Introduction to Information Security Management System


With proper implementation, Information Security Management System (ISMS) using the ISO/IEC 27001 standard would help organizations enhance their marketing position, organize all information security activities in a clearly defined framework, and consequently decrease the level of risks. The objective of the standard itself is to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System”.

This course provides participants with ideas and awareness on implementing Information Security Management System using the standard with its coverage of security issues, containing a significant number of control requirements.

Learning Objectives

At the end of the training, participants shall be able to:

  • Gain awareness of the ISO/IEC 27001 security standards
  • Understand the importance of security risk management
  • Determine the importance of risk assessment in an organization and how to minimize them
  • Identify ways of implementing the ISMS to current organization set-up

Who Should Attend

  • System and Software Managers
  • Quality Assurance Engineers/Managers
  • Quality Control Officers
  • Network Administrators
  • Trainers and other individual involved with Security Risk Management

Program Duration

1 day, 8 hours

Program Outline/Course Overview

Topic 1: Introduction to Information Security
Topic 2: Introduction and Overview of ISO/IEC 27001 (ISMS)
Topic 3: Advantages and Benefits of using ISMS
Topic 4: Fundamental Principles of Information Security
Topic 5: Introduction to Management Systems and the Process Approach
Topic 6: ISO 27001 Mandatory Clauses 4 – 8
Topic 7: Implementation Phases of ISO/IEC 27001 Framework
Topic 8: Continual Improvement

Ice Breakers/ Quizzes/ Case Studies/ Workshops
Wrap-up/ Summary
Open Discussion

For a complete course outline, email