing legal requirements and regulatory security requirements.

Audience profile

This course is aimed at those who are:

Supporting the implementation, operation or maintenance of an ISMS within an organization
Required to audit an ISMS and to have a basic understanding of the standard
Working within an organization with an ISMS, whether the organization is already certified or is considering certification to ISO/IEC 27001
Preparing for the ISO/IEC 27001 Practitioner qualification

Pre-requisites

There is no pre-requisite for the Foundation course but an interest or background in information security or service management would be an advantage.

Course objectives

The candidate should understand the scope, objectives, key terminology and high-level requirements of the ISO/IEC 27001 standard, how it is used in an organization for information security together with the main elements of the certification process.

Specifically, the candidate should understand:

The scope and purpose of ISO/IEC 27001 and how it can be used
The key terms and definitions used in the ISO/IEC 27000 series
The fundamental requirements for an ISMS in ISO/IEC 27001 and the need for continual improvement
The processes, their objectives and high-level requirements
Applicability and scope definition requirements
Use of controls to mitigate IS risks
The purpose of internal audits and external certification audits, their operation and the associated terminology
The relationship with best practices and with other related International Standards: ISO 9001 and ISO/IEC 20000.

Course content

Session 1: Information Security Management Systems (ISMS) Introduction
What is ISO/IEC 27001:2022?	History of the standard
ISO 27000 Family of standards	Definitions
Why do it?	ISO/IEC 27001:2022 Contents
Compatibility of ISMS with other management system standards	ISO/IEC 27001 Qualification and Certification
Organisational roles and responsibilities
Session 2: Key Publications
Key Publications

Session 3: Leadership and support of the ISMS
Leadership – ISMS	Top Management
ISMS – roles, responsibilities and authorities	Documentation
Resources and Competence	Awareness and Communication

Session 4: Planning and Operation of the ISMS

Statement of Applicability	Performance evaluation
Continual improvement	Risks and opportunities
Risk Assessment	Risk Identification, analysis and evaluation
Risk Treatment	Risk Treatment Plan
Information Security Objectives	Planning of Changes
Operational planning & control	Internal Audit
Management Review	Nonconformity and corrective action

Session 5: Information security control objectives and controls

Controls – Definitions	Structure and contents of Annex A
Control type	Information security properties
Cybersecurity concepts	Operational capabilities
Security domains	People controls
Organizational controls	Technological controls
Physical controls	Controls – Management responsibilities
Controls – Policies for information security	Controls – Acceptable use of information and other associated assets
Controls – Inventory of information and other associated assets	Controls – Labelling of information
Controls – Classification of information	Controls – Access control
Controls – Information transfer	Controls – Authentication information
Controls – Identity management	Controls – Information security incident management planning and preparation
Controls – Access rights	Controls – Compliance with policies, rules and standards for information security
Controls – Legal, statutory, regulatory and contractual requirements	Controls – Information security awareness, education and training
Controls – Terms and conditions of employment	Controls – Information security event reporting
Controls – Disciplinary process	Controls – Secure disposal or re-use of equipment
Controls – Storage media
Controls – Privileged access rights

Session 6: Achieving ISO/IEC 27001 Certification

Audit – types	Audit – outcomes
Audit – evidence	Audit – certification preparation
Audit – certification process

Associated certifications and exam

This course will prepare delegates to take the MC-27001FE: Foundation Examination

Successfully passing this exam will result in the attainment of the ISO/IEC 27001 Foundation Certification.

Exam Format:

50 questions per paper, multiple choice examination
Closed Book
Duration: Maximum 40 minutes for all candidates using English as their first language.

Pass Score:

25 marks or more required to pass (out of 50 available) – 50%.

On successful completion of this course, students will receive a Torque IT attendance certificate.

ISO/IEC 27001 Overview

ISO/IEC 27001 is an international standard for Information Security management and provides the basis for effective management of sensitive / confidential information as well as the implementation of information security controls.

Organizations can utilize the ISO/IEC 27001 standard to demonstrate their conformance to best practice and excellence in Information Security management. An organization that conforms to the ISO/IEC 27001 standard possesses clear, objective proof of its commitment to continued improvement and control over its sensitive and confidential information.

ISO/IEC 27001 therefore provides reassurance to sponsors, shareholders and customers that the organization has expert control over its risk management and data security.

Torque IT offers authorized ISO/IEC 27001 instructor-led training and certification solutions that will ensure that you get the most from your human capital investment and that both productivity and efficiency are maximized.

The standard can be integrated with other management system framework standards, such as the quality standard ISO 9001 and ISO/IEC 20000 for IT Service Management.

Torque IT strives to be the ISO/IEC 27001 Accredited Training Organisation (ATO) provider of choice to our clients across South Africa and Africa.

Torque IT’s ISO/IEC 27001 training courses will help you deliver smarter solutions both on-time and within budget. We provide Standard Best Practice training and certification for novice and experienced managers.

APMG International ISO/IEC 27001™is a trademark of The APM Group Limited. All rights reserved. The APMG International ISO/IEC 27001 and Swirl Device logo is a trademark of The APM Group Limited, used under permission of The APM Group Limited. All rights reserved.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

ISO/IEC 27001 Foundation Including Exam

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

ISO/IEC 27001 Overview

contact

Vendor
Authorised

Details

Menu

newsletter

ISO/IEC 27001 Foundation Including Exam

Type

Skill Level

Available dates

Learning Path

Duration

TYPE

Virtual

Classroom ILT

LEARNING PATH

SKILL LEVEL

DURATION

AVAILABLE DATES

Price excluding VAT

ISO/IEC 27001 Overview

contact

Vendor Authorised

Details

Menu

newsletter

Vendor
Authorised