Get a Call ( Fill the form )

Newletter Subscriber

ISO/IEC 27000

The ISO/IEC 27000 series of standards provides best practice guidelines for information security management,risks, and controls within the context of an overall Information Security Management System. These best practices are not covered within ITIL.

This comprehensive two-day certification course teaches you how to structure and organize information security within your organization. Overall, you’ll learn the organizational and managerial principles required to define, implement, maintain, comply with and evaluate a logical set of proven measures to safeguard your information’s availability, integrity, and confidentiality. One big reason to look beyond the IT Infrastructure Library (ITIL®) in today’s business climate is the growing recognition of the business exposure and risk related to information security.

That’s because globalization is leading to a steady exchange of information between an organization’s employees, customers and suppliers. In turn, this leads to growing use of networks, connections of networks and the internet. These activities rely heavily on IT, making information one of an organization’s most valuable assets. Protection of this information is critical to the continuity and efficiency of both IT and the organization. That’s why there is an international standard for information security – The Code of Practice for Information Security ISO/IEC 27002:2005.

The standard explains the purpose of an Information Security Management System (ISMS), a management system similar to those recommended by other ISO standards such as ISO 9000 and ISO 14000, used to manage information security risks and controls within an organization. Bringing information security deliberately under overt management control is a central principle throughout the ISO/IEC 27000 standards.

The standard explains the purpose of an Information Security Management System (ISMS), a management system similar to those recommended by other ISO standards such as ISO 9000 and ISO 14000, used to manage information security risks and controls within an organization. Bringing information security deliberately under overt management control is a central principle throughout the ISO/IEC 27000 standards.

  • Create awareness and motivate people to work on Information Security
  • Learn how to deal with security issues on mobile computing, cloud computing, etc.
  • You will learn how to work according to the ISO/IEC 27000 standard set
  • You will learn how to Implement a total security policy, also focusing on people aside from tools and processes (expert level)

Participants are normally those who need to know what ISO 27001 is all about as well as those who will be taking a strategic role in the implementation of information security management for their organisation. This includes; Senior Managers, Finance and IT Directors, Internal AuditorsQMS.


  • Introduction to ISO 27001
  • What is ISO (History and Journey)
  • ISO 27001 Journey
  • Deming’s PDCA Cycle
  • ISO 27001 Standard walkthrough
  • Implementation & Adequacy Audit

Risk Management System

  • Concept of C, I, A
  • Concept of Risk, Threat & Vulnerability
  • Risk Identification
  • Risk Assessment
  • Risk Quantification
  • Risk Treatment plan
  • Overall risk register building

11 Domains of Information Security Management System


Statement of Applicability (SOA)


Mandatory documented procedures

  • Control of Records
  • Control of Documents
  • Internal Audit
  • Corrective Action
  • Preventive Action
  • Control of Non Conforming Products
  • Mandatory Documented records
  • Understanding Annexure A (Clause A.5 to A15)
  • Salient Features of a good ISMS
  • Ensuring process maturity
  • Non Conformance writing
  • Sample of an audit report and action taken
  • ISO 27001 best practices

Risk Mitigation

  • Control Frameworks, Strategies & Objectives
  • Balancing Costs & Benefits
  • Total Cost Approach
  • Ensuring that mitigation of one Risk doesn’t increase others

Risk Appetite

  • Scoring Likelihood & Impact
  • Risk Thresholds
  • Key Risk Indicators

Risk Management Tools

  • Risk Information Management
  • Risk Registers
  • Dynamic Risk Dashboards
  • Integrated & Automated Risk Solutions
  • SABSA’s Risk Management Solution

Measuring Success of A Risk Management Programme

  • Risk Management Maturity Profiles
  • Applying Capability Maturity Models to Risk

This course prepares participants for the examination leading to the certificate Information Security Foundation based on ISO/IEC 27002. The 60-minute closed book exam occurs at the end of the course. It consists of 40 multiple choice questions. A passing mark of 65% is required to receive your certificate.

You will attain 7 professional development units (PDUs ) for Project Managers

Training Methodology

Practical exercises and team assignments will be used to meet the learning objectives during the delivery of this accredited course. We will make use of exercises to enhance the reinforcement of the learning objectives in the syllabus.

When Time flexibility is a Constraint due to schedules , Multisoft systems provides learners with a unique training experience by giving then On Demand tailor-made Courses.

Click here to know more about training schedule.

For more information on importance of ISO/IEC 27000,Click here