Information Security Auditing
Delivery: classroom, hands on, workshop // Duration: 2 days
This course gives participants an in-depth understanding of the fundamentals for auditing an information security management systems based on ISO 27001 standards.
Learning Objectives
By the end of this course, participants will be able to:
-
Understand the challenges of auditing an information security management system based on ISO 27001 standards
-
Implement an auditing program for ISMS
-
Conduct ISMS audits
Course Content
-
The guide for the audit of management systems: ISO 19011
-
The ISMS audit process
-
Roles and responsibilities
-
Selection and assessment of auditors
-
Planning and implementation of an audit program
-
Conducting a single audit (preparation, on-site, documentation, audit report, follow-up)
-
Audit methods
-
The on-site audit session
-
Conversation methods
-
Escalation procedures
-
-
Assessment of findings: conformity, effectiveness and efficiency
-
Simulation of audit sessions
-
Auditing the documentation
-
Conducting on-site audits (participants are once auditors, once employees of the audited organization)
-
Preparation of an audit report
-
-
Tips and tricks from the practice
-
Mutual exchange of experience
Target Audience
Persons in charge of
-
Information Security Management
-
Information Security Risk Management
-
Information Security Audits
-
IT Security
-
IT Security Risk Management
-
Information Security Audits
-
(Internal) Audits
-
Compliance
Pre-requisite for Course Registration
-
Recommendation: Completed ISH Information Security Management course with certification
ISH ISMS Specialist ISH ISMS Specialist Diploma
-
Participants should have good knowledge about information security and/or IT security and a minimum of two years’ experience in the field of information security and/or IT security
Certification: ISH ISMS Auditor Diploma
The ISH ISMS Auditor Diploma provides participants with a broad and detailed understanding of auditing an information security management system based on the international set of standards ISO 27001.