|
ISO/IEC 27001:2013 Practitioner Information Security Officer
|
ISO/IEC 27001:2013 資訊安全從業人員
課程代碼
SP-ISO27001PRCSCR
課程天數
2 天
課程概要
ISO 27001:2013 是一套國際通用的資訊安全管理工具和制度。用以呼應全球對於資訊安全風險的因應措施,達到控制並且降低資訊安全事件所帶來的威脅和衝擊。ISO 27001:2013 提供廣泛類型的組織,包含商業企業、政府機構和非營利組織等,如何建立、實施、維護和持續改進風險管理之資訊安全管理系 (ISMS) 的模型。該標準奠定了有效管理機敏資訊和資訊安全控制應用的基礎,有效保護企業的資訊資源安全、保護資訊化過程健全、有秩序以及可持續發展。
本課程為兩日課堂培訓,專為建立 ISO/ IEC 27001 標準、執行 ISO/ IEC 27001 或將準備考取 ISO/ IEC 27001 認證之 IT 專業人員、顧問所設計。
使用實踐示例和個案研究來指導學員完成實施過程,並協助學員為進行 ISO / IEC 27001 評估或稽核做好準備。 在為期兩天的課堂培訓結束後,可以參加 APMG 認證考試。此培訓不包括稽核技術或涉及單位組織進行稽核之議題。
本課程為兩日課堂培訓,專為建立 ISO/ IEC 27001 標準、執行 ISO/ IEC 27001 或將準備考取 ISO/ IEC 27001 認證之 IT 專業人員、顧問所設計。
使用實踐示例和個案研究來指導學員完成實施過程,並協助學員為進行 ISO / IEC 27001 評估或稽核做好準備。 在為期兩天的課堂培訓結束後,可以參加 APMG 認證考試。此培訓不包括稽核技術或涉及單位組織進行稽核之議題。
學習目標和取得技能
The purpose of the practitioner qualification is to confirm whether the candidate has achieved sufficient understanding of SO/IEC 27001 and its application in a given situation.
On completion of this training course, delegates will be able to:
On completion of this training course, delegates will be able to:
- Apply the principles of ISMS policy and its information security scope, objectives, and processes within an organizational context
- Apply the principles of risk management including risk identification, analysis and evaluation and propose appropriate treatments and controls to reduce information security risk, support business objectives and improve information security
- Analyze and evaluate deployed risk treatments and controls to assess their effectiveness and opportunities for continual improvement
- Analyze and evaluate the effectiveness of the ISMS through the use of internal audit and management review to continually improve the suitability, adequacy and effectiveness of the ISMS
- Understand, create, apply and evaluate the suitability, adequacy and effectiveness of documented information and records required by ISO/IEC 27001
- Identify and apply appropriate corrective actions to maintain ISMS conformity with ISO/IEC 27001
教學方式
認證講師課堂中文指導
教材與實驗
原廠專業教材
課程適合對象
The target audience for this course and qualification are:
- Individuals at the start of their journey in Service Management
- ITSM Managers and aspiring ITSM Managers
- Individuals working in other parts of IT (digital, product development) with strong interface with service delivery
- Existing ITIL qualification holders wishing to update their knowledge
前備知識
- APMG ISO/IEC 27001 Foundation certificate
- TÜV SÜD ISO27001 Foundation certificate
- ICO-CERT ISMS 27001 Foundation certificate
課程大綱
- Introduction to and background of ISO/lEC 27001
- The certification scheme
- ISO/IEC 27001 Standards family overview
- ISO/IEC 27001 and Annex A in detail
- The use and application of ISO/Lec 27001
- The implementation of ISO/IEC 27001
- Preparing for a formal audit
- ISO/IEC 27001 scoping and applicability
- Exam practice and preparations
推薦課程
