COURSE OVERVIEW:

In an era of increasing cyber threats and data breaches, protecting information assets is critical for organizational survival. This course provides a foundational introduction to ISO/IEC 27001, the international standard for Information Security Management Systems (ISMS). Participants will learn how the standard provides a systematic approach to managing sensitive company information so that it remains secure, encompassing people, processes, and IT systems.

The scope of this training involves exploring the core principles of Information Security: Confidentiality, Integrity, and Availability (the CIA triad). Attendees will be introduced to the risk-based approach of ISO 27001, which allows organizations to identify potential security threats and apply appropriate controls to mitigate them. The curriculum covers the standard’s structure and the essential role of Annex A in providing a comprehensive menu of security controls.

Coverage includes an overview of the ISMS lifecycle, from initial security policy development to continuous monitoring and improvement. The course addresses the importance of leadership and organizational culture in maintaining security, moving beyond a purely technical IT focus to a holistic business risk perspective. Participants will gain the basic knowledge required to support their organization’s security initiatives and understand the value of standardized information protection.

COURSE OBJECTIVES:

After completion of this course, the participants will be able to:

• Define Information Security and the CIA triad (Confidentiality, Integrity, Availability).
• Explain the purpose and benefits of an ISO 27001 Information Security Management System.
• Understand the High-Level Structure (Annex SL) of the ISO 27001 standard.
• Identify key assets that require protection within an organization.
• Describe the fundamental process of Information Security Risk Assessment.
• Understand the role of the Statement of Applicability (SoA).
• Recognize the importance of leadership and security policy.
• Identify the general categories of security controls found in Annex A.
• Understand the requirements for security awareness and training.
• Explain the process for managing information security incidents.
• Describe the role of internal audits in maintaining the ISMS.
• Define the concept of continuous improvement in a security context.

TARGET AUDIENCE:

IT Staff, Risk Management Professionals, Compliance Officers, HR Managers, and any employees involved in handling sensitive organizational data.

TRAINING COURSE METHODOLOGY:

A highly interactive combination of lectures, discussion sessions, and case studies will be employed to maximize the transfer of information, knowledge, and experience. The course will be intensive, practical, and highly interactive. The sessions will start by raising the most relevant questions and motivating everybody to find the right answers. The attendants will also be encouraged to raise more of their questions and to share in developing the right answers using their analysis and experience. There will also be some indoor experiential activities to enhance the learning experience. Course material will be provided in PowerPoint, with necessary animations, learning videos, and general discussions.

The course participants shall be evaluated before, during, and at the end of the course.

COURSE CERTIFICATE:

National Consultant Centre for Training LLC (NCC) will issue an Attendance Certificate to all participants completing a minimum of 80% of the total attendance time requirement.