Online Information Security Masterclass based on ISO 27001 and ISO 27002

}

Duration

2 Days

Where

Online via Microsoft Teams

Cost

R 14 500 Excl. Vat & includes 2 x Delegates

Are you looking to gain knowledge of Information Security based on an International Information Security Standard ISO 27001 and ISO 27002? And learn how they map to Cyber Security and IT Security controls, i.e. People, Process and Technology, then look no further as this is the fast-track Masterclass for you.

Benefits

Z

Enables your organisation to protect its data, privacy and reputation most efficiently.

Z

By implementing the required controls aligned to the recommendations, organisations protect themselves from the Evolving, Sophisticated Cyber Attacks.

Z

Learning ISO 27001 and its relationship to ISO 27002 and other Frameworks, Standards and Laws, i.e. COBIT 2019, NIST, GDPR, POPIA, etc.

Z

Interpret the Information Security Practical Requirements from ISO 27001 and the recommendations from ISO 27002.

Z

Align Technology Controls to ISO 27001 requirements and 27002 recommendations.

Z

You will learn how to conduct an Information Security Self-Assessment.

Z

You will learn how to remediate if you think there is a Gap in your implementation.

Z

You will learn how to become ISO 27001 certified.

Z

Information Security Management System Tools.

The AVeS Team has been instrumental in the review and update of our ICT policies and procedures. Their combination of skills and experience makes the partnership with AVeS Cyber Security a good one for the IT department at Palabora

Wendy M.

IS&T Manager, Palabora Mining Company

Presenters

Charl Ueckermann

Charl Ueckermann

Chief Executive Officer

LinkedIn link

More about Charl

Charl Ueckermann currently serves as Chief Executive Officer at AVeS Cyber Security and assists organisations with strategic IT solutions. He has more than 25 years’ in-depth experience in the IT industry, specialising in banking, government, automotive, manufacturing & telecom industry verticals. Charl has a proven track record in IT and business strategy in the SMB and Enterprise markets.
Charl has a background in numerous technical, theoretical, and other business areas in the IT industry and is committed to adding value and exceeding expectations through creative idea generation, collaborative problem solving, and disciplined decision-making. His goal is to build a world-class team who can solve problems using technology, people and processes.

Cecil Munsamy

Managing Director

LinkedIn link

More about Cecil

Cecil Munsamy has 30 years’ experience in the IT industry, ranging from Application Development and Infrastructure, IT Management at CIO level, together with Governance, Risk and Compliance.

Besides being the Managing Director of AVeS Cyber Security, Cecil heads up a highly-experienced team of experts specialising in assessments, roadmap preparation, remediation, implementation, audits, monitoring and incident management.

Munsamy has a strong business-focus and resource-management capability, with a key emphasis on attitude, ethics and values. He holds a Higher Diploma in Computer Systems, and attended the ISO/IEC 27001 Implementers Course in 2009 and the ISO/IEC 27001 Lead Auditor Training Course in 2011 in Germany, attaining full certification in both.

In 2014, he was recertified by the Professional Evaluation and Certification Board (PECB) as a Certified ISO/IEC 27001 Lead Auditor, as well as a Trainer in the ISO/IEC 27001 standard. Munsamy also has multiple IT Security Product certifications. He is also a member of the Institute of Directors’ South Africa (IODSA) and the Information Systems Audit and Control Association (ISACA), the professional body for IT governance.

Eric Hackett

CIO Advisor

LinkedIn link

More about Eric

Eric’s career has always revolved around delivering business value from information and technology systems. He has had to stabilise environments, implement standards, controls and procedures, and change the mindset of staff from an internal focus to one of service delivery. His experience across four decades covers multiple industries, such as retail, services, public sector and ICT. Eric has managed departments of up to 120 staff, in various locations, and has been in charge of up to 9-digit annual budgets.

Eric has worked on both sides of the industry, either as customers’ executives or suppliers’ team leaders. In a more recent career move, he became instrumental in maintaining an exceptionally tight budget as IT Exec: Services, while increasing service delivery standards to the end-users.

