WHAT IS IT?

ISO/IEC 27001 is the world’s most recognized standard for information security management systems (ISMS). Defines the requirements that an ISMS must meet. ISO/IEC 27001 provides guidance for organizations wishing to establish, implement, maintain and continuously improve an information security management system (ISMS).

Being ISO/IEC 27001 compliant means that an organization or business has established a system for managing the security risks associated with the data it owns or processes and that this system respects all of the best practices and principles contained in this International Standard.

Individuals and organizations that obtain ISO/IEC 27001 certification prove that they ensure the confidentiality, integrity and availability of their information.

WHY IS IT IMPORTANT?

With cybercrime on the rise and new threats constantly emerging, managing cyber risks can seem difficult or impossible. ISO/IEC 27001 helps organizations to be risk aware and proactively identify and address vulnerabilities.

ISO/IEC 27001 promotes a holistic approach to information security: it considers people, policies and technology. An information security management system implemented according to this standard is a tool for risk management, cyber resilience and operational excellence.

Information Security is a vital element to protect your organization’s valuable assets and enhance its reliability. Information Security Management helps you identify, assess and mitigate the threats your organization faces. It also enables you to earn the trust of your customers, partners and stakeholders and fulfill your legal compliance obligations.

WHAT IS THE BENEFIT?

Obtaining ISO/IEC 27001 certification means you have the following benefits:

– Gain competence in establishing and implementing information security management systems,

– Understand the risk management process, controls and compliance obligations,

– Gain the ability to prevent and address information security threats,

– It can create the potential to make a difference in an information security career or find a job,

– Ability to manage a team implementing information security management systems,

– Build capacity to contribute to the continuous improvement of information security management systems,

– Acquire the ability to audit information security management systems.

• ISO/IEC 27001 – INTRODUCTION

You will understand the key components of an ISMS based on ISO/IEC 27001.

• ISO/IEC 27001 – FOUNDATION

You will learn about the key components required to implement and manage an ISMS based on ISO/IEC 27001.

• ISO/IEC 27001 – LEAD IMPLEMENTER

You will develop your skills to support an organization in implementing and maintaining an ISMS based on ISO/IEC 27001.

• ISO/IEC 27001 LEAD AUDITOR

You will gain the knowledge and skills to perform an ISMS audit by applying commonly accepted audit principles, procedures and techniques.

• ISO/IEC 27001 TRANSITION

You will understand the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022 and be able to help an organization plan and implement the necessary changes to an existing ISMD in accordance with ISO/IEC 27001:2022.

WHAT IS IT?

ISO/IEC 27002 is an international standard that provides guidelines for the implementation of information security standards and practices. It applies to organizations in all sectors or sizes.

First published in 2005 and then updated in 2013, ISO/IEC 27002 was revised and published again in 2022. This new version provides a list of information security controls that are generally practiced in the information security industry and guidelines for their implementation.

This certification proves that you have acquired the knowledge and skills required to implement and manage information security controls based on ISO/IEC 27002 and enables you to implement information security management best practices in an organization. It also helps you build a comprehensive framework and improve information security management within an organization, using potential controls that can identify risks and manage them effectively.

WHY IS IT IMPORTANT?

According to ISO/IEC 27002, information security management takes a broader view of security issues related to some of the most valuable assets – business information and any individual in an organization – rather than focusing solely on technological solutions.

ISO/IEC 27002 is designed for organizations that want to develop, maintain and optimize an information security management system based on an effective control structure.

WHAT IS THE BENEFIT?

By obtaining this certification, you can support such organizations to implement and manage the information security controls specified in ISO/IEC 27002. Establishing an information security management system (ISMS) and adopting ISO/IEC 27002 guidelines at the same time means the continuity and maintenance of security processes in line with the strategic goals of organizations.

– Understand how to implement information security controls and control policies according to ISO/IEC 27002 guidelines,
– Learn the approaches and techniques necessary to effectively plan, implement and manage information security controls,
– Can see how to identify and implement appropriate information security controls in the risk management process,
– Learn how to support organizations to continuously improve their information security management systems.

