ISO/IEC 27001:2013 - Breaking It Down to Understand and Implement

Why Should You Attend:

It is not if you will be the potential victim of a cyber-attack but when. More and more attacks are happening every day, resulting in loss of reputation, fines, legal liabilities and so much more.

The ISO 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

ISO/IEC 27001 is the best-known standard in the family, and this course will list the requirements provided by the standard for an information security management system (ISMS).

Areas Covered in the Webinar:

• Risk assessment
• Security policy
• Organization of information security
• Asset management
• Human resources security
• Physical and environmental security
• Communications and operations management
• Access control
• Information systems acquisition, development and maintenance
• Information security incident management
• Business continuity management
• Compliance

Who Will Benefit:

• Security Planners
• CEOs, CIOs, CFOs, CIOs
• Technology Managers
• Compliance Professionals
• Auditors

Instructor Profile:

Dr. Michael C. Redmond, PhD, PMP, CEM, FBCI, MBCP, MBA, (ISO certified) is CEO of Redmond Worldwide, an international consulting company specializing in continuity and compliance management. She is a certified project manager, certified business recovery planner; certified emergency manager; and holds two international master level certifications in business continuity.

She has helped organizations create cyber incident response programs. Her vast background includes consulting as a senior manager for both Deloitte and KPMG for 7 ½ years, and 9 years with Redmond Worldwide. She has developed, documented and trained in this area for years. Dr. Redmond is aware of many of the most recent incidents and why some of their plans did not work.

Dr. Redmond has a strong compliance background. She is up to date on ISO 27001, HIPPA, CMS, FFIEC and more. She was an adjunct professor for the New York University and John Jay Master’s Program in Continuity of Business after an Event.

As a cyber security subject matter expert, advisor, and consultant, she has improved the incident management process by developing cyber security incident response plans; developing full breach incident response plan that ties in with the enterprise risk management, disaster recovery and business continuity programs; identifying gaps and closing those gaps; and meeting best practices, including NIST (National Institute Standards and Technology), ISO 27001, Cobit 4.1 and 5 in planning, testing and documenting.

Topic Background:

According to its documentation, ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system."

ISO 27001 uses a top down, risk-based approach and is technology-neutral. The specification defines a six-part planning process:

• Define a security policy.
• Define the scope of the ISMS.
• Conduct a risk assessment.
• Manage identified risks.
• Select control objectives and controls to be implemented.
• Prepare a statement of applicability.

What is an ISMS?

An ISMS (information security management system) is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure.

ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system. An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

Follow us :