|
||
|
Course Outline - Commercial | |
|
||
|
||
|
Course Curriculum: ISO 27002 Compliance (Day 1 -3) | |
|
||
|
Description: | |
|
The objective of this course is to provide delegates with the necessary skills to implement a corporate Information Security Management System (ISMS) framework that is compliant with the requirements of ISO 27002, UK Data Protection Act, EU Directive on Privacy, HIPAA Security, FFIEC, GLB Act, Sarbanes-Oxley Act (Security), FACT Act, PCI Data Security, California SB-1386, OSFI, PIPEDA, PIPA, Canadian Bill C-198 and meets certification requirements of ISO 27001. | |
|
||
|
Course Content: | |
|
The course is designed for people who have a reasonable awareness of Information security management. | |
 History of ISO 17799 / BS 7799 / ISO 27000 series. |
|
|
| Comparison of ISO 17799:2000 and ISO 27002:2005 |
|
|
| ISO 27001 certification requirements. |
|
|
| Determination of scope. |
|
|
| Identification of information assets. |
|
|
| Determination of the value of information assets. |
|
|
| Determination of risk. |
|
|
| Determination of policy(ies) and the degree of assurance required from controls. |
|
|
| Identification of control objective and controls. |
|
|
| Definition of polices, standards and procedures to implement the controls. |
|
|
| Production and implementation of policies, standards and procedures. |
|
|
| Completion of ISMS documentation requirements. |
|
|
| Establishment of Management Framework and Security Forum. |
|
|
| Audit and review of ISMS. |
|
|
| Case Studies. |
|
|
|
||
|
||
|
Course Curriculum: COBIT auditing framework (Day 3 -4) | |
|
||
|
Description: | |
|
The objective of this course is to provide delegates with the necessary skills to audit information technology systems using COBIT as a benchmarking standard. | |
|
||
|
Course Content: | |
|
The course is designed for people who have a reasonable awareness of Information Technology Controls. | |
| History of COBIT. |
|
|
| Understanding COBIT Controls. |
|
|
| Understanding COBIT mapping to COSO. |
|
|
| Understanding COBIT mapping to ISO 27002 and ITIL. |
|
|
| COBIT case studies. |
|
|
|
||
|
||
|
Course Curriculum: Compliantz methodology (Day 5) | |
|
||
|
Description: | |
|
The objective of this course is to provide delegates with the knowledge of how ISO 27002 requirements map to HIPAA, FFIEC, GLB Act, Sarbanes-Oxley Act, OSFI, PIPEDA, PIPA, Canadian Bill C-168 and other regulations. We will explain how to identify areas of non-compliance in a matter of a few days. | |
|
||
|
Course Content: | |
|
The course is designed for people who have a reasonable awareness of Information Technology Controls. | |
| History of Compliantz. |
|
|
| Compliantz methodology -proprietary mapping component. |
|
|
| Description of Compliantz modules. |
|
|
| Using automation to quickly identify non-compliance areas. |
|
|
| Case studies. |
|
|
|
||
|
Certification Exam: | |
|
Attendees can chose to take the HISP Certification Exam which is now managed by the HISP Institute on the afternoon of Day 5. | |
| Copyright 2005-2008 by eFortresses, Inc. All rights reserved. |