On Octo­ber 12, 2020, the Insti­tu­te for Inter­nal Audit Aus­tria will host the semi­nar “ISO/IEC 27001 — Struc­tu­re and Audit of an ISMS” in Vien­na. The semi­nar will be led by SEC4YOU Mana­ging Direc­tor Man­fred Scholz.

ISO 27001 defi­nes the requi­re­ments for an Infor­ma­ti­on Secu­ri­ty Manage­ment Sys­tem (ISMS) and descri­bes a con­ti­nuous impro­ve­ment pro­cess (CIP), which enables the com­pa­ny to imple­ment and con­ti­nuous­ly impro­ve the neces­sa­ry secu­ri­ty mea­su­res in a risk-ori­en­ted approach.

ISO 27001 gives com­pa­nies in the IT secu­ri­ty and infor­ma­ti­on secu­ri­ty sec­tor the oppor­tu­ni­ty to estab­lish a struc­tu­red pro­ce­du­re that is com­pa­ra­ble to a qua­li­ty manage­ment sys­tem accor­ding to ISO 9001, which has been used suc­cessful­ly in indus­try for a long time.

Cer­ti­fi­ca­ti­on accor­ding to ISO/IEC 27001 has been incre­asing­ly deman­ded by cus­to­mers sin­ce the DSGVO came into force. Com­pa­nies should the­r­e­fo­re deal with the requi­re­ments of ISO 27001 at an ear­ly stage.

The tar­get group

The semi­nar is aimed at employees of the audit depart­ment, the IT depart­ment, but also at mana­gers and direc­tors who want to be infor­med about the requi­re­ments of ISO 27001. It is also sui­ta­ble for can­di­da­tes for the CISA or CISM exam as a sup­ple­ment to exam preparation.

Basics of ISO/IEC 27001 taught:

  • Intro­duc­tion to the ISO/IEC 27000 series of standards.
  • Spe­ci­fic stan­dards (27018, 27019, 27033, etc.)
  • The three pil­lars of infor­ma­ti­on security
  • Dif­fe­ren­ces bet­ween infor­ma­ti­on secu­ri­ty and data protection
  • ISMS ver­sus ICS
  • The con­ti­nuous impro­ve­ment pro­cess (CIPPDCA)
  • Essen­ti­al com­pon­ents of the standard
  • Over­view of the refe­rence con­trol objec­ti­ves (Appen­dix A)
  • Neces­sa­ry docu­ments for certification
  • Risk manage­ment / hazard ana­ly­sis (e.g. accor­ding to IT-Grundschutz)
  • Cer­ti­fi­ca­ti­on procedure
  • Importance of manage­ment support
  • Busi­ness requi­re­ments and inte­res­ted parties
  • Mea­su­re­ment of the effec­ti­ve­ness of the ISMS through KPIs
  • Inter­nal audits and report­ing to management
  • Plan­ning of impro­ve­ment actions
  • Approach to plan­ning and implementation
  • Audit approa­ches for inter­nal auditing
  • Importance of ISO 27001 for ope­ra­tors of essen­ti­al ser­vices (NIS‑G)
  • ISO 27001 and TISAX for sup­pli­ers to the auto­mo­ti­ve industry
  • Out­look on future developments

To the registration:

https://www.internerevision.at/seminare/it-revision/seminar/isoiec-27001-aufbau-und-pruefung-eines-isms-341/