Infomation Security Based on ISO/IEC 27001:2013



Multimatics is one of Indonesia’s best consulting, training, and certification institutions. Specializing in IT Service Management System based on ISO/IEC 20000-1:2011, Information Security Management System based on ISO/IEC 27001:2013, Risk Management Principles and Guidelines based on ISO 31000:2009, and Quality Management System based on ISO 9001:2015 consulting. We provide integrated services of ISO international standard which enhance company performance, start from Awareness Training, Competency Certification, Consulting, until Management Certification from the Independent Certification Body.

Download ISO 27001 Training Materials

Description

Information is the most valuable asset for companies both small, medium and enterprises. Information, like other important business assets, is essential to an organization’s business and consequently needs to be suitably protected (ISO/ IEC 27002). Most of the business organizations nowadays are reliant on sophisticated information systems. Therefore, it is important for a company to be able to keep such information by implementing information security.

ISO/IEC 27001:2013 is an international standard published by the International Standardization Organization (ISO), and it describes how to manage information security in a company.

ISO/IEC 27001:2013 can be implemented in any kind of organization, profit or non-profit, private or state-owned, small or large. It was written by the world’s best experts in the field of information security and provides methodology for the implementation of information security management in an organization.

ISO/IEC 27001:2013 has become the most popular information security standard worldwide with 14 Sections, 35 Objectives and 114 Controls.

Our Service

We offer comprehensive consulting services assistance on how organizations can certainly get the certification covers:

  1. Preparation
    • ISMS Awareness Training based on ISO/IEC 27001:2013
    • Competency Certification Training of ISO/IEC 27001:2013
  2. Implementation
    • Management Support
    • Scoping
    • Create Inventory Lists
    • Perform Gap Analysis, which include internal Vulnerability Assessment and Penetration Test (if needed)
    • Perform Risk Assessment
    • Create Statement of Applicability (SOA)
    • Create Risk Treatment Plan (RTP)
    • Create Information Seccurity Management System
    • Management Review
    • Implment Information Security Management System based on ISO/IEC 27001:2013
  3. Certification Process
    • Pre-certification Audit
    • Certification body selection
    • Registration and Certification Process
5 Key Benefits of ISO/IEC 27001:2013
  1. Compliance with laws and regulations.
    • Implementation of ISO 27001:2013 forces to comply with all applicable legislations on the business
  2. Lower costs of incidents.
    • ISO 27001:2013 outlines controls targeting business systems availability.
    • The controls reduce vulnerabilities from being exploited.
    • Post certification audits ensures that the business keeps up to date with latest vulnerabilities & best practices.
  3. Marketing advantage.
    • Some customers prefer to trade with companies who have a recognized security certification.
    • Clients demonstrate that a business can be trusted.
  4. Optimization of processes.
    • Some organizations do implement cost effective security solutions but a risk assessment under ISO 27001:2013 actually highlights their efficiency & real effectiveness.
    • ISO 27001:2013 helps to develop a consistent approach to security.
  5. Smaller dependence on individuals.
    • Clear policies, procedures & guidelines make things easier and more understandable for employees.
    • It will reduce the dependence on individuals.

Course Description

This 1 day ISO 27001:2013 awareness training designed to provide throrough understanding of Informastion Security Management System based on ISO 27001. This training workshop has been developed based on experience of successful ISMS implementations and consultancies with local and foreign organizations and diverse industry exposure. This training workshop also covers Risk Management and Business Impact Analysis.

Course Objective

The essential objective of this course is

  1. Build awareness of information security systems
  2. How is ISO 27001: 2013 can protect information
  3. Explanation of ISO 27001: 2013
  4. Steps obtain certification for both individuals and organizations

Course Outline

  • Introduction an information and information security
  • What is Information Security Management System and how it could protect your information
  • Implementing good ISMS based on ISO 27001:2013
  • Process of obtaining ISO 27001:2013 Certification

Target Audience

The Awareness course will be of interest to:

  • Those who wish to implement Information security management system based on ISO 27001 in their organization
  • Those who will be required to have the working knowledge essential to motivate the team implementing the management system
  • Those who are planning to attend higher level training courses like ISMS internal auditor/ documentation & implementation/ lead auditor course

Duration

The Information Security Management System Awareness based on ISO/IEC 27001 is a one-day course that provides for participants the purpose and requirements of ISO/IEC 27001 and assigned to implement an ISMS practically.

Requirement

There are no prerequisites for this course.

Assessment

There are no assessment for this course.

ISO/IEC 27001 Foundation Training and Certification

This is three-day ISO/IEC 27001 Foundation course helps you assesses your knowladge of the contents and high level requirement of the ISO/IEC 27001 standard and build an understanding of these topics : information and secuirty, threats and risk, secuirty measures, legislation and regulation, approach to the organization of the Information Secuirty Policies and design and implemented of the ISMS according to the ISO/IEC 27001 standard.

Program Objective

At the end of the program, the participants will be able to :

  • Understand information and security concepts
  • Understand the relationship between threats and reliability
  • Create infromation security policies
  • Create security measures
  • Design and implement of the ISMS according to the ISO/IEC 27001

Target Audience

This is an introductory course for everyone in an organization who is involved with the information management lifecycle. The module is also suitable for small independent businesses for which some basic knowledge of information security is necessary. This module may be a good start for new information security professionals.

Duration

The Information Security Foundation based on ISO/IEC 27001 is a three-day course that prepares participants for the ISO/IEC 27001 certified exam (optional), which is an integral part of the course’s curriculum.

Requirement

There are no prerequisites for this course.

Assessment

At the end of the program, the participants will be assessed with 40 minutes of ISO/IEC 27001 Foundation Exam.

 

 

ISO/IEC 27001 Practitioner Training and Certification

The purpose of the practitioner qualification is to confirm whether the candidate has achieved sufficient understanding of ISO/IEC 27001 and its application in a given situation. With suitable direction he should be able to start applying the International Standard to enable the management of information security but may not be sufficiently skilled to do this appropriately for all situations.

Program Objective

At the end of the program, the participants will be able to :

  • Apply the principles of ISMS policy and standard.
  • Apply the principles of risk management
  • Analyze and evaluate deployed risk treatments and controls
  • Analyze and evaluate the effectiveness of the ISMS
  • Understand, create, apply and evaluate the suitability, adequacy and effectiveness of documented information and records required by ISO/IEC 27001
  • Identify and apply appropriate corrective actions to maintain ISMS conformity with ISO/IEC 27001 

Target Audience

This qualification is aimed at those who are internal manager and personel working to implement, maintain and operate an ISMS within an organization, external consultants supporting an organization’s implementation, maintenence and operation of an ISMS and internal auditor who are required to have an applied knowledge of the standard.

Duration

The Information Security Practitioner based on ISO/IEC 27001 is a two-day course that prepares participants for the ISO/IEC 27001 certified exam (optional), which is an integral part of the course’s curriculum.

Requirement

As a prerequisite the candidate must have passed the Foundation Qualification

Assessment

At the end of the program, the participants will be assessed with 2.5 hours of ISO/IEC 27001 Practitioner Exam.

 


Scroll to Top