• Auditor wanting to perform and lead an Information Security Management System (ISMS) audit

• Project manager or consultant wanting to master the Information Security Management System audit process

• Person responsible for the Information security or conformity in an organization

• Member of the information security team

• Expert advisor in information technology

• Technical expert wanting to prepare for an Information security audit function

Upon completion of this course, you should be able to:

• Acquiring the expertise to perform an ISMS audit as specified by ISO/IEC 27000:2005

• Acquiring the expertise necessary to manage an ISMS audit team

• Understanding the application of the information security management system in the ISO/IEC 27000:2005 context

• Understand the relationship between an Information Security Management System, including risk management and controls and compliance with the requirements of different stakeholders of the organization

• Improve the ability to analyze the internal and external environment of an organization, risk assessment and audit decision-making in the context of an ISMS

• None, although a familiarity with IT Security Concepts will be beneficial.

• Certification: ISO/IEC 27001:2005 – ISMS Auditor

• Length of test: 180 minutes

• Passing score: 70%

• Languages: English

• Duration 3 Hours

• Open Book Exam: Except for the use of a computer, all documents and references are allowed during the exam. The exam is comprised of development questions.

Module 1: Introduction to Information Security Management System (ISMS)

• Normative, regulatory and legal framework related to Information Security

• Fundamental principles of Information Security

• The ISO/IEC 27001:2005 certification process

• The Information Security Management System (ISMS)

• Detailed presentation of the clauses 4 to 8 of the ISO/IEC 27001:2005 standard

Module 2: Planning and Launching an ISO 27001 Audit

• Fundamental concepts and principles of auditing

• Audit approach based on evidence and on risk

• Preparation of an ISO/IEC 27001:2005 certification audit

• Documentation of an ISMS audit

• Conducting an opening meeting

Module 3: Conducting An ISO 27001 Audit

• Communication during the audit

• Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation

• Drafting test plans

• Formulation of audit findings

• Drafting of nonconformity reports

Module 4: Concluding and Ensuring An ISO 27001 Audit

• Audit documentation

• Quality Review

• Conducting a closing meeting and Conclusion of an ISO/IEC 27001:2005 audit

• Evaluation of corrective action plans

• Surveillance Audit

• Audit management program