What is involved with the ISO/IEC 27001 Foundation certification training course? Learn about the course curriculum, target audience, duration, formats, exam, fees and much more.

1. ISO/IEC 27001
Foundation Certification
Training Course
For more information please visit us at www.interpromusa.com, email us at Contact@interpromusa.com, or call us at (+1)480-699-9642
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 1
by
MART ROVERS
INTERPROM

2. “What’s Up?”
• ISO/IEC 27001 Explained
• Typical Benefits
• Unexpected Benefits
• Four Steps to Compliance
• ISO/IEC 27001
Foundation Course
• Wrap-up
Agenda
©InterProm USA – Confidential and Proprietary Information 24/23/2020

3. WHAT’S THE BUZZ?
ISO/IEC 27001 Explained
©InterProm USA – Confidential and Proprietary Information 34/23/2020

4. What is
ISO/IEC
27001:2013?
• The standard has been designed to “provide
requirements for establishing, implementing,
maintaining and continually improving an
information security management system or
ISMS”
• The standard “can be used by internal and
external parties to assess the organization’s
ability to meet the organization’s own
information security requirements”
• The standard also includes “requirements for
the assessment and treatment of information
security risks tailored to the needs of the
organization. The requirements set out in this
International Standard are generic and are
intended to be applicable to all organizations,
regardless of type, size or nature”
©InterProm USA – Confidential and Proprietary Information 44/23/2020

5. Current State ISO/IEC 27000 Series
©InterProm USA – Confidential and Proprietary Information 5
Currently the documents forming the standard are:
• ISO/IEC 27000:2012 : Overview of the ISO/IEC 27000 standard family
• ISO/IEC 27001:2013 : Information security management system requirements
• ISO/IEC 27002:2013 : Code of practice for information security controls
• ISO/IEC 27003:2010 : Guidance on ISMS implementation
• ISO/IEC 27004:2016 :Metrics for information security management measurement
• ISO/IEC 27005:2011 : Information security risk management
• ISO/IEC 27006:2011 : Guidance on certification or registration process for accredited ISMS certification
or registration bodies
• ISO/IEC 27007:2011 : Guidance on auditing an ISMS
• ISO/IEC TR 27008:2011 : Guidance on auditing technical controls
• ISO/IEC 27009 : Compliance for various versions of ISO/IEC 27001
• ISO/IEC 27010:2012 : Guidance on information security management of inter-sector and inter-
organizational communications
• ISO/IEC 27011:2008 : Guidance on the telecommunications organizations
• ISO/IEC 27013:2012 : Guidance on the joint implementation of ISO/IEC 27001 and ISO/IEC 20000-1
• ISO/IEC 27014:2013 : Guidance on information security governance
4/23/2020

6. Current State ISO/IEC 27000 Series
(Continued)
©InterProm USA – Confidential and Proprietary Information 6
Currently the documents forming the standard are:
• ISO/IEC TR 27015: Guidance on financial services organizations
• ISO/IEC TR 27016: Economics of information security
• ISO/IEC 27004:2009 :Metrics for information security management measurement
• ISO/IEC 27017: Guidance on secure cloud computing
• ISO/IEC 27018: Privacy in the cloud
• ISO/IEC TR 27019: Information security for process control – based on ISO/IEC 27002 for process
control systems specific to the energy utility industry
• ISO/IEC 27031:2011 : Focusing on business continuity
• ISO/IEC 27032:2012 : Focusing on cybersecurity
• ISO/IEC 27033: Developing standard focussing on network security
• ISO/IEC 27034: Partially published guidance on application security
• ISO/IEC 27035:2011 : Focusing on incident management
• ISO/IEC 27036: Upcoming standard providing guidance on supplier relationships
• ISO/IEC 27037:2012 : Guidance on the management of digital evidence
• ISO/IEC 27038: An upcoming specification for digital redaction
• ISO/IEC 27039: Focusing on intrusion detection and prevention
• ISO/IEC 27040: Guidance on secure storage
• ISO/IEC 27102:2019 Guidance on cyber insurance iso.org
4/23/2020

