Understanding ISO 27001:2005


Overview

The purpose of computer security is to protect an organization’s valuable resources, such as information, hardware, and software.  This course is designed to provide participants with a fundamental understanding of the internationally recognized ISO 27001:2005 Information technology — Security techniques — Information security management systems — Overview and vocabulary. The elements of the standard are covered in detail, with special emphasis on the various ways that manufacturing or service organizations can meet the requirements.

Approach

Taught as a traditional classroom seminar, this two day course provides participants an opportunity to learn through the examination of real-life case studies, breakout sessions and classroom discussions.

Participants will:

  • Understand the computer security standards
  • Understand how the standards are applicable to their organization
  • Know the benefits & costs of registration
  • Become familiar with alternative approaches to registration
  • Know how to create the required documentation
  • Understand the concepts of how to maintain the registration
  • Be ready to implement ISO 27001

What You Will Learn

Fundamentals of ISO 27001:

  • Definition of Security
  • Security Management System Standard
  • Why ISO 27001?
  • When to pursue ISO 27001?
  • Benefits—tangible and intangible
  • How ISO 27001 integrates with your overall company improvement program
  • Typical costs
    • Initial registration
    • On-going maintenance
  • History of ISO 27001
  • Applicable standards & guidelines
  • The registration process
  • Internal and external audits
  • How to achieve registration
    • Creating the overall project plan
    • Project timeline
    • Differing approaches to registration
    • Rapid vs. slow approach
    • Developing documentation
    • Implementing the requirements
    • Conducting audits
  • Using a consultant
    • Typical consultant approaches
    • Selecting the consultant that’s best for you
    • Measuring consultant performance
  • Review of the elements of ISO 27001
  • Examples of ISO 27001 documentation
  • Post-registration marketing strategies
  • Obstacles to ISO 27001 registration
    • Strategies for overcoming obstacles

Training Outcomes

This course is primarily targeted at people who have computer security responsibilities. Other people who may consider attending include management personnel and/or owners of companies that are interested in ISO 27001.

Training Overview

Our Courses

Manufacturing Control Systems

Quality & Environmental Systems

Strategy & Execution

Improvement Tool Kit

Presentation & Leadership Skills

Full Course List


WHAT PEOPLE ARE SAYING

SatiStar's Experience Makes The Difference!

  • . . . worked extremely well with the departmental and site managers . . . goal oriented and met the objectives set within the quoted budget and ensured the results were attained for the Company.

  • The guys from SatiStar did more in one week than we were able to do in 6 months.

  • Achieving ISO registration was far less onerous than we thought, our employees really rallied to the cause. The registration effort really brought us closer together as a team, and SatiStar really came through for us when we needed them.

  • We started this process a year ago with Mickey helping us create a spaghetti map of our processes on the whiteboard, and then his team guided us through their streamlining methodology and got us to where we are today. Our processes now look nothing like the spaghetti map – and we’re much more efficient today

  • This projected cycle time reduction of over 80% annual cost savings amounting to over 3% of sales, one-time savings of roughly $10 million, and working capital reduction of roughly $30 million really have us excited!

  • An outstanding success with Motorola’s vendor audit! What made this an exceptional achievement is that it typically takes 4 to 5 attempts to pass this audit. SatiStar’s expertise made it easy to avoid all the extra attempts.