Aim of the course:
Infoturbe juhtimissüsteemi auditi koolitus võimaldab osalejatel saada põhiteadmised ja oskused infoturbe juhtimissüsteemi (Information Security Management System - ISMS) vastavuse hindamiseks ja auditeerimiseks vastavalt rahvusvahelisele ISO/IEC 27001 standardile. Osalejad saavad hea ülevaate infoturbe juhtimissüsteemi rakendamisest ja auditeerimise planeerimisest ning läbiviimisest. Läbi praktiliste harjutuste ja juhtumianalüüside omandavad osalejad kogemuse auditi tehnikate kasutamiseks, auditi projekti edukaks juhtimiseks ning tulemuste kommunikeerimiseks.
Koolitusele järgneval päeval on võimalik lisatasu eest sooritada rahvusvaheline sertifikaadieksam (inglise keeles).
Target group:
• Asutuste ja ettevõtete IT audiitorid, siseauditi üksuse töötajad
• Audiitorid, kellel vaja läbi viia infoturbe juhtimissüsteemide auditeid ja sertifitseerimist
• IT üksuse töötajad, infoturbe implementeerijad, vastavuskontrolli töötajad
• IT teenusepakkujad, kvaliteedikontrolli töötajad
Prerequisites:
Soovitavalt varasem praktiline kokkupuude infoturbega või auditeerimisega.
Topics:
Day 1
Introduction to Information Security Management System (ISMS) concepts as required by ISO/IEC 27001
Normative, regulatory and legal framework related to Information Security
Fundamental principles of Information Security
The ISO/IEC 27001 certification process
Detailed presentation of the clauses of ISO/IEC 27001
DAY 2
Planning and initiating an ISO/IEC 27001 audit
Fundamental audit concepts and principles
Audit the approach based on evidence and on risk
Preparation of an ISO/IEC 27001 certification audit
Documenting of an ISMS audit
DAY 3
Conducting an ISO/IEC 27001 audit
Communication during the audit
Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation
Drafting test plans
Formulation of audit findings, drafting of nonconformity reports
DAY 4
Concluding and ensuring the follow-up of an ISO/IEC 27001 audit
Audit documentation
Conducting a closing meeting and conclusion of an ISO/IEC 27001 audit
Evaluation of corrective action plans
ISO/IEC 27001 surveillance audit and audit management program
DAY 5
Certification Exam
E-N kursus, R - test, mille järel saab osaleja kinnituse testi läbimise kohta testile määratud tingimustele vastavalt: Examination Duration: 3 hours The “PECB Chief Information Security Officer exam meets the requirements of the PECB Examination and Certification Program (ECP). It covers the following competency domains: Domain 1 Fundamental concepts of information security Domain 2 The role of CISO in an information security program Domain 3 Selecting a security compliance program, risk management, and security architecture and design Domain 4 Operational aspects of information security controls, incident management, and change management Domain 5 Fostering an information security culture, monitoring, measuring, and improving an information security program For specific information about exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies: www.pecb.com
Study results:
-To acquire expertise of performing an ISO/IEC 27001 internal audit, following the ISO 19011 guidelines
-To acquire expertise of performing an ISO 27001 certification audit, following the ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006
-To acquire necessary expertise for managing an ISMS audit team
-To understand the operation of an ISO/IEC 27001
Graduation document:
TalTech certificate
Language:
English
Lecturer:
Andro Kull, PhD
Credits:
contact study: 32 academic hours
autonomous/other study: 12/3 academic hours
EAP:
1
Contact:
Eda Kaljo, 5100780, eda.kaljo@taltech.ee
Price:
1980 € + VAT/participant
Registration deadline:
12.02.2025 23:59
Location:
veebis
Location:
veebis
Price:
1980 € + VAT/participant
Credits:
contact study:
32 academic hours
autonomous/other study:
12/3 academic hours
EAP:
1
Curriculum group:
Computer use
Contact:
Eda Kaljo, 5100780, eda.kaljo@taltech.ee