Online Information Security Masterclass based on ISO 27001 and ISO 27002
Duration
2 Days
Where
Online via Microsoft Teams
Cost
R 14 500 Excl. Vat & includes 2 x Delegates
Are you looking to gain knowledge of Information Security based on an International Information Security Standard ISO 27001 and ISO 27002? And learn how they map to Cyber Security and IT Security controls, i.e. People, Process and Technology, then look no further as this is the fast-track Masterclass for you.
Benefits
Enables your organisation to protect its data, privacy and reputation most efficiently.
By implementing the required controls aligned to the recommendations, organisations protect themselves from the Evolving, Sophisticated Cyber Attacks.
Learning ISO 27001 and its relationship to ISO 27002 and other Frameworks, Standards and Laws, i.e. COBIT 2019, NIST, GDPR, POPIA, etc.
Interpret the Information Security Practical Requirements from ISO 27001 and the recommendations from ISO 27002.
Align Technology Controls to ISO 27001 requirements and 27002 recommendations.
You will learn how to conduct an Information Security Self-Assessment.
You will learn how to remediate if you think there is a Gap in your implementation.
You will learn how to become ISO 27001 certified.
Information Security Management System Tools.
The AVeS Team has been instrumental in the review and update of our ICT policies and procedures. Their combination of skills and experience makes the partnership with AVeS Cyber Security a good one for the IT department at Palabora
Presenters
More about Charl
Charl Ueckermann currently serves as Chief Executive Officer at AVeS Cyber Security and assists organisations with strategic IT solutions. He has more than 25 years’ in-depth experience in the IT industry, specialising in banking, government, automotive, manufacturing & telecom industry verticals. Charl has a proven track record in IT and business strategy in the SMB and Enterprise markets.
Charl has a background in numerous technical, theoretical, and other business areas in the IT industry and is committed to adding value and exceeding expectations through creative idea generation, collaborative problem solving, and disciplined decision-making. His goal is to build a world-class team who can solve problems using technology, people and processes.
More about Cecil
Cecil Munsamy has 30 years’ experience in the IT industry, ranging from Application Development and Infrastructure, IT Management at CIO level, together with Governance, Risk and Compliance.
Besides being the Managing Director of AVeS Cyber Security, Cecil heads up a highly-experienced team of experts specialising in assessments, roadmap preparation, remediation, implementation, audits, monitoring and incident management.
Munsamy has a strong business-focus and resource-management capability, with a key emphasis on attitude, ethics and values. He holds a Higher Diploma in Computer Systems, and attended the ISO/IEC 27001 Implementers Course in 2009 and the ISO/IEC 27001 Lead Auditor Training Course in 2011 in Germany, attaining full certification in both.
In 2014, he was recertified by the Professional Evaluation and Certification Board (PECB) as a Certified ISO/IEC 27001 Lead Auditor, as well as a Trainer in the ISO/IEC 27001 standard. Munsamy also has multiple IT Security Product certifications. He is also a member of the Institute of Directors’ South Africa (IODSA) and the Information Systems Audit and Control Association (ISACA), the professional body for IT governance.
More about Eric
Eric’s career has always revolved around delivering business value from information and technology systems. He has had to stabilise environments, implement standards, controls and procedures, and change the mindset of staff from an internal focus to one of service delivery. His experience across four decades covers multiple industries, such as retail, services, public sector and ICT. Eric has managed departments of up to 120 staff, in various locations, and has been in charge of up to 9-digit annual budgets.
Eric has worked on both sides of the industry, either as customers’ executives or suppliers’ team leaders. In a more recent career move, he became instrumental in maintaining an exceptionally tight budget as IT Exec: Services, while increasing service delivery standards to the end-users.
Eric was also a member of the original team who compiled the SAANA-EDI standards in 1990 and Chairman of the Consumer Credit Association in 1997. He is now an accredited COBIT-5 Implementor and Assessor, ISO 27001 Practitioner, and a CIO Advisor at AVeS Cyber Security.
More about Charl
Charl Ueckermann currently serves as Chief Executive Officer at AVeS Cyber Security and assists organisations with strategic IT solutions. He has more than 25 years’ in-depth experience in the IT industry, specialising in banking, government, automotive, manufacturing & telecom industry verticals. Charl has a proven track record in IT and business strategy in the SMB and Enterprise markets.
Charl has a background in numerous technical, theoretical, and other business areas in the IT industry and is committed to adding value and exceeding expectations through creative idea generation, collaborative problem solving, and disciplined decision-making. His goal is to build a world-class team who can solve problems using technology, people and processes.
