ISO 27001 Training Services

Introduction

CIMA offers ISO 27001 Training Services to assist clients in the design, development, implementation and ongoing maintenance of an ISO 27001-based Information Security Management System. While many information security professional do come to the table with vast and diverse experience in the field of information security, the ISO standards mandate a business and strategic focus, in concert with technical supporting controls. In contrast, historically the information security industry and its product deverlopers have promoted professionals design security programs from a bottom up approach, focusing on threat vectors and neutralizing countermeasures. While this concept sounds logical, it lacks a direct focus relative to the unique needs of the business strategy. 

a diverse group of business professional around a conference table talking with a white board in the background

For this reason, many such professionals get into ISO 27001 implementations ill equiped to address the polarizing approach required by ISO, necessitating a top down approach. This means information security programs must first and foremost focus on the business strategy, by identifying ways and means in which the practice of information security is able to support the achievement of the strategy. With years of experience in the implemenation of ISO standards, CIMA helps clients understand how to implement an information security management system with strong strategic focus.

ISO 27001 Training Services

To help clients succeed in their ISO 27001 implementations, CIMA offers a variety of training in the following two key areas:

1. Professional Certification Training Delivery

a circle with a multi colored outter circle broken into three pieces

2. Awareness & Training Program Development and Delivery

a white cricle with an outter multi colored circle broken into six pieces

Professional Certification Training Delivery

CIMA has been helping consultancies and clients of all sizes and industries around the globe prepare for the development and rollout of organizational ISO 27001-based information security management systems through the delivery of certification training services since 2010. These services have been provided through open public seminars in major metropolitan areas, as well as in private onsite training for corporations and foreign federal governments.

Certified ISO 27001 Foundations Course

The ISO 27001 Foundations course is a one-day overview of the key areas and controls mandated under the ISO 27001 standard. The course is intended to provide a high-level understanding of an ISO 27001-based information security management system. The course affords particiapants with a familiarization level of the standard only.

Certified ISO 27001 Lead Implementer Course

Certified ISO 27001 Lead Auditor Course

The Certified ISO 27001 Lead Implementer course is a five-day information packed learning experience. It is designed to develop a level of competence to support the design, development, roll-out and maintenance of an organizational Information Security Management System based on the ISO 27001 standard. During this course, student will participate in a series of practical exercises leading to a capstone practical exam in the form of a presentation to a panel of distinguished local business and technology executives.

Designed to develop a well-rounded understanding of the standard's expectations, we draw upon best practices from ISO 27001, 27002, 27003, 27004, 27005, 27017, 27034, 27035, 55000 among others. This approach enables students to understand the requirements for the design, development, implementation and ongoing maintenance of an ISO 27001-based information security management system at an in-depth functional level, as well as the expectations of ISO certification auditors.

The Certified ISO 27001 Lead Auditor is a five-day information packed learning experience designed to develop a level of competence to support the internal and external auditing of an organizational Information Security Management System (ISMS) based on ISO 27001, as well as additionally control mandated by way of the Legal & Regulatory review required by the standard. Drawing upon best practices from ISO 27001 and ISO 19011, students will learn the fundamental requirements to build internal compliance and audit programs and perform a certification audit.

Designed to develop a well rounded understanding of the standard’s expectations, we draw upon best practices from supplementary guidance offered by ISO using ISO 17021, ISO 27024, ISO 27002, ISO 27006, ISO 27007, ISO 27008, and more. This approach enables students to understand the requirements for the design, development, implementation and ongoing maintenance of an ISO 27001-based Internal Audit Program, as well as the certification audit process.

In 2022, CIMA launched internal projects to create new certification training courses on topical issues to its training services portfolio, which will include certification course on developing programs mandated by the ISO 27001 standard, such as Risk Management, Security Metrics, Awareness and Training, and more, as part of our new Mastery Series Certification Program.

Awareness and Training Program Development and Delivery

Key Personnel and Focused Areas

It has been said many times that while an organization can invest a lot of time and resources to securing technology, humans can remain one of the weakest links in the chain. As a result, best practices and the ISO 27001 standard mandates that organizations establish and maintain an effective Information Security Awareness and Training Program. Key audiences and topics for this program include, but are not limited to:

  • Board and Executive Leaders
  • Business Leaders
  • Technology Managers
  • General Employees
  • Technology professional
  • Process and Procedural areas

Sample Solutions

Awareness and Training Program elements vary from one customer to the next, based on their own unique needs. These needs are derived from performing an Awareness and Training Needs Analysis. Examples of program elements are:

  • professional certification training
  • general employee information security training
  • technical information security training
  • posters
  • screen savers
  • leadership voice and e-mail communications on the importance of information security
  • and more
>