ISO 27001 Lead Auditor Training
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
ISO 27001 Lead Auditor Trainings

Overview

This training course for becoming a ISO 27001 Lead Auditor finishes with an examination for the ISO 27001 Lead Auditor qualification.

Over five days, this intensive course prepares delegates for the qualification process for ISO 27001 and trains them on how to conduct audits for Certification Bodies. It also empowers them to give practical help and information to those who are working towards compliance and certification.

Auditing is crucial to the success of any management system. As a result, it carries with it heavy responsibilities, tough challenges and complex problems. This five-day intensive course prepares delegates for the qualification process for ISO 27001:2005 and trains them on how to conduct audits for certification bodies. It also empowers them to give practical help and information to those who are working towards compliance and certification.

The course is intended for all those who wish to undertake and eventually lead audits of Information Security Management Systems (ISMS). It is also useful for those interested in implementation of ISO 27001.

Some of the benefits of being a ISO 27001 Lead Auditor are as follows:

  • Hands-on training in implementation of the best security techniques currently available.
  • To enable delegates to undertake external audits and lead audits of Information Security Management System.
  • To explain to the delegates the purpose and planning procedure of making systems secure.
  • To ensure delegates understand the importance of organising and reporting their audit findings.
  • Appreciate the importance of controlling Information Security in all types of business.
  • State the requirements and scope ISO 27001.
  • Identify the documented management systems required to control Information Security.
  • Evaluate risk assessments for Information Security.
  • Effectively plan and undertake an audit.
  • Produce reports of their audits identifying non conformances against the standard.
  • Standardized training in the latest security software.
  • Become your organisation's best resource for security issues and decisions.
  • Increased company-wide awareness of the importance of best security practices.
  • Employees can and should be the "last line of defense."

Course Content

Security Brigade's ISO 27001 Lead Auditor Programs are tailored to the exact needs of the audience. However a general course list for the ISO 27001 Lead Auditor Training can be seen below.

  • Day 1
    • Auditor Certification
    • Evolution of ISMS
    • Why Information Security Management Systems?
    • ISO 27000:2005 - An Overview
    • ISO 27001:2005 Requirements
    • ISO 27000 Process Model/Requirement
  • Day 2
    • Reviewing Security threats and vulnerabilities
    • Management of Security Risks
    • Selecting Quality Controls
    • How to build an Information Security Management System
    • ISMS Documentation
    • Process Management and PDCA
    • Employee Awareness, Training & Competence
  • Day 3
    • Information Security Auditing including Accreditation and Certification
    • Audit Roles and Responsibilities
    • Audit Planning/Preparation
    • Document Review
    • Developing Checklists
  • Day 4
    • Conducting Onsite Activities
    • Opening Meeting
    • Collecting & Verifying Evidence
    • Interviewing
    • Auditing Top Management
    • Handling Difficult Situations
    • Audit Findings
    • Summary Audit Report
  • Day 5
    • Completing the Audit/Audit Follow Up
    • Closing/Exit Meeting
    • Course Summary
    • Examination

Benefits

Security Brigade's ISO 27001 Lead Auditor Course provides valuable auditing skills. Effective auditing helps to ensure that the measures you put in place to protect your organisation and your customers are properly managed and achieve the desired result.

  • Hands-on training in implementation of the best security techniques currently available.
  • To enable delegates to undertake external audits and lead audits of Information Security Management System.
  • To explain to the delegates the purpose and planning procedure of making systems secure.
  • To ensure delegates understand the importance of organising and reporting their audit findings.
  • Appreciate the importance of controlling Information Security in all types of business.
  • The knowledge and skills to effectively audit your management system.
  • To conduct a risk assessment of the effectiveness and maturity of your management system.
  • The ability to conduct second party and third party audits of your supply chain.
  • State the requirements and scope ISO 27001.
  • Identify the documented management systems required to control Information Security.
  • Evaluate risk assessments for Information Security.
  • Effectively plan and undertake an audit.
  • Produce reports of their audits identifying non conformances against the standard.
  • Standardized training in the latest security software.
  • Become your organisation's best resource for security issues and decisions.
  • Increased company-wide awareness of the importance of best security practices.
  • Employees can and should be the "last line of defense."

Compliance

Security Brigade's ISO 27001 Lead Auditor Training can meet the requirements of many standards and guidelines in relation to information security. Our Training team has working knowledge of the following standards and attempt to exceedingly meet their requirements during the training program.

  • PCI
    The Payment Card Industry (PCI) Data Security Requirements were established in December 2004, and apply to all Members, merchants, and service providers that store, process or transmit cardholder data. As well as a requirement to comply with this standard, there is a requirement to independently prove verification.

  • ISACA
    ISACA was established in 1967 and has become a pace-setting global organisation for information governance, control, security and audit professionals. Its IS Auditing and IS Control standards are followed by practitioners worldwide and its research pinpoints professional issues challenging its constituents. CISA, the Certified Information Systems Auditor is ISACA's cornerstone certification. Since 1978, the CISA exam has measured excellence in the area of IS auditing, control and security and has grown to be globally recognized and adopted worldwide as a symbol of achievement.

  • CHECK
    The CESG IT Health Check scheme was instigated to ensure that sensitive government networks and those constituting the GSI (Government Secure Intranet) and CNI (Critical National Infrastructure) were secured and tested to a consistent high level. The methodology aims to identify known vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. In the absence of other standards, CHECK has become the de-facto standard for penetration testing in the UK. This is mainly on account of its rigorous certification process. Whilst good it only concentrates on infrastructure testing and not application. However, open source methodologies such as the following are providing viable and comprehensive alternatives, without UK Government association. It must also be noted that CHECK consultants are only required when the assessment is for HMG or related parties, and meets the requirements above. If you want a CHECK test you will need to surrender your penetration testing results to CESG.

  • BS7799
    BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. It was written by the United Kingdom Government's Department of Trade and Industry (DTI), and after several revisions, was eventually adopted by ISO as ISO/IEC 17799. ISO/IEC 17799 was most recently revised in June 2005 and was renamed to ISO/IEC 27002 in July 2007. The BS 7799-2 focused on how to implement an Information security management system (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance model), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005. BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.

  • HIPPA
    The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. Administrative Simplification (AS) provisions of HIPPA, require the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The AS provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the US health care system.

Copyright 2006 Security Brigade