More about Cecil
Cecil Munsamy has 30 years’ experience in the IT industry, ranging from Application Development and Infrastructure, IT Management at CIO level, together with Governance, Risk and Compliance.
Besides being the Managing Director of AVeS Cyber Security, Cecil heads up a highly-experienced team of experts specialising in assessments, roadmap preparation, remediation, implementation, audits, monitoring and incident management.
Munsamy has a strong business-focus and resource-management capability, with a key emphasis on attitude, ethics and values. He holds a Higher Diploma in Computer Systems, and attended the ISO/IEC 27001 Implementers Course in 2009 and the ISO/IEC 27001 Lead Auditor Training Course in 2011 in Germany, attaining full certification in both.
In 2014, he was recertified by the Professional Evaluation and Certification Board (PECB) as a Certified ISO/IEC 27001 Lead Auditor, as well as a Trainer in the ISO/IEC 27001 standard. Munsamy also has multiple IT Security Product certifications. He is also a member of the Institute of Directors’ South Africa (IODSA) and the Information Systems Audit and Control Association (ISACA), the professional body for IT governance.
More about Eric
Eric’s career has always revolved around delivering business value from information and technology systems. He has had to stabilise environments, implement standards, controls and procedures, and change the mindset of staff from an internal focus to one of service delivery. His experience across four decades covers multiple industries, such as retail, services, public sector and ICT. Eric has managed departments of up to 120 staff, in various locations, and has been in charge of up to 9-digit annual budgets.
Eric has worked on both sides of the industry, either as customers’ executives or suppliers’ team leaders. In a more recent career move, he became instrumental in maintaining an exceptionally tight budget as IT Exec: Services, while increasing service delivery standards to the end-users.
Eric was also a member of the original team who compiled the SAANA-EDI standards in 1990 and Chairman of the Consumer Credit Association in 1997. He is now an accredited COBIT-5 Implementor and Assessor, ISO 27001 Practitioner, and a CIO Advisor at AVeS Cyber Security.
Cost
R 14 500 Excl. Vat & includes 2 x Delegates
Ticket costs include conference attendance, official copies of the ISO 27001 and ISO 27002 standards, and certificate of attendance.
What you will learn
The Masterclass will help you understand Enterprise Information Security based on ISO 27001 and ISO 27002. It will enable you to implement and support Information Security controls to mitigate Information Security Risks and avoid threats, vulnerabilities and possible negative impacts to your organisation. This includes but is not limited to protecting your organisation’s sensitive data.
The online Masterclass will provide an overview of the history, structure and how ISO 27001 and ISO 27002 complements each other to provide you with an Information Security Management System (ISMS). If you plan to Implement ISO 27001, it will provide you with adequate knowledge and information on the Process. During the Masterclass, you will be allowed to compare your own organisation’s implementation to the recommendations.
We will walk through the 114 controls (Approximately 10 minutes on each control) contained in the 14 Clauses of the ISO 27001 Standard individually, showing you the link to ISO 27002. On completion, you will know the 14 Clauses, 35 Control Objectives and the 114 controls. You will, at this point, know which of these Controls apply to your organisation and what you should focus on if there is a Gap compared to the recommendations.
