ISO 27000 Foundation Certification Training Course

Description

Every organization, whether it is a commercial enterprise, government agency, or a not-for profit organization, must have established guidelines that will protect it from business risks. The ISO/IEC 27000 suite of standards define exactly these requirements and form a formal specification that help organizations establish, implement, operate, monitor, review, maintain and improve a documented Information Security Management System. As an ISO 27000 certified professional, you can help an organization demonstrate achievement of excellence and compliance with global best practices for quality in Information Security Management.
Bacancy Trainings helps you prepare for the ISO 27000 Foundation certification provided by Peoplecert where candidates will be introduced to the principles and core elements of the ISO 27000, specifically for ISO/IEC 27001 and ISO/IEC 27000. With comprehensive courseware, in-depth exercises, and training from experienced professionals, participants can aim for a first time clearance of the examination and apply the ISO 27000 standard to ensure continuity and effectiveness of the organization.
Category Ref Knowledge Set
ISMS-7.1 Introduction   ISMS-7.1.1 Scope of ISO/IEC 27000 series of standards
ISMS-7.1.2 Recognize industry standards/best practices in Service Management and Quality management systems, such as: ITIL®, SixSigma®, CobiT, ISO/IEC 9000, ISO/IEC 20000
ISMS-7.1.3 Recognize the content and correlation between ISO/IEC 27001:2005 and ISO/IEC 27002:2005
ISMS-7.1.4 Definition and need for Information Security and Information Security Management System (ISMS)
ISMS-7.1.5 Importance of an Information Security Management System (ISMS)
ISMS-7.1.6 Value and Reliability of Information
ISMS-7.1.7 Benefits and Critical Success factors of an Information Security Management System (ISMS)
ISMS-7.2 Organization of Information Securityl   ISMS-7.2.1 Management responsibility:
• Management commitment
• Resource management
ISMS-7.2.2 Confidentiality agreements
ISMS-7.2.3 Contact with authorities and with special interest parties
ISMS-7.2.4 Independent review of information security
Addressing security when dealing with external parties Addressing security when dealing with external parties
ISMS-7.3 Information Security Management System ISMS-7.3.1 Information Security Policy
ISMS-7.3.2 General ISMS requirements
ISMS-7.3.3 Structure of policies
ISMS-7.3.4 Establishing and managing the ISMS:
• Establish the ISMS
• Implement and operate the ISMS
• Monitor and review the ISMS • Maintain and improve the ISMS
ISMS-7.3.5 Documentation requirements
• General
• Control of documents
• Control of records
ISMS-7.3.6 Management review of the ISMS
• General
• Review input
• Review output
ISMS-7.3.7 ISMS improvement:
• Continual improvement
• Corrective action
• Preventive action
ISMS-7.4 ISMS Implementation ISMS-7.4.1 Defining ISMS scope, boundaries and ISMS policy
ISMS-7.4.2 Asset Management:
• Responsibility for assets
• Information classification
ISMS-7.4.3 Risk Assessment and Treatment:
• Assessing security risks
• Treating security risks
ISMS-7.4.4 Information security aspects of business continuity management
ISMS-7.5 Human resources, physical and environmental security ISMS-7.5.1 Human Resources Security: Prior to employment
ISMS-7.5.2 Human Resources Security: During employment
ISMS-7.5.3 Human Resources Security: Termination or change of employment
ISMS-7.5.4 Physical and Environmental Security: Secure areas
ISMS-7.5.5 Physical and Environmental Security: Equipment security
ISMS-7.6 Communications and operations management ISMS-7.6.1 Operational procedures and responsibilities
ISMS-7.6.2 Third party service delivery management
ISMS-7.6.3 System Planning and acceptance:
• Capacity management
• System acceptance
ISMS-7.6.4 Protection against malicious and mobile code
ISMS-7.6.5 Back-up
ISMS-7.6.6 Network security management
ISMS-7.6.7 Media handling
ISMS-7.6.8 Exchange of information
ISMS-7.6.9 Electronic commerce services
ISMS-7.6.10 Monitoring
ISMS-7.7 Access Control ISMS-7.7.1 Access control policy
ISMS-7.7.2 User access management
ISMS-7.7.3 User responsibilities
ISMS-7.7.4 Network access control
ISMS-7.7.5 Operating system access control
ISMS-7.7.6 Application and information access control
ISMS-7.7.7 Mobile computing and teleworking
ISMS-7.8 Information systems acquisition, development and maintenance ISMS-7.8.1 Security requirements of information systems
ISMS-7.8.2 Correct processing in applications
ISMS-7.8.3 Cryptographic controls
ISMS-7.8.4 Security of system files
ISMS-7.8.5 Security in development and support processes
ISMS-7.8.6 Technical vulnerability management
ISMS-7.9 Compliance ISMS-7.9.1 Compliance with legal requirements
ISMS-7.9.2 Compliance with security policies and standards, and technical compliance
ISMS-7.9.3 Internal ISMS audits:
• Define criteria, scope, frequency, method and audit procedures
• Define roles and responsibilities of internal auditors
• Ensure objective and impartial documentation
• Plan audit activities
• Follow up activities
• Record keeping procedures
ISMS 7.10 Information Security Incident Management ISMS-7.10.1 Reporting information security events
ISMS-7.10.2 Management of information security incidents and improvements
Total Proposed Training Time: 24 hours
From the course:
As this is the Foundation level course, candidates will be introduced to the principles and core elements of the ISO/IEC 27001 and ISO/IEC 27002 standards for Information Security Management, and more specifically:
  • ISO/IEC 27000: which provides an overview of information security management systems, which form the subject of the ISMS family of standards, and defines related terms.
  • ISO/IEC 27001: the formal specification which defines the requirements that must be achieved for an information security management system (ISMS).
  • ISO/IEC 27002: which describes a code of practice for information security management and details hundreds of specific controls which may be applied to secure information and related assets

