Information Technology-security Techniques- Information Security management systems- Requirements
Course Overview
To equip participants with the knowledge and skills needed to assess and report on the conformance and effective implementation of an Information Security management system in accordance with ISO 19011.
Describe the responsibilities of an internal auditor and describe the role of internal audit in the maintenance and improvement of management systems, in accordance with ISO 19011
Risk Management Process
93 Annexure Controls of ISO 27001:2022
Explain the purpose and structure of ISO 27001, and explain the principles, process and selected techniques used for the assignment and management of Information / Cyber security
Plan and prepare for internal audit gather audit evidence through observation, interview and sampling of documents and records.
Write factual audit reports that help to improve the effectiveness of the management system.
Suggest ways in which the effectiveness of corrective action might be verified
Overview of ISO 27001:2022
Purpose and requirements of internal auditing of ISMS
ISMS standards and certification body requirements for internal auditing
Preparation, performance, objective evidence, questioning and communication
Audit findings, reporting, corrective actions, follow-up and close-out and management review
Summary of the changes to ISO 27001 and ISO 27002
Auditing the new, the merged and the renamed controls
Organizational Controls, People Controls, Physical Controls & Technological Controls