Schedule
Control No. | Topic | ISO 27001 | ISO 27002 Page No |
1-10 | Overview of Information Security based on ISO 27001 and ISO 27002 | 5-14 | |
A.5 | Information security policies | ||
A.5.1 | Management direction for information security | ||
A.5.1.1 | Policies for information security | Annex A | 11-12 |
A.5.1.2 | Review of the policies for information security | 12 | |
A.6 | Organization of information security | ||
A.6.1 | Internal organization | ||
A.6.1.1 | Information security roles and responsibilities | 12 | |
A.6.1.2 | Segregation of duties | 13 | |
A.6.1.3 | Contact with authorities | 13 | |
A.6.1.4 | Contact with special interest groups | 14 | |
A.6.1.5 | Information security in project management | 14 | |
A.6.2 | Mobile devices and teleworking | ||
A.6.2.1 | Mobile device policy | 14 | |
A.6.2.2 | Teleworking | 15 | |
A.7 | Human resource security | ||
A.7.1 | Prior to employment | ||
A.7.1.1 | Screening | 17 | |
A.7.1.2 | Terms and conditions of employment | 17 | |
A.7.2 | During employment | ||
A.7.2.1 | Management responsibilities | 18 | |
A.7.2.2 | Information security awareness, education and training | 19 | |
A.7.2.3 | Disciplinary process | 20 | |
A.7.2 | During employment | ||
A.7.3.1 | Termination or change of employment responsibilities | 20 | |
A.8 | Asset management | ||
A.8.1 | Responsibility for assets | ||
A.8.1.1 | Inventory of assets | 21 | |
A.8.1.2 | Ownership of assets | 21 | |
A.8.1.3 | Acceptable use of assets | 22 | |
A.8.1.4 | Return of Assets | 22 | |
A.8.2 | Information classification | ||
A.8.2.1 | Classification of information | 23 | |
A.8.2.2 | Labelling of information | 23 | |
A.8.2.3 | Handling of assets | 24 | |
A.8.3 | Media handling | ||
A.8.3.1 | Management of removable media | 24 | |
A.8.3.2 | Disposal of media | 25 | |
A.8.3.3 | Physical media transfer | 26 | |
A.9 | Access control | ||
A.9.1 | Business requirements of access control | ||
A.9.1.1 | Access control policy | 26 | |
A.9.1.2 | Access to networks and network services | 27 | |
A.9.2 | User access management | ||
A.9.2.1 | User registration and de-registration | 28 | |
A.9.2.2 | User access provisioning | 28 | |
A.9.2.3 | Management of privileged access rights | 29 | |
A.9.2.4 | Management of secret authentication information of users | 29 | |
A.9.2.5 | Review of user access rights | 30 | |
A.9.2.6 | Removal or adjustment of access rights | 30 | |
A.9.3 | User responsibilities | ||
A.9.3.1 | Use of secret authentication information | 31 | |
A.9.4 | System and application access control | ||
A.9.4.1 | Information access restriction | 32 | |
A.9.4.2 | Secure log-on procedures | 32 | |
A.9.4.3 | Password management system | 33 | |
A.9.4.4 | Use of privileged utility programs | 34 | |
A.9.4.5 | Access control to program source code | 34 | |
A.10 | Cryptography | ||
A.10.1 | Cryptographic controls | ||
A.10.1.1 | Policy on the use of cryptographic controls | 35 | |
A.10.1.2 | Key management | 36 | |
A.11 | Physical and environmental security | ||
A.11.1 | Secure areas | ||
A.11.1.1 | Physical security perimeter | 37 | |
A.11.1.2 | Physical entry controls | 38 | |
A.11.1.3 | Securing offices, rooms and facilities | 38 | |
A.11.1.4 | Protecting against external and environmental threats | 39 | |
A.11.1.5 | Working in secure areas | 39 | |
A.11.1.6 | Delivery and loading areas | 39 | |
A.11.2 | Equipment | ||
A.11.2.1 | Equipment siting and protection | 40 | |
A.112.2 | Supporting utilities | 40 | |
A.11.2.3 | Cabling security | 41 | |
A.11.2.4 | Equipment maintenance | 41 | |
A.11.2.5 | Removal of assets | 41 | |
A.11.2.6 | Security of equipment and assets off-premises | 42 | |
A.11.2.7 | Secure disposal or reuse of equipment | 43 | |
A.11.2.8 | Unattended user equipment | 43 | |
A.11.2.9 | Clear desk and clear screen policy | 43 | |
A.12 | Operations security | ||
A.12.1 | Operational procedures and responsibilities | ||
A.12.1.1 | Documented operating procedures | 44 | |
A.12.1.2 | Change management | 45 | |
A.12.1.3 | Capacity management | 45 | |
A.12.1.4 | Separation of development, testing and operational environments | 46 | |
A.12.2 | Protection from malware | ||
A.12.2.1 | Controls against malware | 47 | |
A.12.3 | Backup | ISO 27001 | ISO 27002 Page No |
A.12.3.1 | Information backup | 48 | |
A.12.4 | Logging and monitoring | ||
A.12.4.1 | Event logging | 49 | |
A.12.4.2 | Protection of log information | 49 | |
A.12.4.3 | Administrator and operator logs | 50 | |
A.12.4.4 | Clock synchronisation | 50 | |
A.12.5 | Control of operational software | 50 | |
A.12.5.1 | Installation of software on operational systems | 51 | |
A.12.6 | Technical Vulnerability management | ||
A.12.6.1 | Management of technical vulnerabilities | 51 | |
