The ISO 27001 audit training course teaches participants the foundations of the audit of Information Security Management System (ISMS). Taking place over 72 hour, including the official certification exam, the course gives students basic training in how to conduct audits in accordance with the registration process for the ISO 27001:2005 standard. The lectures and audit exercises are based on the guidelines for the ISO 19011:2002 audit as well as the various standards in the ISO 27000 family.
|Contact Hours:||43 hr Lecture 29 hr labs|
|Prerequisites:||Understanding of TCP/IP Protocols|
|Credits:||72 CPE / 3 CEU|
|Method of Delivery:||Residential (100% face-to-face) or Hybrid|
|Method of Evaluation:||95 % attendance 2. 100 % completion of Lab|
|Grading:||Pass = Attendance+ labs & quizzes Fail > 95% Attendance|
Sample Job Titles:
Information Systems Security Engineer
Intrusion Detection System (IDS) Administrator
Intrusion Detection System (IDS) Engineer
Intrusion Detection System (IDS) Technician
Network Analyst/ Network Security Engineer
Network Security Specialist/Security Analyst
Security Engineer/Security Specialist
Systems Security Engineer
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Learning Level: Basic Auditor to Advanced
- Knowledge of new and emerging IT
- Knowledge of IT compliance and assurance
- Knowledge of the capabilities and functionality of compliance
Target Audience IT Security Managers , IT Managers , Auditors interested in ISO 27001 :2005 or ISO 17799 :2005 / ISO 27002: 2007 Standards , Information Security Consultants
Pre-class study Initial knowledge of ISO/IEC 17799:2005 and ISO 27001:2005 standards, and base knowledge of information security is required.
Review of the ISO 27001:2005 prerequisites
Understanding of the relations between ISO 27001:2005 and ISO/IEC 17799:2005
Security related threat and vulnerabilities apprenticeship evaluation
Understanding of the security controls and counter-measures
Comprehension of the auditor's roles and responsibilities
Apprenticeship of the relative phases of an information security management system audit
Curriculum Lesson 1
Introduction to information security management system management with ISO 27001 8 hrs
Objectives and course structure
Information Security Standard
Fundamental Principles of Information Security
Information Security Management System
Lesson 2: Audit initiation 6 hrs Lecture 2hr labs
Fundamental Audit Concepts and Principles
Evidence based approach
Preparing for the On-site Audit Activities Conducting On-site Activities
Lesson 3: Conduct the audit 6 hrs Lecture 2hr labs
Communication during the audit
Drafting of conclusions and non-conformity reports
Lesson 4: Conclude the audit 6 hrs lecture 2 hrs lab
Audit Documentation Review of the Audit Notes
Managing an audit program
The competence and evaluation of auditors
Lesson 5: Examination 8 hrs (5 hrs lecture 3 hrs exam)
3-hour review and hands-on labs of an ISO 27001 Lead Auditor and 3-hour exam leading to certification as an ISO 27001 Lead Auditor.
Prerequisites: The ISMS Foundation course or basic knowledge of the ISO 27001 and ISO 27002 standards is recommended.
A copy of the ISO 19011, ISO 27001 and ISO 27002 standards will be provided to participants.
A certificate of attainment will be given to participants who successfully pass the examination
Grades - All students must ordinarily take all quizzes, labs, final exam and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential unless granted an exception in writing by the President. Know that Q/ISP classes draws quite the spectrum of students, including "those less comfortable," "those more comfortable," and those somewhere in between. However, what ultimately matters in this course is not so much where you end up relative to your classmates but where you end up relative to yourself in on Friday of class. The course is graded as a pass or fail solely on your attendance and participation. Those less comfortable and somewhere in between are not at a disadvantage vis-à-vis those more comfortable. Escalating labs help you prepare for real world scenarios. Each labs escalates upon itself, increasing in intensity, rising to the next level, while your mitigating the threat step by step
Books – 3 Ebooks are provided for this course. No external books are required. However, you may want to supplement your preparation for or review of some lectures with self-assigned readings relevant to those lectures' content from either of the books below. The first is intended for those inexperienced in (or less comfortable with the idea of) hacking. The second is intended for those experienced in (or more comfortable with the idea of) hacking. Both are available at sites like Amazon.com. Both are avail at the SU Hacker Library. Realize that free, if not superior, resources can be found on the SU website.