The ISO 27001 Implementation Course:
Managing Information Security with ISO 27001/27002

Overview

This two-day training course is designed to provide attendees with the necessary information and skills to:

•  implement a unified approach to managing information security

   with ISO 27001/27002

•  implement and audit an Information Security Management System

   (ISMS) that is compliant with the requirements of ISO 27002 and

   meets the certification requirements of ISO 27001

Who Should Attend?

This workshop is designed to advance the knowledge and skills of professionals responsible for information security, risk management, IT auditing, IT compliance and more.

• Information Security & IT Managers
• Chief Information Officer (CIO / CISO)
• Compliance Officer
• Business Continuity Planners
• Risk Managers
• Business Process Owners (Department Heads)
• IT/Systems Auditors
• Information security consultants

This two-day course is designed for professionals...

• who are familiar with ISO 27001/27002
• who are looking for guidance on auditing against the ISO 27002 standards
• who plan to adopt the security framework and implement the standards
• who would like to see their organization certified to ISO 27001
• who would like to improve their security program and align their security goals to their business objectives

Benefits To Your Business

• Reduced costs of compliance efforts
• Increased security and reliability of information systems
• Cost-effective, coordinated and consistent information security practices
• Improved management of risk
• Consistent assessments of your security environment

Learning Objectives

• Understand ISO 27001 and 27002
• Understand the design and implementation of an ISMS
• Understand the requirements of an ISMS
• Identify uses of your ISMS controls
• Discuss implementation guidance for:
  • Security Policy
  • Security Organization
  • Human Resource Security
  • Asset Management
  • Business Continuity Planning
  • Incident Response
  • Compliance
  • Access Control
  • Security in Application and System Acquisition and Development
  • Physical and Environmental Security
  • Communications and Operations Security
• Contrast and compare ISO 27002 with other frameworks and requirements

Course Materials

Students receive comprehensive course manuals with reference materials that include:

• Copy of ISO/IEC 27001
• Copy of ISO/IEC 27002

ISO 27001/27002 Overview

The International Standards Organization (ISO) has developed two specifications on the governance of information security, ISO 27001 and ISO 27002. Both have originated and evolved from British Standards, BS7799 parts 1 and 2, which have been used to certify over 2,500 organizations around the world.

ISO 27002 is an international code of practice, or implementation framework, for information security best practices. ISO 27001 serves as the auditing and certification standard for an organization’s ISMS with 133 information security controls covering eleven separate domains.

Further, ISO 27001 also specifies the Plan-Do-Check-Act (PDCA) model for continual quality improvement, which is the same PDCA model used in ISO 9001 Total Quality Management (TQM) initiatives. According to the Institute of Internal Auditors (IIA), the PDCA cycle helps “the organization to know how far and how well it has progressed” and “influences the time and cost estimates to achieve compliance.” BSI Management Systems, the world’s largest ISO certification body and the author of BS7799 standards, defined the ISMS as “a systematic approach to managing sensitive company information so that it remains secure. ISMS encompasses people, processes, and IT systems.”

Prerequisites
Attendees should be fairly knowledgeable about the security practices of their organization to properly benefit from this workshop.

Class Requirements
Attendees are encouraged, although not required, to bring a laptop with Microsoft Office so they can follow along with the presentation materials and mapping documents that are provided on a CD.

About The Instructor
Gary Sheehan, CISSP, HISP, is a managing consultant with Wolcott Group. Gary’s practice at Wolcott is focused on information security and risk management and using the best practice frameworks and standards to help clients achieve effective holistic security and good IT governance. He is a subject matter expert in the area of information security governance with 20 years of experience in security policy, awareness, process implementation, vulnerability management and security project management.

Throughout his career, Gary has worked for a number of large companies in the banking, insurance, diversified industrial, manufacturing, and chemical industries. He has successfully executed large, global security projects and implemented enterprise-wide security policies at a number of companies. Gary is currently the President of the Northern Ohio Members Alliance of InfraGard and founder of the Information Security Summit.

As a recognized security expert, Gary has presented topics at Computer Security Institute's annual conference, InfoSec World, OKIT and at many regional conferences and seminars. In 2003 Gary received the Northern Ohio Chapter of InfraGard’s Linda Franklin award for his dedication and outstanding service to the chapter. Under his direction, the Information Security Summit has raised and distributed over $90,000 to area organizations such as ISACA, InfraGard, ISSA, BEPA, Cuyahoga County Police Chiefs Association, Cleveland HoneyNet Project, NEO InfoSec Forum and ASIS.

Gary has a Bachelors degree in Business Administration from Baldwin-Wallace College and is a 2006 graduate from the FBI Citizens Academy.

About Wolcott Group
Wolcott Group is one of the top U.S. firms for standards-based, information security training, consulting, and technology solutions. Wolcott Group is a member of the IT Governance Institute, an authorized training center for the Holistic Information Security Practitioner (HISP) certification, and an authorized BSi Management Systems’ Associate Consultant for training and consulting on ISO 27001/27002. Wolcott Group is an IBM Premier Business Partner, a Microsoft Gold Certified Partner, and also partners with other information security technology vendors to help its clients to improve their information security practices.

Location and Contact Information  

Wolcott Group - Corporate Headquaters

3700 Embassy Parkway

Fairlawn, Ohio 44333

Phone: 1-866-WOLCOTT (1-866-965-2688) or 1-330-666-5900

Fax: 1-330-666-5600

Email: training@wolcottgroup.com

Schedule This Training
This two-day course is offered on a private basis for organizations that wish to have three or more of their staff to attend. The course can be offered at Wolcott Group's offices in Fairlawn, Ohio or at your location. To schedule this training, simply contact us at training@wolcottgroup.com.  

The Investment
The investment for this two-day workshop, which includes documentation on how IT frameworks map to security, and provides 14.0 hours of CPE credits, is $995 per attendee with a minimum of three attendees. Quantity discounts are available if you have five or more attendees. Contact us at training@wolcottgroup.com for more information.