7. ISO/IEC 27001
• Risk-based Standard
• The ISMS:
– Preserves the confidentiality,
integrity and availability of
information by applying a risk
management process
– Is part of and integrated with the
organization’s processes and
overall management structure
• Information security is considered
in the design of processes,
information systems, and
controls.
Characteristics
©InterProm USA – Confidential and Proprietary Information 74/23/2020

8. Contents ISO/IEC 27001
Information Security Management Systems - Requirements
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
4.1 Understanding the organization and its
context
4.2 Understanding the needs and expectations
of interested parties
4.3 Determining the scope of the information
security management system
4.4 Information security management system
5. Leadership
5.1 Leadership and commitments
5.2 Policy
5.3 Organizational roles, responsibilities, and
authorities
6. Planning
6.1 Actions to address risks and opportunities
6.2 Information security objectives and planning
to achieve them
7. Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
8. Operation
8.1 Operational planning and control
8.2 Information security risk assessment
8.3 Information security risk treatment
9. Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.23 Internal audit
9.3 Management review
10.Improvement
10.1 Nonconformity and corrective action
10.2 Continual improvement
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 8

9. Contents ISO/IEC 27002
Code of Practice for Information Security Controls
1. Scope
2. Normative references
3. Terms and definitions
4. Structure of this standard
5. Information security policies
5.1 Management direction for information security
6. Organizing for information security
6.1 Internal organization
6.2 Mobile devices and teleworking
7. Human resource security
7.1 Prior to employment
7.2 During employment
7.3 Termination and change of employment
8. Asset management
8.1 Responsibility for assets
8.2 Information classification
8.3 Media handling
9. Access control
9.1 Business requirements of access control
9.2 User access management
9.3 User responsibilities
9.4 System and application access control
8. Cryptography
10.1 Cryptographic controls
9. Physical and environmental security
11.1 Secure areas
11.2 Equipment
12. Operations security
12.1 Operational procedures and responsibilities
12.2 Protection from malware
12.3 Backup
12.4 Logging and monitoring
12.5 Control of operational software
12.6 Technical vulnerability management
12.7 Information systems audit considerations
13. Communications security
13.1 Network security management
13.2 Information transfer
14. System acquisition, development and maintenance
14.1 Security requirements of information systems
14.2 Security in development and support processes
15. Supplier relationships
15.1 Information security in supplier relationships
15.2 Supplier service delivery management
16. Information security incident management
16.1 Management of information security incidents and improvements
17. Information security aspects of business continuity
management
17.1 Information security continuity
17.2 Redundancies
18. Compliance
18.1 Compliance with legal and contractual agreements
18.2 Information security reviews
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 9

10. WHAT’S TYPICAL?
Benefits of ISO/IEC 27001
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 10

11. ISO/IEC 27001
Compliance
1. Increased security posture
2. Increased security awareness
and employee satisfaction
3. Increased clarity around risks
and risk ownership
4. Improved structure and
transparency of responsibilities
and focus
5. Reduction in the need for
frequent audits
6. Easier to obtain an independent
opinion about your security
posture
Typical Internal
Benefits
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 11

12. ISO/IEC 27001
Compliance
1. Increased chances of winning
new business
2. Avoidance of financial penalties
and losses due to data breaches
3. Enhanced protection of your
name and reputation
4. Easier compliance with legal,
contractual and regulatory
requirements
5. Internationally accepted
standard
Typical External
Benefits
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 12

13. WHAT’S UNEXPECTED?
Benefits of ISO/IEC 27001
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 13

14. ISO/IEC 27001
Compliance
1. Cross-enterprise commitment
2. Cross-enterprise participation
3. Incorporation of information
security practices in existing
practices (to-be)
4. Implementation of a
management system
5. Compliance vs. Certification
6. 3rd-Party selection and
integration
7. …Expect the unexpected…
Unexpected
Benefits
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 14

15. WHAT ARE THE FOUR STEPS?
Comply with ISO/IEC 27001
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 15

16. ISO/IEC 27001
Compliance
Phases Towards
Compliance
1. Familiarize
2. Adopt
3. Implement
4. Improve
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 16
• Training and Awareness
• Management Commitment
• Program and Project Initiation
• Organizational Change
• Continual Improvement

17. TRAINING COURSE
CHARACTERISTICS
ISO/IEC 27001 Foundation
Certification
©InterProm USA – Confidential and Proprietary Information 174/23/2020

18. ISO/IEC 27001
Foundation
Qualification
Scheme
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 18
Get qualified!