Holders of Peoplecert’s ISO 27000: Information Security Management Foundation Certification will be able to demonstrate their knowledge, ability, competence and understanding in:

  • Definitions and principles of quality management services in accordance with ISO/IEC 27001.
  • Positioning of ISO/IEC 20000 in the Information security management including its relationship with other standards and best practices.
  • Objectives and requirements in each section of the specification.
  • Scope, aims and use of the ISO/IEC 27001 and ISO/IEC 27002 Specification and Code of Practice.
  • Processes and objectives of ISO/IEC 27001 and ISO/IEC 27002 and Information security management (ISMS).
  • Fundamental requirements for an Information Security Management System (ISMS).
  • Requirements of the Information Security Management System and the Plan, Do, Check, Act cycle.
  • How assessments, reviews and internal audits of Information Security Management systems against the requirements of the standard are used.

Eligibility: There are no prerequisites for attending this workshop or the exam. It is recommended that participants have at least a basic knowledge of Information security management concepts and terminology and have undergone some formal training on the subject with a proposed duration of 24 hours.

 

Process:
The ISO 27000 Foundation Certification Exam focuses on Knowledge and Comprehension categories of the Blooms Taxonomy.
Knowledge is defined as recalling previously learned material, from facts to theories and represents the lowest level of learning outcomes in the cognitive domain.
Assessment objectives would include knowing and recalling:

  • Common and/or basic terms, definitions, concepts and principles
  • Specific compliance requirements and facts
  • Processes, procedures and assessment methods

Comprehension is the lowest level of understanding and entails the ability to grasp the meaning of the material taught, including some sort of interpretation, translation or estimation during the process. Assessment objectives would include knowing and recalling:

  • Understanding facts, concepts and principles
  • Interpreting material (i.e. charts, graphs, text)
  • Justifying a Process, procedure and assessment method

Examination Format:

 

Delivery Computer (web) or Paper based
Type 40 Multiple choice questions
Single answer, one of four possible answers Each question is awarded one (1) mark
Duration 1 hour (60 minutes)
For non-native speakers or candidates with a disability, an additional 15 minutes of extra time is allowed.
Pass Mark 65% (26/40)
Invigilator / Supervisor / Proctor Yes
Physical or Web proctoring
Open Book No
No materials are allowed in the examination room
Prerequisites None
Distinction N/A



The tests are derived from a regularly updated question test bank (QTB) based on the test specification detailed below. Questions are used interchangeably among test sets. The overall difficulty level of each test is the same with any other test. A candidate is never assigned the same test in the case of multiple examination attempts.

The examination will consist of ten (10) sections with the following structure:

 

Category Description Exam (%)
1 ISMS-7.1 Introduction 10.0%
2 ISMS-7.2 Organization of Information Security 17.5%
3 ISMS-7.3 Information Security Management System 17.5%
4 ISMS-7.4 ISMS Implementation 12.5%
5 ISMS-7.5 Human resources, physical and environmental security 7.5%
6 ISMS-7.6 Communications and operations management 5.0%
7 ISMS-7.7 Access Control 7.5%
8 ISMS-7.8 Information systems acquisition, development and maintenance 5.0%
9 ISMS-7.9 Compliance 10.0%
10 ISMS 7.10 Information Security Incident Management 7.5%
TOTAL 100.0%

Refer the following link for more information:

http://www.peoplecert.org/en/Test-Takers/PEOPLECERT_Certification/PEOPLECERT_Management_Systems_Certification/ISO_27000/Pages/Information_Security_MS.aspx

This qualification is the first level of the ISO/IEC 27000 certification scheme provided by Peoplecert, and is aimed at anyone working within an organization (internally or externally) who may require to have and demonstrate a solid knowledge and understanding of the ISO/IEC 27001 and ISO/IEC 27002 standards and their content. The certification can also cater for candidates seeking personal certification, also in regards to their knowledge and understanding of the requirements and the content of the standard.

Q. Can you tell me regarding the Training?

Ans:

Information sharing is critical to the success of an organization, in this technology driven world. Information from employees, suppliers, customers, stakeholders and even that exchanged between organizations, help rise above competition. While this free-flow of information helps in business continuity there has to be a high level of security that protects this important asset. The ISO/IEC 27001 and 27002 standards for Information Security Management allow an organization to demonstrate achievement of excellence and compliance with global best practices for quality in Information Security Management. KnowledgeHut’s training helps you prepare for the PEOPLECERT ISO 27000 certification and implement the principles and guidelines that reflect a solid understanding of the standard.

Q. Who can benefit from this course?

Ans:

Anyone working within a service provider organization (internally or externally) who may require to have and demonstrate a solid knowledge and understanding of the ISO/ 27000 standard and its content.

Q.How we can register for the training?

Ans:

You can register through online, we will provide online registration link you can use that link and do registration for the same.

Q.There is any group discount?

Ans:

Yes, if you will be coming with 5 people we will give you 10% discount.

Q. What is training Timing & venue?

Ans:

Training time will be 9:30 AM to 5:30 PM and venue will be communicated according to locations.