You can also participate in the trainings organized to obtain PECB ISO/IEC 27002 certificate. If you are successful in the exams, you can become an information security expert recognized by PECB after receiving your certificate.

• ISO/IEC 27002 INTRODUCTION

You will understand the key controls for managing information security risks as specified in ISO/IEC 27002.

• ISO/IEC 27002 FOUNDATION

You will learn about information security management practices, including the selection, implementation and management of controls based on ISO/IEC 27002.

• ISO/IEC 27002 MANAGER

You will develop the skills required to implement, manage and communicate information security controls based on ISO/IEC 27002.

• ISO/IEC 27002 LEAD MANAGER

You will master the concepts, skills and techniques to successfully implement and effectively manage information security controls based on ISO/IEC 27002.

WHAT IS IT?

Risk assessment is a process to identify and prevent potential threats and their consequences that an organization may face.

Risk assessment is important to improve the safety and efficiency of the business, reduce costs and protect its reputation.

But what methods should we use to conduct a risk assessment? In this course, you will gain an in-depth understanding of popular risk assessment methods such as OCTAVE, EBIOS, MEHARI and harmonized TRA.

OCTAVE: Operationally Critical Threat, Asset and Vulnerability Assessment

• OCTAVE is a risk assessment method funded by the US Department of Defense and developed by the Computer Emergency Response Team (CERT).
• OCTAVE is used to help organizations prepare for planning security strategic assessments and information.
• OCTAVE is a process conducted by the organization’s own staff and includes both technical and business analysis to identify the organization’s assets, threats and vulnerabilities.

EBIOS: Expression des Besoins et Identification des Objectifs de Sécurité

• EBIOS is a risk assessment method developed by the French Central Information Systems Security Department.
• The objective of EBIOS is to assess and treat risks with an information system, which will result in helping management to make decisions and guide stakeholders to find a common set of discussions.
• EBIOS consists of five phases: identification of needs, setting security objectives, analysis of risks, treatment of risks and risk management.

MEHARI: Methode Harmonisee d’Analyse de Risques

• MEHARI is a risk assessment method developed by CLUSIF, a non-profit Information Security organization.
• The purpose of MEHARI is mostly to provide guidelines for ISO/IEC 27005 Implementation and to analyze scenario-based risk landscapes for short-long term security management.
• MEHARI consists of four phases: definition of security policy, classification of assets, assessment of risks and treatment of risks.

WHY IS IT IMPORTANT?

This certification will prove that you can identify, assess, analyze, evaluate, assess and treat the various information security risks faced by organizations.

WHAT IS THE BENEFIT?

Being certified in risk assessment methods provides many benefits for both organizations and individuals. These benefits include:

– Learn the concepts, methods and practices that allow for effective risk management based on ISO 27005,

– Implement ISO 27001 requirements for information security risk management,

– Develop the necessary skills to conduct risk assessment using different techniques such as OCTAVE, EBIOS and MEHARI,

– Can acquire the ability to effectively guide organizations on best practices in information security risk management,

– You can acquire the skills to effectively implement and manage a continuous information security risk management process.

• ISO/IEC 27005 INTRODUCTION

You will understand the key concepts, definitions, approaches and methods used to manage information security risks based on ISO/IEC 27005.

• ISO/IEC 27005 FOUNDATION

You will gain knowledge in interpreting ISO/IEC 27005 guidelines to identify, assess and manage risks related to information security.

• ISO/IEC 27005 RISK MANAGER

You will develop your skills to execute risk management processes related to information security assets following ISO/IEC 27005 guidelines.

• ISO/IEC 27005 LEAD RISK MANAGER

You will acquire the expertise to support an organization in realizing information security risks; you will follow management processes by referring to ISO/IEC 27005 guidelines.

WHAT IS IT?