19. ISO/IEC 27001
Foundation
1. Chief Information Security Officers
(CISOs)
2. Information Security Officers
3. Information Security Subject Matter
Experts
4. Program/Project Managers
5. Internal/External Auditors
6. Service/Product Managers
7. Consultants/Coaches
8. Anyone who is involved with an
effort to become or uphold ISO/IEC
27001 compliance or certification
Target Audience
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 19
No Prerequisites!

20. ISO/IEC 27001
Foundation
• What are some of the definitions of information
security management?
• Who in my organization plays a role in information
security? And what are these roles?
• How to establish the information security
management system? And what does it take to
improve it? How do I know that it is effective?
• What does it mean to manage information
security risks? And what is risk treatment?
• ISO/IEC 27001 has 114 information security
controls? What are they? Why do I need them?
And what does ISO/IEC 27002 have to offer?
• What is the path to ISO/IEC 27001 certification?
Training Course
Curriculum
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 20
Get educated!

21. ISO/IEC 27001
Foundation
Duration
• 2 days for instructor-led courses
• 2-4 days for self-paced courses
Formats
• Instructor-led
– Live Online
– Onsite
• Self-paced online
Training Course
Duration and
Formats
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 21
Learn from the best!

22. ISO/IEC 27001
Foundation
Examination Institute
• APMG International
Exam
• 40 multiple-choice questions
• 60 minutes exam time
• Paper-based or online
• INTERPROM’s pass rate: 100%
Certification
Exam
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 22
With Exam Prep!

23. ISO/IEC 27001
Foundation
Fees per Participant
• Instructor-led
– Live Online: USD $1,195
– Onsite: USD $1,495
• Self-paced online
– USD $495
– 4 months access
– Exam fees: $200
Training Course
Fees
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 23
Exam included for
Instructor-led!

24. ISO/IEC 27001
Foundation
Schedule
• Instructor-led
– Live Online:
https://interpromusa.com/events/?tribe_paged=1&tribe_
event_display=list&tribe-bar-
search=ISO%2FIEC+27001+Foundation
– Onsite:
https://interpromusa.com/contact-us/
• Self-paced online
https://interpromusa.com/product/isoiec-27001-
foundation-course-self-paced-online/
Training Course
Schedule
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 24
Sign up and learn!

25. MORE INFORMATION?
Wrap-Up
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 25

26. ISO/IEC 27001
Foundation
More Information
• Visit Us
– https://interpromusa.com/iec-iso-
27001-certification-training/
• Email Us
– Contact@InterPromUSA.com
• Call Us
– (+1) 480-699-9642
Glad to Help!
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 26
See you soon!

27. About INTERPROM
Elevating Business Performance through:
• Coaching, Training, Workshop and Auditing Services
• Specialty Areas:
• Service Management
• E.g. ISO/IEC 20000, FitSM, ITIL, VeriSM
• Information Security Management
• E.g. ISO/IEC 27001, NIST
• Business Relationship Management
• E.g. ISO 44001, BRMiBOK®
• Organizational Change Management
• E.g. CMBOK®
• IT Governance
• E.g. ISO/IEC 38500, COBIT®
• Business Continuity Management
• E.g. ISO 22301
• Risk Management
• E.g. ISO 31000, MoR®
©InterProm USA – Confidential and Proprietary Information 274/23/2020

28. IF YOU HAVE ANY QUESTIONS OR FEEDBACK, PLEASE DO NOT
HESITATE TO CONTACT US:
CONTACT@INTERPROMUSA.COM / +1 480-699-9642
4/23/2020 ©InterProm USA – Confidential and Proprietary Information 28