BSI's "ISO/IEC 27001:2005 Internal Auditor" course teaches students the fundamentals of auditing information security management systems to ISO/IEC 27001:2005 (BS 7799-2:2002). This course teaches students how to conduct audits within their organization. The auditing exercises and lectures are based on ISO 19011:2002, "Guidelines for Quality and/or Environmental Management Systems Auditing." Experienced instructors guide students through internal audits that are required for a quality management system based on ISO/IEC 27001:2005. Students gain necessary auditing skills through a balance of formal classroom tutorials, group workshops, and open forum discussions.
Learning objectives
- Review the requirements of ISO/IEC 27001:2005
- Understand the relationship between ISO/IEC 27001:2005 and ISO/IEC 27002:2005
- Learn how to Assess Security Threats and Vulnerabilities
- Understand Security Controls and Countermeasures
- Understand the Roles and Responsibilities of the Auditor
- Learn how to Plan, Execute, Report, and Follow-up on an Information Security Management System Audit
Course materials
Students receive comprehensive course manuals with reference materials.
Who should attend
- IT Security Officers
- IT Managers
- Information Security Consultants
Prerequisite
A prior review of ISO/IEC 27002:2005 and ISO/IEC 27001:2005 would be beneficial.