Understanding how to assess risk effectively can be challenging for many industries. EBIOS as a risk assessment method will provide you with sufficient information to successfully identify and assess risk in an organization.

EBIOS (Expression des Besoins et Identification des Objectifs de Sécurité) was developed by the French Central Information Systems Security Department. The purpose of this risk assessment tool is to assess and address information security risks that will result in assisting management decision-making and guide stakeholders to find a common set of discussions.

WHY IS IT IMPORTANT?

Having EBIOS certified individuals will benefit you and the organization you work for by allowing you to identify, assess and control hazards in the workplace to protect the business and its valuable assets. Therefore, the application of this methodology will protect organizations from financial and reputational damage.

WHAT IS THE BENEFIT?

Understand the elements and concepts of risk assessment related to information security,

Using the EBIOS method you can develop the necessary skills to successfully carry out such assessments.

• EBIOS RISK MANAGER

You will understand the elements and concepts of risk assessment related to information security and develop the skills necessary to successfully perform such assessments using the EBIOS method.

WHAT IS IT?

In today’s business world, information security incidents are recognized as uncertain risks that can cause serious damage to a business. Therefore, organizations must quickly identify, assess and effectively manage incidents.

ISO/IEC 27035 Information Security Incident Management is an international standard that provides best practices and guidelines for executing a strategic incident management plan and preparing for an incident response.

ISO/IEC 27035 Information Security Incident Management provides the basic security principles for preventing and responding effectively to information security incidents. In addition, ISO/IEC 27035 includes specific processes for managing information security incidents and potential vulnerabilities.

WHY IS IT IMPORTANT?

This certification verifies that you have the knowledge and skills to identify, manage and prevent information security incidents in your organization. It also ensures that you have the expertise to continuously improve an Information Security Incident Management process and implement a detailed approach to ensure you are prepared and know how to respond to such incidents and minimize risks.

It also shows that you can help an organization detect, report and assess information security incidents, as well as respond to and manage potential vulnerabilities.

Organizations with Information Security Incident Management certification can manage business risks. Similarly, an ISO/IEC 27035 framework is an important feature of the security structure in an organization for effective information security management, incident mitigation and the ability to establish a sustainable business process.

ISO/IEC 27035 Information Security Incident Management aims to help people with extensive expertise to detect, report and assess information security incidents.

ISO/IEC 27035 Information Security Incident Management will help individuals become globally recognized security professionals and minimize the impact of any incident in an organization. This international standard applies to all individuals with an interest in information technology security and a willingness to learn the highest level of skills and knowledge to protect their organizations from security incidents and reduce business financial impacts.

WHAT IS THE BENEFIT?

By obtaining ISO/IEC 27035 Information Security Incident Management certificate, you will be able to

Understand the concepts, approaches and tools for effective information security incident management,

Learn the most advanced techniques to properly and efficiently respond to information security incidents,

Gain the necessary knowledge to establish and manage an information security incident management team,

Reduce potential disruptions and negative impacts on business operations,

Improve your information security management skills and incident process analysis,

You will learn about the best practices of information security management.

WHO IS IT SUITABLE FOR?

This certification helps individuals become globally recognized security experts and minimize the impact of any incident in an organization. This certification is intended for all individuals with an interest in information technology security who are eager to learn the highest level of skills and knowledge to protect their organization from security incidents and reduce business financial impact. With the expertise and skills you gain in this training course, the organization you work for will gain the competence to evaluate cost-benefit and resource allocation based on incident response and management capabilities to effectively respond to information security incidents.

• ISO/IEC 27035 INTRODUCTION

You will be introduced to the information security incident management process based on ISO/IEC 27035.

• ISO/IEC 27035 FOUNDATION

You will learn about the key elements of implementing a Security Incident Management Plan and be able to manage information security incidents.

• ISO/IEC 27035 LEAD INCIDENT MANAGER

You will gain the knowledge and skills to support an organization in implementing and managing an Information Security Incident Management Plan in accordance with ISO/IEC 27035 guidelines.