Eric was also a member of the original team who compiled the SAANA-EDI standards in 1990 and Chairman of the Consumer Credit Association in 1997. He is now an accredited COBIT-5 Implementor and Assessor, ISO 27001 Practitioner, and a CIO Advisor at AVeS Cyber Security.

Charl Ueckermann

Charl Ueckermann

Chief Executive Officer

LinkedIn link

More about Charl

Charl Ueckermann currently serves as Chief Executive Officer at AVeS Cyber Security and assists organisations with strategic IT solutions. He has more than 25 years’ in-depth experience in the IT industry, specialising in banking, government, automotive, manufacturing & telecom industry verticals. Charl has a proven track record in IT and business strategy in the SMB and Enterprise markets.
Charl has a background in numerous technical, theoretical, and other business areas in the IT industry and is committed to adding value and exceeding expectations through creative idea generation, collaborative problem solving, and disciplined decision-making. His goal is to build a world-class team who can solve problems using technology, people and processes.

Cecil Munsamy

Managing Director

LinkedIn link

More about Cecil

Cecil Munsamy has 30 years’ experience in the IT industry, ranging from Application Development and Infrastructure, IT Management at CIO level, together with Governance, Risk and Compliance.

Besides being the Managing Director of AVeS Cyber Security, Cecil heads up a highly-experienced team of experts specialising in assessments, roadmap preparation, remediation, implementation, audits, monitoring and incident management.

Munsamy has a strong business-focus and resource-management capability, with a key emphasis on attitude, ethics and values. He holds a Higher Diploma in Computer Systems, and attended the ISO/IEC 27001 Implementers Course in 2009 and the ISO/IEC 27001 Lead Auditor Training Course in 2011 in Germany, attaining full certification in both.

In 2014, he was recertified by the Professional Evaluation and Certification Board (PECB) as a Certified ISO/IEC 27001 Lead Auditor, as well as a Trainer in the ISO/IEC 27001 standard. Munsamy also has multiple IT Security Product certifications. He is also a member of the Institute of Directors’ South Africa (IODSA) and the Information Systems Audit and Control Association (ISACA), the professional body for IT governance.

Eric Hackett

CIO Advisor

LinkedIn link

More about Eric

Eric’s career has always revolved around delivering business value from information and technology systems. He has had to stabilise environments, implement standards, controls and procedures, and change the mindset of staff from an internal focus to one of service delivery. His experience across four decades covers multiple industries, such as retail, services, public sector and ICT. Eric has managed departments of up to 120 staff, in various locations, and has been in charge of up to 9-digit annual budgets.

Eric has worked on both sides of the industry, either as customers’ executives or suppliers’ team leaders. In a more recent career move, he became instrumental in maintaining an exceptionally tight budget as IT Exec: Services, while increasing service delivery standards to the end-users.

Eric was also a member of the original team who compiled the SAANA-EDI standards in 1990 and Chairman of the Consumer Credit Association in 1997. He is now an accredited COBIT-5 Implementor and Assessor, ISO 27001 Practitioner, and a CIO Advisor at AVeS Cyber Security.

Cost

R 14 500 Excl. Vat & includes 2 x Delegates

Ticket costs include conference attendance, official copies of the ISO 27001 and ISO 27002 standards, and certificate of attendance.

What you will learn

The Masterclass will help you understand Enterprise Information Security based on ISO 27001 and ISO 27002. It will enable you to implement and support Information Security controls to mitigate Information Security Risks and avoid threats, vulnerabilities and possible negative impacts to your organisation. This includes but is not limited to protecting your organisation’s sensitive data.

The online Masterclass will provide an overview of the history, structure and how ISO 27001 and ISO 27002 complements each other to provide you with an Information Security Management System (ISMS). If you plan to Implement ISO 27001, it will provide you with adequate knowledge and information on the Process. During the Masterclass, you will be allowed to compare your own organisation’s implementation to the recommendations.

We will walk through the 114 controls (Approximately 10 minutes on each control) contained in the 14 Clauses of the ISO 27001 Standard individually, showing you the link to ISO 27002. On completion, you will know the 14 Clauses, 35 Control Objectives and the 114 controls. You will, at this point, know which of these Controls apply to your organisation and what you should focus on if there is a Gap compared to the recommendations.

