|
Credibility is the key advantage of being certified by a respected, independent and competent third party. The assurance it provides gives confidence to management, business partners, customers and auditors that the organization is serious about information security management - not perfect, necessarily, but at least on the right path to continuous, managed improvement.
Information Security Management System BS7799 Part 1 is a Standard Code of Practice that provides an organization with default guidelines on the types of security controls an organization should implement to safeguard their assets. The scope of this standard covers all communication systems such as voice, internet, phones, faxes, etc.
Information Security Management System BS7799 Part 2 is Management Standard Specification. This instructs an organization on the necessary steps required in establishing a management framework. It encompasses people, IT systems and the processes within the organization.
About this workshop
This workshop is designed to enable and empower the participants to carry out a complete internal audit for their respective organizations. It not only covers the clauses and controls of the Standard, but also addresses practical concerns such as auditing Active Directory, Firewalls, Physical Access Control Systems, etc.
This workshop is a two-day hands-on exercise to provide the delegates with the necessary tools, techniques and checklists in order to conduct a full-fledged and comprehensive ISO 27001 Internal Audit.
Benefits
On completion of this course, participants will get a better understanding of
- How to prepare for an ISO 27001 audit
- An in-depth and systematic approach to internal auditing
- Checklists for each specific audit area including HR, IT, Administration, Operations, and Technologies
Each participant will be provided with all the forms, guidelines, checklists and all other documents which will help them in conducting the audit.
Who should attend
This course is meant for professionals responsible for an organization’s key functions such as
- Security Management
- Facilities Management
- Human Resource Department
- Administration Department
- Financial Department
- Emergency Unit
- Operations
- Supply Chain
- Risk and Crisis Management
Anyone aspiring to handle an ISO 27001 Internal Audit within the organization would benefit from this course.
Course Outline
Day 1
Introduction to Internal Audit
Auditing Guidelines
- Planning
- Documentation Requirements
- Evidence
- Dos and Don’ts
Introduction to ISO 27001
- Domains
- Controls
- BCP / DR
- Audit perspective
Implementation Stages
- Scope
- Security Policies
- Risk Assessment and Mitigation
- Statement of Applicability
Audit Methodology
Day 2
Auditing of Processes and Technology
Audit of Processes
- Change Management
- Backup Management
- User Privilege Management
- Incident Management
Audit of Key Business Units
- Physical Security
- Human Resources
- IT Department
- Administration
Audit of Technologies
- Firewall
- Routers
- File Servers
- Active Directory
- Project Specific Servers
Documenting the Audit Report
- Prevention Action
- Corrective Action
- Root Cause Analysis
Case Study
Closing discussion
Audit Planning Checklist
- Data Capture Questions
- Firewall Checklist
- Active Directory Checklist
- File Server Checklist
- Router Checklist
- Project Checklist
- Physical Security Checklist
- Audit Report
|
