ISO 27001 Information Security Practitioner
ISO/IEC 27001 is an international standard that provides the basis for effective management of confidential and sensitive information, and for the application of information security controls.
The standard enables organizations to demonstrate excellence and prove best practice in Information Security management. Conformance with the standard requires commitment to continually improve control of confidential and sensitive information, providing reassurance to sponsors, shareholders and customers alike.
The ISO/IEC 27001 Practitioner level course assesses the application of ISO/IEC 27001 knowledge to given business scenarios, enabling the candidate to demonstrate more detailed knowledge and capability.
Module 1: Introduction, context and objectives
- What is ISO / IEC 27001: 2013?
- History and state of the art
- What is an ISO / IEC 27001 Practitioner?
- Current state of the standard
Module 2: Preparation for Information Security Management System
- Leadership of top management
- Policy and objectives
- Integration with the daily operating mode
- Resources - Roles and Responsibilities
- Management Reviews
- Documentation Required
Module 3: Security checks
- Control Clauses
- Information Security Policies
- The organization for security
- Human resources
- Asset management
- Access control
- Physical and Environmental Security
- Security of Operations
- Communications Security
- System Acquisition, Development and Maintenance
- Supplier relations
- Management of security incidents
- Security and Business Continuity
After completing the ISO/IEC 27001 Practitioner course, delegates will have the skills and knowledge to:
- Apply the principles of a ISMS policy on its perimeter, objectives and processes in the specific context of an organization,
- Apply risk management principles including identification, analysis and evaluation, and propose appropriate treatment actions and controls to reduce information security risks, support business objectives, and improve security Information,
- Analyse and evaluate risk management actions and controls to assess their effectiveness and opportunities for continuous improvement,
- Analyse and evaluate the effectiveness of the ISMS through internal audit and management reviews to continuously improve the relevance, adequacy and effectiveness of ISMS,
- Understand, create, implement and evaluate the adequacy, relevance and effectiveness of the documented information and records required by ISO 27001,
- Identify and implement appropriate corrective actions to maintain ISMS compliance with ISO/ IEC 27001.
The ISO/IEC 27001 Practitioner course is aimed mainly at professionals involved in the management of information security:
- Internal managers and staff working to implement, maintain and operate an organization’s Information Security Management System (ISMS)
- External consultants involved in the implementation, maintenance and operation of an information Security Management Framework
- Internal auditors requiring the applied knowledge of ISO 27001
The APMG ISO/IEC 27001 Practitioner exam consists of a four-question, each composed of 20 sub-questions and lasts 2 hours and 30 minutes (+40 extra minutes for non-English candidates).
Certification is obtained if the candidate obtains at least 40 correct answers (50%).
The use of the printed text of the standard is permitted during the examination.
Successful completion of the APMG ISO/IEC 27001 Foundation exam is a prerequisite for the ISO/IEC 27001 Practitioner course and certification.