A.12.6.2 | Restrictions on software installation | 53 | |
A.12.7 | Information systems audit considerations | ||
A.12.7.1 | Information systems audit controls | 53 | |
A.13 | Communications security | ||
A.13.1 | Network security management | ||
A.13.1.1 | Network controls | 54 | |
A.13.1.2 | Security of network services | 54 | |
A.13.1.3 | Segregation in networks | 55 | |
A.13.2 | Information transfer | ||
A.13.2.1 | Information transfer policies and procedures | 56 | |
A.13.2.2 | Agreements on information transfer | 57 | |
A.13.2.3 | Electronic messaging | 57 | |
A.13.2.4 | Confidentiality or nondisclosure agreements | 58 | |
A.14 | System acquisition, development and maintenance | ||
A.14.1 | Security requirements of information systems | ||
A.14.1.1 | Information security requirements analysis and specification | 59 | |
A.14.1.2 | Securing application services on public networks | 60 | |
A.14.1.3 | Protecting application services transactions | 61 | |
A.14.2 | Security in development and support processes | ||
A.14.2.1 | Secure development policy | 61 | |
A.14.2.2 | System change control procedures | 62 | |
A.14.2.3 | Technical review of applications after operating platform changes | 63 | |
A.14.2.4 | Restrictions on changes to software packages | 63 | |
A.14.2.5 | Secure system engineering principles | 64 | |
A.14.2.6 | Secure development environment | 64 | |
A.14.2.7 | Outsourced development | 65 | |
A.14.2.8 | System security testing | 65 | |
A.14.2.9 | System acceptance testing | 65 | |
A.14.3 | Test data | ||
A.14.3.1 | Protection of test data | 66 | |
A.15 | Supplier relationships | ||
A.15.1 | Information security in supplier relationships | ||
A.15.1.1 | Information security policy for supplier relationships | 66 | |
A.15.1.2 | Addressing security within supplier agreements | 67 | |
A.15.1.3 | Information and communication technology supply chain | 68 | |
A.15.2 | Supplier service delivery management | ||
A.15.2.1 | Monitoring and review of supplier services | 70 | |
A.15.2.2 | Managing changes to supplier services | 70 | |
A.16 | Information security incident management | ||
A.16.1 | Management of information security incidents and improvements | ||
A.16.1.1 | Responsibilities and procedures | 71 | |
A.16.1.2 | Reporting information security events | 72 | |
A.16.1.3 | Reporting information security weaknesses | 73 | |
A.16.1.4 | Assessment of and decision on information security events | 73 | |
A.16.1.5 | Response to information security incidents | 73 | |
A.16.1.6 | Learning from information security incidents | 73 | |
A.16.1.7 | Collection of evidence | 74 | |
A.17 | Information security aspects of business continuity management | ||
A.17.1 | Information security continuity | ||
A.17.1.1 | Planning information security continuity | 75 | |
A.17.1.2 | Implementing information security continuity | 75 | |
A.17.1.3 | Verify, review and evaluate information security continuity | 76 | |
A.17.2 | Redundancies | ||
A.17.2.1 | Availability of information processing facilities | 77 | |
A.18 | Compliance | ||
A.18.1 | Compliance with legal and contractual requirements | ||
A.18.1.1 | Identification of applicable legislation and contractual requirements | 77 | |
A.18.1.2 | Intellectual property rights | 77 | |
A.18.1.3 | Protection of records | 78 | |
A.18.1.4 | Privacy and protection of personally identifiable information | 79 | |
A.18.1.5 | Regulation of cryptographic controls | 80 | |
A.18.2 | Information security reviews | ||
A.18.2.1 | Independent review of information security | 80 | |
A.18.2.2 | Compliance with security policies and standards | 81 | |
A.18.2.3 | Technical compliance review | 81 | |
Closure – Delegates Views of the Masterclass | |||
End of Masterclass |
Want to Book?
In order to book for the Online Information Security Masterclass based on ISO 27001 and ISO 27002 please fill in to contact form below
About the A-Team
AVeS Cyber Security is a specialist IT Governance & Architectural services consultancy that combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions. Over the past 21-years, AVeS Cyber Security has strategically honed its solutions and services to help Southern African businesses future-proof their IT environments against the constantly evolving threat landscape while achieving their digital transformation aspirations. The company offers a leading portfolio of professional services, products, and training in security, infrastructure, and governance solutions. In 2018, the company won eight awards from some of the world’s top technology vendors, indicating competency, strength, innovation and robustness in an industry that is fast growing in complexity due to evolving challenges, such as ransomware, advanced targeted attacks and the Internet of Things.