Schedule
Control No. Topic ISO 27001 ISO 27002 Page No
1-10 Overview of Information Security based on ISO 27001 and ISO 27002 5-14
A.5 Information security policies
A.5.1 Management direction for information security
A.5.1.1 Policies for information security Annex A 11-12
A.5.1.2 Review of the policies for information security 12
A.6 Organization of information security
A.6.1 Internal organization
A.6.1.1 Information security roles and responsibilities 12
A.6.1.2 Segregation of duties 13
A.6.1.3 Contact with authorities 13
A.6.1.4 Contact with special interest groups 14
A.6.1.5 Information security in project management 14
A.6.2 Mobile devices and teleworking
A.6.2.1 Mobile device policy 14
A.6.2.2 Teleworking 15
A.7 Human resource security
A.7.1 Prior to employment
A.7.1.1 Screening 17
A.7.1.2 Terms and conditions of employment 17
A.7.2 During employment
A.7.2.1 Management responsibilities 18
A.7.2.2 Information security awareness, education and training 19
A.7.2.3 Disciplinary process 20
A.7.2 During employment
A.7.3.1 Termination or change of employment responsibilities 20
A.8 Asset management
A.8.1 Responsibility for assets
A.8.1.1 Inventory of assets 21
A.8.1.2 Ownership of assets 21
A.8.1.3 Acceptable use of assets 22
A.8.1.4 Return of Assets 22
A.8.2 Information classification
A.8.2.1 Classification of information 23
A.8.2.2 Labelling of information 23
A.8.2.3 Handling of assets 24
A.8.3 Media handling
A.8.3.1 Management of removable media 24
A.8.3.2 Disposal of media 25
A.8.3.3 Physical media transfer 26
A.9 Access control
A.9.1 Business requirements of access control
A.9.1.1 Access control policy 26
A.9.1.2 Access to networks and network services 27
A.9.2 User access management
A.9.2.1 User registration and de-registration 28
A.9.2.2 User access provisioning 28
A.9.2.3 Management of privileged access rights 29
A.9.2.4 Management of secret authentication information of users 29
A.9.2.5 Review of user access rights 30
A.9.2.6 Removal or adjustment of access rights 30
A.9.3 User responsibilities
A.9.3.1 Use of secret authentication information 31
A.9.4 System and application access control
A.9.4.1 Information access restriction 32
A.9.4.2 Secure log-on procedures 32
A.9.4.3 Password management system 33
A.9.4.4 Use of privileged utility programs 34
A.9.4.5 Access control to program source code 34
A.10 Cryptography
A.10.1 Cryptographic controls
A.10.1.1 Policy on the use of cryptographic controls 35
A.10.1.2 Key management 36
A.11 Physical and environmental security
A.11.1 Secure areas
A.11.1.1 Physical security perimeter 37
A.11.1.2 Physical entry controls 38
A.11.1.3 Securing offices, rooms and facilities 38
A.11.1.4 Protecting against external and environmental threats 39
A.11.1.5 Working in secure areas 39
A.11.1.6 Delivery and loading areas 39
A.11.2 Equipment
A.11.2.1 Equipment siting and protection 40
A.112.2 Supporting utilities 40
A.11.2.3 Cabling security 41
A.11.2.4 Equipment maintenance 41
A.11.2.5 Removal of assets 41
A.11.2.6 Security of equipment and assets off-premises 42
A.11.2.7 Secure disposal or reuse of equipment 43
A.11.2.8 Unattended user equipment 43
A.11.2.9 Clear desk and clear screen policy 43
A.12 Operations security
A.12.1 Operational procedures and responsibilities
A.12.1.1 Documented operating procedures 44
A.12.1.2 Change management 45
A.12.1.3 Capacity management 45
A.12.1.4 Separation of development, testing and operational environments 46
A.12.2 Protection from malware
A.12.2.1 Controls against malware 47
A.12.3 Backup ISO 27001 ISO 27002 Page No
A.12.3.1 Information backup 48
A.12.4 Logging and monitoring
A.12.4.1 Event logging 49
A.12.4.2 Protection of log information 49
A.12.4.3 Administrator and operator logs 50
A.12.4.4 Clock synchronisation 50
A.12.5 Control of operational software 50
A.12.5.1 Installation of software on operational systems 51
A.12.6 Technical Vulnerability management
A.12.6.1 Management of technical vulnerabilities 51
A.12.6.2 Restrictions on software installation 53
A.12.7 Information systems audit considerations
A.12.7.1 Information systems audit controls 53
A.13 Communications security
A.13.1 Network security management
