This course aims to provide you with the opportunity to learn about the subject of internal auditing of information security management systems, specifically those based on the ISO 27001:2013 international standard. To train potential Internal Auditors in the principles and practices of ISMS auditing in a manner compatible with ISO 27001:2013 or equivalent standards in accordance with the guidance provided in ISO 19011:2018.
Course Overview
This two-day course provides the students the skills and knowledge to perform internal information security audits, within their organizations and to contribute to the continual improvement of the information security management system.
Students will be made aware of the current best practices in the field of information security audit of ISMS and will be encouraged to develop their audit skills through analysis and self-criticism.
Through various methods, including group tasks, brainstorming, role plays and simulations, reflection exercises and interactive participation by students, the course will enable the students to plan, conduct and report an internal audit of part of an information security management system in accordance with ISO 19011 standard. The tutor will provide theoretical inputs where needed and ...%%%
... emphasis will be on imparting applied knowledge in various situations, discussion of real-life examples and the students sharing their experiences with each other to enhance the learning experience. The course will also provide an opportunity to the students for self-assessment of their understanding of the Information Security audit process and techniques through progress tests.
Course Content
The course would cover topics such as:
- Purpose and structure of the ISO 27001 with reference to the PDCA cycle and the processes related to establishing, implementing, operating, monitoring, reviewing and continual improvement of ISMS with relevance to the internal auditors. How internal audit can be used as a tool to improve the security posture of an organization, will also be covered in the course.
- Key audit concepts such as audit related terms and definitions, referencing the ISO 19011 standard and the ISO 27001 standard, audit objectives, audit principles, audit planning and the phased approach of an audit cycle will be covered during the course. Students will also be imparted knowledge on the skills and requirements of an internal ISMS auditor in the areas of Information Risk Assessment, Security testing and Vulnerability Analysis. Audit checklists preparation, will also be covered in the course.
The course will impart practical knowledge of how to conduct an ISMS Audit by defining the audit purpose, objectives and criteria, outlining the audit scope, and the methods used to collect objective evidence. The course will also provide information on how to use audit checklists as an audit tool, conduct interviews, hold audit meetings as well as presentation of audit findings in the form of clear and concise audit reports. Students will also learn how to present their recommendations on the corrective and preventive actions, post the ISMS audit.
Course Objective
By the end of the course, the students will learn to describe with reference to the Plan, Do, Check, Act (PDCA) cycle, the purpose, structure and requirements of ISO 27001 from the point of view of an internal auditor.
Students will gain knowledge about the responsibilities of an internal auditor and how internal information security audit plays a role in the maintenance and improvement of information security management systems.
Students will also be able to acquire skills in the audit cycle of planning, conducting and reporting an internal information security audit as a part of a information security management system in accordance with ISO 19011 standard.
%%%Med mere end 70.000 certifikater udstedt på verdensplan, har DNV GL i årevis været den foretrukne certificeringspartner for mange internationale organisationer samt mindre og mellemstore virksomheder.
DNV GL's lokale tilstedeværelse, globale erfaring og anerkendte faglige kompetence på tværs af brancher bidrager til et godt samarbejde med vores kunder. Vi samarbejder med vores kunder for at hjælpe dem med at skabe værdi, og til at opfylde økonomiske, sociale og miljømæssige krav og udfordringer - uanset industri, branche eller størrelse på organisationen.
Gennem vores certificering, verificering, assessments og kursus ydelser, styrker vi vores kunders organisationer, produkter, medarbejdere, faciliteter og forsyningskæder.
Vores kerneområder er:
* Certificering af ledelsessystemer - Vi har udstedt mere end 70.000 certifikater.
* Supply Chain Management
* Produktcertificering - Sikre adgang til globale markeder og mere bæredygtige produkter.
* Verifikation
* Personcertificering- Sikre og skabe tillid til individuelle kompetencer.
* Uddannelse – Inden for kvalitet, miljø, arbejdsmiljø og audit
Vores mission er at beskytte liv, ejendom og miljø, da DNV GL gerne vil bidrage til en sikker og bærerdygtig fremtid.