Information Security
- Training calendar
- Details
- To Understand the implementation of an Information Security Management System in accordance with ISO27001
- To Understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
- To Know the concepts, approaches, standards, methods and techniques allowing to effectively manage an Information Security Management System
- To Acquire the necessary Knowledge to contribute in implementing an Information Security Management System (ISMS) as specified in ISO 27001
None
- Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001
- Introduction to the ISO 27000 family of standards
- Introduction to management systems and the process approach
- Fundamental principles information security
- General requirements: presentation of the clauses 4 to 8 of ISO 27001
- Implementation phases of ISO 27001 framework
- Continual improvement of Information Security
- Conducting an ISO 27001 certification audit
- Implementing controls in information security according to ISO 27002 and Certification Exam
- Principles and design of information security controls
- Documentation of an information security control environment
- Monitoring and reviewing the information security controls
- Examples of implementation of information security controls based on ISO 27002 best practices
- Certified ISO/IEC 27001 Foundation exam
- To acquire the expertise to perform an ISO 27001 internal audit following ISO 19011 guidelines
- To acquire the expertise to perform an ISO 27001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006
- To acquire the necessary expertise to manage an ISMS audit team
- To understand the operation of an ISO 27001 conformant information security management system
- To understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
- To improve the ability to analyze the internal and external environment of an organization, its risk assessment and audit decision-making
ISO 27001 Foundation Certification or basic knowledge of ISO 27001 is recommended
- Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001
- Normative, regulatory and legal framework related to information security
- Fundamental principles of information security
- ISO 27001 certification process
- Information Security Management System (ISMS)
- Detailed presentation of the clauses 4 to 8 of ISO27001
- Planning and Initiating an ISO 27001 audit
- Fundamental audit concepts and principles
- Audit approach based on evidence and on risk
- Preparation of an ISO 27001 certification audit
- ISMS documentation audit
- Conducting an opening meeting
- Conducting an ISO 27001 audit
- Communication during the audit
- Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
- Audit test plans
- Formulation of audit findings
- Documentating nonconformities
- Concluding and ensuring the follow-up of an ISO 27001 audit
- Audit documentation
- Quality review
- Conducting a closing meeting and conclusion of an ISO 27001 audit
- Evaluation of corrective action plans
- ISO 27001 Surveillance audit
- Internal audit management program
- Certification Exam
- To Understand the implementation of an Information Security Management System in accordance with ISO 27001
- To Gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an Information Security Management System
- To Understand the relationship between the components of an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
- To Acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO 27001
- To Acquire the necessary expertise to manage a team implementing ISO 27001
- To Develop the knowledge and skills required to advise organizations on best practices in the management of information security
- To Improve the capacity for analysis and decision making in the context of information security management
ISO 27001 Foundation Certification or a basic knowledge of ISO 27001 is recommended
- Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; Initiating an ISMS
- Introduction to management systems and the process approach
- Presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
- Fundamental principles of Information Security
- Preliminary analysis and establishment of the level of the maturity level of an existing information security management system based on ISO 21827
- Writing a business case and a project plan for the implementation of an ISMS
- Planning the implementation of an ISMS based on ISO 27001
- Defining the scope of an ISMS
- Development of an ISMS and information security policies
- Selection of the approach and methodology for risk assessment
- Risk management: identification, analysis and treatment of risk (drawing on guidance from ISO 27005)
- Implementing an ISMS based on ISO 27001
- Implementation of a document management framework
- Design of controls and writing procedures
- Implementation of controls
- Development of a training & awareness program and communicating about the information security
- Incident management (based on guidance from ISO 27035)
- Operations management of an ISMS
- Controlling, monitoring,measuring and improving an ISMS; certification audit of the ISMS
- Controlling and Monitoring the ISMS
- Development of metrics, performance indicators and dashboards in accordance with ISO 27004
- ISO 27001 internal Audit
- Management review of an ISMS
- Implementation of a continual improvement program
- Preparing for an ISO 27001 certification audit
- Certification Exam
- To understand the implementation of an ISMS
- To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS
- To acquire the necessary expertise to support an organization implementing, managing and maintaining an ISMS
- To acquire the necessary expertise to manage a team implementing ISO 27002
- Managers or consultants wanting to implement an Information Security Management System (ISMS)
- Project managers or consultants wanting to master the Information Security Management System implementation process
- Persons responsible for the information security or conformity in an organization
- Members of information security teams
- Expert advisors in information technology
- Technical experts wanting to prepare for an Information Security Audit function
None.
