The successful completion of this training course is one of the necessary requirements, for the recognition of a person as an Auditor / Lead Auditor of an Information Security Management System. The course is aimed at anyone that wants to become a Third Party Auditor for such systems as well at anyone that wishes to understand the process of this specific type of audit as performed by a Third Party Auditor. The course contains the basic principles of audits, the methodology and techniques of a third party audit, the analysis of the requirements of the standard (par 1-8 and Annex A) from an Auditor standpoint and a sample of a Risk assessment methodology. Furthermore, the requirements and constraints imposed by the standard governing Third Party Audits of Information Security Management System’s – ISO 27006 – are presented and analyzed.

Topics:

• Information security
• The importance of information security
• ISO 27001:2005
• Reviewing security threats and vulnerabilities
• Management of security risks
• Selecting security controls How to build an Information Security Management System (ISMS)
• ISO 27001 auditing techniques
• Managing and leading an ISO 27001 audit team
• Interview techniques
• Audit reporting
• Examination to prove competency

Book courses