INFORMATION SECURITY AUDITING

Information Security Auditing

Delivery: classroom, hands on, workshop // Duration: 2 days

This course gives participants an in-depth understanding of the fundamentals for auditing an information security management systems based on ISO 27001 standards.

Learning Objectives

By the end of this course, participants will be able to:

Understand the challenges of auditing an information security management system based on ISO 27001 standards
Implement an auditing program for ISMS
Conduct ISMS audits

Course Content

The guide for the audit of management systems: ISO 19011
The ISMS audit process
Roles and responsibilities
Selection and assessment of auditors
Planning and implementation of an audit program
Conducting a single audit (preparation, on-site, documentation, audit report, follow-up)
Audit methods
The on-site audit session
- Conversation methods
- Escalation procedures
Assessment of findings: conformity, effectiveness and efficiency
Simulation of audit sessions
- Auditing the documentation
- Conducting on-site audits (participants are once auditors, once employees of the audited organization)
- Preparation of an audit report
Tips and tricks from the practice
Mutual exchange of experience

Target Audience

Persons in charge of

Information Security Management
Information Security Risk Management
Information Security Audits
IT Security
IT Security Risk Management
Information Security Audits
(Internal) Audits
Compliance

Pre-requisite for Course Registration

Recommendation: Completed ISH Information Security Management course with certification

ISH ISMS Specialist ISH ISMS Specialist Diploma
Participants should have good knowledge about information security and/or IT security and a minimum of two years’ experience in the field of information security and/or IT security

Certification: ISH ISMS Auditor Diploma

The ISH ISMS Auditor Diploma provides participants with a broad and detailed understanding of auditing an information security management system based on the international set of standards ISO 27001.

FAQs

How to get to the ISH Campus?

Address: Südallee 1 85326 Munich, Germany
Phone: +49 (0)89 975 32275

By car - from the A92 / Munich

Leaving the motorway A92 you will find yourself at the "Zentralallee". When reaching the first bridge, turn right and leave the "Zentralallee" following the sign with direction "Fracht/Cargo/Wartungsallee/Südallee/FOC". Continue to follow the street until the end - for approx. 1,5 km - and turn left. On your right you will reach the “Luftpostleitstelle” where the ISH is located.

By S-Bahn / airplane

Take the S-Bahn line S8 or S1 and drive to the “Besucherpark”. Exit the S-Bahn station towards the Flight Operations Center (FOC / Lufthansa) and at the bottom of the stairs, turn left and follow the road for approx. 1,5 km, leaving the "Frachtgebäude/Cargo" at your right hand side. At its end turn left and you will reach the "Luftpostleitstelle" where the ISH is located.

Are events and trainings in English or in German?

Since we want to provide the best trainings and events for “Securing the Global future” we offer our programs in both English and German. You can tell which language the training or event is in by which flag icon is listed next to the title. A British flag for English or the German flag for Deutsch.

How can I book an open class or company training?

For our "CDC Handling" open class trainings please register via our online registration form. If you plan a company training please arrange a date with our training department, as we offer these trainings on demand.

Which hotels are in the area?

While there is a wide range of hotels around the airport we personally have stayed at both the Hilton and Novotel hotel, and find them to be very nice and comfortable.

Hilton Munich Airport

Address: Terminalstraße Mitte 20, 85356 München-Flughafen
Phone: +49 (0)89 97820

Hotel Novotel

Address: Nordallee 29, 85356 München Phone: +49 (0)89 9705130

Registration

This company training is on demand. Please contact our training department to arrange a date.

For questions or help:

If you need help, a quote or have any  questions, please reach out to us by  email to: ish@munich-airport.de.

Event presented in English and German

Prices

1800,- € plus. 19% VAT.

Price includes event attendance, food and drinks during the event.

Trainer details

Holger Berndt & Andreas Schnitzer

As a licensed ISO27001 Lead Auditor, Holger Berndt advises and audits large companies in various industries in the areas of information security, criteria and IT services. He is CISM certified and has experience in managing APT remediation programs. The many years of experience in Data Center security supplemented by certification as ITIL Service Manager, TOGAF Enterprise Architect and Prince2 Project Manager. In addition to his consulting focus, he imparts his knowledge in training courses. After completing his degree in electrical engineering, he worked for financial service providers specializing in payment processing. In addition to professional positions in consulting, he worked for Lufthansa System for many years. As Head of Network Operation Center and Director Microsoft Platform Competence Center, he provided Data Center services in highly secure environments for customers in the aviation environment, as well as various other industries. Since 2015 he has working as a freelance IT management consultant and advises clients in the enterprise environment on information security and IT outsourcing.

Since the beginning of HvS-Consulting, Andreas Schnitzer has been active in consulting for all aspects of information security management systems according to ISO 27001. He also supports HvS customers in security awareness and social engineering projects. He conducts certification audits for the standards ISO 27001, ISO 27019 / IT Security Catalogue EnWG, ISO 22301 and ISO 9001 for TÜV NORD as lead auditor and is listed at the German Federal Office for Information Security (BSI) as auditor for § 8a (3) BSIG. In addition, he imparts his knowledge about information security as a speaker at events, as a trainer in courses and as the author of specialist articles. Andreas Schnitzer worked parallel to his studies since the beginning of the 90s as a freelance consultant for internet-based solutions and as a trainer for various IT applications. After completing his studies, he joined a nationwide IT system house as a board assistant. Shortly afterwards, he was entrusted with setting up and managing the Corporate Communications department. In the following years, he also held this function at a newly founded Application Service Provider, whose German market entry he was significantly responsible for as Head of Marketing and Communication. After successfully completing this task, he moved to a European-wide agency for communication in the technology sector as head of a subsidiary before returning to IT with HvS-Consulting AG and focusing on information security.

Venue

Information Security Hub (ISH)
Südallee 1, 85356 München-Flughafen

Host

Information Security Hub (ISH)
ISH Event Hall
Südallee 1, 85356 München-Flughafen