| Business Problem |
Information Security is now a business problem. Gone are
the days when Information security responsibility was entrusted
with elite IT staff who would list out a series of IT solutions
to display security strength. With increasing number of
legislations and contractual obligations to demonstrate
information protection, organisation heads are increasingly
being made responsible for demonstrating continuous compliance
to Information protection.
Organisations ensure this by a combination of practices
such as Internal Audits.
|
| |
| |
| Workshop Objective |
|
To provide multiple approaches by which
any internal team can conduct audits against the best practices
of Information Security management system (ISMS)
|
| |
| Workshop Methodology |
|
The training workshop combines lecture sessions and hands-on
group exercises.
|
|
| Coverage |
The workshop brings in the global practices on ISO 27001 (previously BS7799)/ISO
17799 and Coral experiences on auditing and implementing
these practices within organisations. The areas of coverage
shall include:
-
Audit Definitions
-
Management of Internal Audits
-
Understanding Information Security
-
Understanding Risk Assessment & Management
-
Measuring Policy Implementation
-
Security Metrics
-
Audit Reporting
|
| Who Should Attend? |
|
The course is aimed at those who are responsible
to assess effective Information Security Management System,
and therefore may include Risk Managers, Business Continuity
Managers, Security Managers, IT Heads (CIO, CTO), Internal
Audit Staff, and just everybody entrusted with conducting
Internal Audits towards Information protection.
|
| |
|
