Course 6017: Information Security Management

Recent high profile information security breaches and the value of information are highlighting the ever increasing need for organizations to protect their information. An Information Security Management System (ISMS) is a controlled approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems.

Determination of Scope

• Identification of information assets
• Determination of the value of information assets
• Determination of risk
• Determination of policy(ies) and the degree of assurance required from controls
• Identification of control objective and controls
• Definition of polices, standards and procedures to implement the controls
• Production and implementation of policies, standards and procedures
• Completion of ISMS documentation requirements
• Audit and review of ISMS

The BS 7799 Standards

• What is BS 7799 Part 1?
• Why information security ?
• What is information security ?
• What is the scope of BS 7799 Part 1 ?
• What areas of management control does BS 7799 Part 1 cover ?
• What is BS 7799 Part 2 ?
• What is an Information Security Management System (ISMS)?
• What is the relationship between Part 1, Part 2 and ISMS?
• How does BS 7799 Part 2 relate to other management system standards such as ISO 9001/ISO14001?

Internationalization

• What is ISO/IEC 17799?
• Is BS 7799 published as a national standard in different countries?
• Is BS 7799 translated into different languages?
• Who is using ISO/IEC 17799 & BS 7799 Part 2?
• Risk Assessment and Risk Management
• What is risk assessment?
• What is risk management?
• Why is it important to assess and manage information security risks?
• How is risk assessment related to ISO/IEC 17799 and BS 7799 Part 2?
• Do I need to re-assess my risks (and the Principle of Change)?
• What has Sun Tzu's "Art of War" got to do with the Principle of Change?
• Does BS 7799 Part 2 define the method for risk assessment?