A.13.1.1 Network controls 54
A.13.1.2 Security of network services 54
A.13.1.3 Segregation in networks 55
A.13.2 Information transfer
A.13.2.1 Information transfer policies and procedures 56
A.13.2.2 Agreements on information transfer 57
A.13.2.3 Electronic messaging 57
A.13.2.4 Confidentiality or nondisclosure agreements 58
A.14 System acquisition, development and maintenance
A.14.1 Security requirements of information systems
A.14.1.1 Information security requirements analysis and specification 59
A.14.1.2 Securing application services on public networks 60
A.14.1.3 Protecting application services transactions 61
A.14.2 Security in development and support processes
A.14.2.1 Secure development policy 61
A.14.2.2 System change control procedures 62
A.14.2.3 Technical review of applications after operating platform changes 63
A.14.2.4 Restrictions on changes to software packages 63
A.14.2.5 Secure system engineering principles 64
A.14.2.6 Secure development environment 64
A.14.2.7 Outsourced development 65
A.14.2.8 System security testing 65
A.14.2.9 System acceptance testing 65
A.14.3 Test data
A.14.3.1 Protection of test data 66
A.15 Supplier relationships
A.15.1 Information security in supplier relationships
A.15.1.1 Information security policy for supplier relationships 66
A.15.1.2 Addressing security within supplier agreements 67
A.15.1.3 Information and communication technology supply chain 68
A.15.2 Supplier service delivery management
A.15.2.1 Monitoring and review of supplier services 70
A.15.2.2 Managing changes to supplier services 70
A.16 Information security incident management
A.16.1 Management of information security incidents and improvements
A.16.1.1 Responsibilities and procedures 71
A.16.1.2 Reporting information security events 72
A.16.1.3 Reporting information security weaknesses 73
A.16.1.4 Assessment of and decision on information security events 73
A.16.1.5 Response to information security incidents 73
A.16.1.6 Learning from information security incidents 73
A.16.1.7 Collection of evidence 74
A.17 Information security aspects of business continuity management
A.17.1 Information security continuity
A.17.1.1 Planning information security continuity 75
A.17.1.2 Implementing information security continuity 75
A.17.1.3 Verify, review and evaluate information security continuity 76
A.17.2 Redundancies
A.17.2.1 Availability of information processing facilities 77
A.18 Compliance
A.18.1 Compliance with legal and contractual requirements
A.18.1.1 Identification of applicable legislation and contractual requirements 77
A.18.1.2 Intellectual property rights 77
A.18.1.3 Protection of records 78
A.18.1.4 Privacy and protection of personally identifiable information 79
A.18.1.5 Regulation of cryptographic controls 80
A.18.2 Information security reviews
A.18.2.1 Independent review of information security 80
A.18.2.2 Compliance with security policies and standards 81
A.18.2.3 Technical compliance review 81
Closure – Delegates Views of the Masterclass
End of Masterclass

Want to Book?

In order to book for the Online Information Security Masterclass based on ISO 27001 and ISO 27002 please fill in to contact form below

Please add your work email address and check that it is correct before submitting the form.

About the A-Team

AVeS Cyber Security is a specialist IT Governance & Architectural services consultancy that combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions. Over the past 21-years, AVeS Cyber Security has strategically honed its solutions and services to help Southern African businesses future-proof their IT environments against the constantly evolving threat landscape while achieving their digital transformation aspirations. The company offers a leading portfolio of professional services, products, and training in security, infrastructure, and governance solutions. In 2018, the company won eight awards from some of the world’s top technology vendors, indicating competency, strength, innovation and robustness in an industry that is fast growing in complexity due to evolving challenges, such as ransomware, advanced targeted attacks and the Internet of Things.

Pin It on Pinterest