- Introduction to Information Security Management System (ISMS) concepts as required by ISO 27002
- Understand and explain the operations of the ISO organization and the development of information security standards
- Ability to identify, analyze and evaluate the information security compliance requirements for an organization
- Ability to explain and illustrate the main concepts in information security and information security risk management
- Ability to distinguish and explain the difference between information asset, data and record
- Understand, interpret and illustrate the relationship between the concepts of asset, vulnerability, threat, impact and controls
- Security controls identification, assessment, evaluation and analyses according to ISO 27002 and Certification Exam
- Ability to identify, understand, classify and explain the clauses, security categories and controls of ISO 27002
- Ability to detail and illustrate the security controls best practices by concrete examples
- Ability to compare possible solutions to a real security issue of an organization and identify/analyze the strength and weakness of each solution
- Ability to select and demonstrate the best security controls in order to address information security control objectives stated by the organization
- Ability to create and justify a detailed action plan to implement a security control by listing the activities related
- Ability to analyze, evaluate and validate action plans to implement a specific control
- To understand the concepts, approaches, methods, tools and techniques allowing an effective information security incident management according to ISO 27035
- To understand, interpret and provide guidance on how to implement and manage incident management processes based on best practices of ISO 27035 and other relevant standards
- To acquire the competence to implement, maintain and manage an ongoing information security incident management program according to ISO 27035
- To acquire the competence to effectively advise organizations on the best practices in information security Management
- Incident managers
- Business Process Owners
- Information Security Risk Managers
- Regulatory Compliance Managers
- Members of Incident Response Team
- Persons responsible for information security or conformity within an organization
- Business Continuity Managers
- Security and Business Process consultants
A basic knowledge of Information Security Incident Management is recommended
- Introduction, incident management framework according to ISO 27035
- Section 2 Information security incident management
- ISO 27035 core processes
- Fundamental principles of information security
- Linkage to business continuity
- Legal and ethical issues
- Planning the implementation of an Organizational Incident Management Process based on ISO 27035
- Initiating a Security Incident Management Process
- Understanding the organization and clarifying the objectives
- Plan and prepare
- Roles and functions
- Policies and procedures
- Implementing an Incident Management Process
- Communication planning
- First implementation steps
- Implementation support items
- Implementing Detecting and Reporting
- Implementing Assessment and Decision
- Implementing Responses
- Implementing Lessons Learned
- Transition to Operations
- Monitoring, measuring and improving an Incident Management Process
- Further Analysis
- Analysis of Lessons Learned
- Corrective actions
- Competence and evaluation of incident managers
- Certification Exam
- PCI-DSS, le standard de sécurité imposé par l'industrie de la carte de payement : d'où vient ce standard ? Qui doit s'y conformer ? Comment s'y conformer ? La formation "Déploiement de la norme PCI-DSS" répond en deux daynées à vos questions, vous explique les principales contraintes du standard et vous propose des pistes efficaces pour établir votre plan de mise en conformité. Quiconque gère, stocke ou transmet des informations venant des cartes de crédit saura à l'issue de la formation quelles mesures de sécurité il doit prendre pour pouvoir continuer à le faire.
- Manager.
- Professionnel IT.
- RSSI.
- Utilisateur.
- Personne appelée à manipuler des n° de cartes bancaires, qu'il soit commerçant, fournisseur de services ou émetteur, ainsi que plus généralement à tous ceux qui gèrent, stockent ou transmettent des informations issues des cartes bancaires, banques, auditeurs financiers.
Connaissance générale en sécurité des systèmes d’information.
- L'implémentation des exigences Réseaux et Télécoms
- Le cloisonnement réseau.
- L'administration des équipements réseaux et télécoms.
- La mise en place des standards de configuration.
- Les exigences relatives au déploiement Wifi.
- Les exigences relatives à la sécurisation des firewalls.
- Les exigences liées à la transmission des données de porteurs de cartes.
- La manipulation des données de porteurs de cartes
- Les règles de gestion imposées par la norme PCI-DSS.
- Le chiffrement de stockage des données de porteurs de cartes.
- Les traitements sécurisés liés aux données de porteurs de cartes.
- La gestion des archives et des logs.
- L'implémentation des exigences Système
- Les fonctions principales.
- La virtualisation.
- Contrôle d'intégrité des fichiers système.
- La gestion des vulnérabilités.
- Les patchs de sécurité.
- L'implémentation des solutions de sécurité
- La solution antivirale.
- L'IPS et les firewalls.
- La gestion des logs de sécurité.
- Le contrôle d'intégrité.
- La synchronisation des horloges.
- La gestion des vulnérabilités et des patchs.
- La formalisation
- La politique de sécurité.
- La charte de sécurité.
- Procédures opérationnelles de sécurité.
- Standards et guides de sécurité.
- La dimension humaine
- La compagne de sensibilisation.
- La formation des acteurs projets.
- La gestion de changement.
- L'amélioration continue.