The ISO 27001 Implementation Course:
Managing Information Security with ISO 27001/27002
In the rush to meet regulatory or customer mandates, organizations have spent millions of dollars implementing security and compliance measures on an issue-by-issue or regulation-by-regulation basis. These approaches to compliance and information security are filled with unnecessary risks and costs, and often end up contributing to an ineffective and inefficient information security program.
The objective of this course is to provide attendees with the necessary information and skills to implement ISMS that is compliant with the requirements of ISO 27002 and meets the certification requirements of ISO 27001.
This 2 1/2 -day course is designed for people:
- who are familiar with ISO 27001-2,
- who plan to adopt the security framework and implement the standards
- who would like to improve their security program and align their security goals to their business objectives using 27002, or
- who would like to see their organization certified to ISO 27001.
Who Should Attend?
- Information Security & IT Managers
- Chief Information Officer (CIO / CISO)
- Compliance Officer
- Business Continuity Planners
- Functional Business Representatives (HR, Legal, Communications, etc.)
- Risk Managers
- Business Process Owners (Department Heads)
- IT/Systems Auditors
- Information security consultants
Benefits To Your Business
- Reduced costs of compliance efforts
- Increased security and reliability of information systems
- Cost-effective, coordinated and consistent information security practices
- Improved management of risk
- Consistent assessments of your security environment
Learning Objectives
- Understand ISO 27001 and 27002
- Understand the requirements, design and implementation of an ISMS
- Identify uses of your ISMS controls
- Discuss implementation guidance for 27002
- Contrast and compare ISO 27002 with other frameworks and requirements
Course Materials
Students receive comprehensive course manuals with reference materials
ISO 27001-2 Overview
The International Standards Organization (ISO) has developed two specifications on the governance of information security, ISO 27001 and ISO 27002. Both have originated and evolved from British Standards, BS7799 parts 1 and 2, which have been used to certify over 2,500 organizations around the world.
ISO 27002 is an international code of practice, or implementation framework, for information security best practices. ISO 27001 serves as the auditing and certification standard for an organization's ISMS with 133 information security controls covering eleven separate domains.
Further, ISO 27001 also specifies the Plan-Do-Check-Act (PDCA) model for continual quality improvement, which is the same PDCA model used in ISO 9001 Total Quality Management (TQM) initiatives. According to the Institute of Internal Auditors (IIA), the PDCA cycle helps “the organization to know how far and how well it has progressed” and “influences the time and cost estimates to achieve compliance.” BSI Management Systems, the world's largest ISO certification body and the author of BS7799 standards, defined the ISMS as “a systematic approach to managing sensitive company information so that it remains secure. ISMS encompasses people, processes, and IT systems.”
About The Instructor
Gary Sheehan, CISSP, HISP
Gary Sheehan is a Managing Consultant with Wolcott Group in Fairlawn, Ohio. Gary's practice at Wolcott is focused on using 27001 Standards to help clients achieve holistic security and good IT governance. He is a subject matter expert in the area of information security governance with 20 years of experience in security policy, awareness, process implementation, vulnerability management and security project management.
Throughout his career, Gary has worked for a number of large companies in the banking, insurance, diversified industrial, manufacturing, and chemical industries. He has successfully executed large, global security projects and implemented enterprise-wide security policies at a number of companies. Gary is currently the President of the Northern Ohio Members Alliance of InfraGard and founder of the Information Security Summit.
As a recognized security expert, Gary has presented topics at Computer Security Institute's annual conference, InfoSec World, OKIT and at many regional conferences and seminars. In 2003 Gary received the Northern Ohio Chapter of InfraGard’s Linda Franklin award for his dedication and outstanding service to the chapter. Under his direction, the Information Security Summit has raised and distributed over $90,000 to area organizations such as ISACA, InfraGard, ISSA, BEPA, Cuyahoga County Police Chiefs Association, Cleveland HoneyNet Project, NEO InfoSec Forum and ASIS.
Gary has a Bachelors degree in Business Administration from Baldwin-Wallace College and is a 2006 graduate from the FBI Citizens Academy.
About Wolcott Group
Wolcott Group is one of the top U.S. firms for standards-based, information security training, consulting, and technology solutions. Wolcott Group is a member of the IT Governance Institute, an authorized training center for the Holistic Information Security Practitioner (HISP) certification, and an authorized BSi Management Systems’ Associate Consultant for training and consulting on ISO 27001/27002. Wolcott Group is an IBM Premier Business Partner, a Microsoft Gold Certified Partner, and also partners with other information security technology vendors to help its clients to improve their information security practices.
Cost
The cost for this 2.5 day course is $995 per attendee.
If you have a group of personnel to be trained, quantity discounts are available for training at Wolcott Group's offices or for private training at your offices. Contact us at training@wolcottgroup.com for more information.
Register Today!
To register for the March or May class, send e-mail to: training@wolcottgroup.com. In the subject line put: Training Request. In the body of the e-mail include your name, contact information and the class you want to register for. The March and May class will both be held at Wolcott Group Headquarters in Fairlawn, Ohio.
March 18-20, 2009
May 20-22, 2009
Nov. 11-13, 2009
If you have any questions regarding the training, the registration process, or any related topics, please send email to training@wolcottgroup.com for more information.