Information Security Management Professional based on ISO/IEC 27001 Courseware revised Edition– English E-Book
Ruben Zeegers
Erhalten Sie Zugang zu diesem und mehr als 300000 Büchern ab EUR 5,99 monatlich.
- Herausgeber: Van Haren Publishing
- Kategorie: Bildung
- Sprache: Englisch
Besides the Information Security Management Professional based on ISO/IEC 27001 Courseware revised Edition– English (ISBN: 9789401803656) publication you are advised to obtain the publication Information Security Management with ITIL® V3 (ISBN: 9789087535520). Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. The EXIN Information Security Management (based on ISO/IEC 27001) certification program consist out of three Modules: Foundation, Professional and Expert. This book is the officially by Exin accredited courseware for the Information Security Management Professional training. It includes: • Trainer presentation handout • Sample exam questions • Practical assignments • Exam preparation guide The module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational and managerial aspects of information security. The subjects of this module are Information Security Perspectives (business, customer, and the service provider) Risk Management (Analysis of the risks, choosing controls, dealing with remaining risks) and Information Security Controls (organizational, technical and physical controls). The program and this courseware are intended for everyone who is involved in the implementation, evaluation, and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. The EXIN Information Security Management (based on ISO/IEC 27001) certification program consist out of three Modules: Foundation, Professional and Expert. This book is the officially by Exin accredited courseware for the Information Security Management Professional training. It includes: • Trainer presentation handout • Sample exam questions • Practical assignments • Exam preparation guide The module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational and managerial aspects of information security. The subjects of this module are Information Security Perspectives (business, customer, and the service provider) Risk Management (Analysis of the risks, choosing controls, dealing with remaining risks) and Information Security Controls (organizational, technical and physical controls). The program and this courseware are intended for everyone who is involved in the implementation, evaluation, and reporting of an information security program, such as an Information Security Manager (ISM), Information Security Officer (ISO) or a Line Manager, Process Manager or Project Manager with security responsibilities. Basic knowledge of Information Security is recommended, for instance through the EXIN Information Security Foundation based on ISO/IEC 27001 certification.
Sie lesen das E-Book in den Legimi-Apps auf:
Seitenzahl: 63
Veröffentlichungsjahr: 2018
Das E-Book (TTS) können Sie hören im Abo „Legimi Premium” in Legimi-Apps auf:
Ähnliche
Information Security Management Professionalbased on ISO/IEC 27001Courseware revised edition - English
Colofon
Title:
Information Security Management Professional based on ISO/IEC 27001 Courseware revised edition - English
Authors:
Ing. Ruben Zeegers CISSP RSE
Publisher:
Van Haren Publishing, Zaltbommel
ISBN Hard Copy:
978 94 018 036 56
Edition:
First edition, first print, December 2017
Second edition, first print September 2018
Design:
Van Haren Publishing, Zaltbommel
Copyright:
© Van Haren Publishing 2018
For further information about Van Haren Publishing please e-mail us at: [email protected] or visit our website: www.vanharen.net
All rights reserved. No part of this publication may be reproduced in any form by print, photo print, microfilm or any other means without written permission by the publisher.
Although this publication has been composed with much care, neither author, nor editor, nor publisher can accept any liability for damage caused by possible errors and/or incompleteness in this publication.
The Certificate EXIN Information Security Management Professional based on ISO/IEC 27001 is part of the qualification program Information Security. The module is followed up by the Certificates EXIN Information Security Management Advanced based on ISO/IEC 27001 and EXIN Information Security Management Expert based on ISO/IEC 27001.
Table of content
Agenda
Reflection
Introduction
Information Security Management Professional
About this Courseware
ISFS exam specifications
Module 1. Information Security Perspective
1.1 Business Perspective
1.2 Professional / Customer perspective
1.3 Service provider / Supplier perspective
Module 2. Risk Management
2.1 Analysis - Risk Assessment
2.2 Controls - Selection of mitigating controls / strategies
2.3 Remaining Risk - Residual risk
Module 3. Information Security Controls
3.1 Organizational
3.2 Technical
3.3 Other controls
EXIN Practical assignments
EXIN Sample Exam
Rationale
Awnsers
EXIN Preparation Guide
About the Courseware
The Courseware was created by experts from the industry who served as the author(s) for this publication. The input for the material was based on existing publications and the experience and expertise of the author(s). The material has been revised by trainers who also have experience working with the material. Close attention was also paid to the key learning points to ensure what needs to be mastered.
The objective of the courseware is to provide maximum support to the trainer and to the student, during his or her training. The material has a modular structure and according to the author(s) has the highest success rate should the student opt for examination. For this reason, the Courseware has also been accredited, wherever applicable.
In order to satisfy the requirements for accreditation the material must meet certain quality standards. The structure, the use of certain terms, diagrams and references are all part of this accreditation. Additionally, the material must be made available to each student in order to obtain full accreditation. To optimally support the trainer and the participant of the training assignments, practice exams and results have been provided with the material.
Direct reference to advised literature is also regularly covered in the sheets so that students can easily find additional information concerning a particular topic. The decision to separate note pages (handouts) from the Courseware was to encourage students to take notes throughoutthe material.
Although the courseware is complete, the possibility that the trainer may deviate from the structure of the sheets or chooses to not refer to all the sheets or commands does exist. The student always has the possibility to cover these topics and go through them on their own time. It is strongly recommended to follow the structure of the courseware and publications for maximum exam preparation.
The courseware and the recommended literature are the perfect combination to learn and understand the theory.
-Van Haren Publishing
Timetable
Day 1
09:00 - 9:30
Introduction, About this course
09:30 - 10:45
1.1 Business perspective
10:45 - 12:00
1.2 Customer perspective
10:30-11:15
lunch
12:30 - 15:00
Practical assignment 1
12:30 - 13:00
Lunch
15:00 - 17:00
1.3 Provider / supplier perspective
Day 2
09:00 - 10:30
2.1 Risk Analysis
10:30 - 12:00
2.2 Security Controls
12:00 - 12:30
lunch
12:30 - 14:00
2.3 Remaining Risk
14:00 - 17:00
Practical assignment 2
Day 3
09:00 - 09:30
3.1 Organizational Controls
09:30 - 10:30
3.2 Technical Controls
10:30 - 10:45
lunch
10:45 - 12:30
Technical Controls continued
14:00 - 16:00
3.3 Other Controls
Self-Reflection of understanding Diagram
‘What you do not measure, you cannot control.” - Tom Peters
Fill in this diagram to self-evaluate your understanding of the material. This is an evaluation of how well you know the material and how well you understand it. In order to pass the exam successfully you should be aiming to reach the higher end of Level 3. If you really want to become a pro, then you should be aiming for Level 4. Your overall level of understanding will naturally follow the learning curve. So, it’s important to keep track of where you are at each point of the training and address any areas of difficulty.
Based on where you are within the Self-Reflection of Understanding diagram you can evaluate the progress of your own training.
Write down the problem areas that you are still having difficulty with so that you can consolidate them yourself, or with your trainer. After you have had a look at these, then you should evaluate to see if you now have a better understanding of where you actually are on the learning curve.
