ISO 27001: ISMS Auditor / Lead Auditor Training Courses (Information Security Management Systems)

This 5-days Information Security Management Systems (ISMS) Auditor / Lead Auditor training course provide information security professionals with the knowledge and skills required to assess the conformance of an organizations information security management systems to ISO 27001. This course is accredited by International Register of Certified Auditors (IRCA) with the instruction, course content, course duration and administration regulated by IRCA. IRCA Certificate (Course ID: A17533) will be issued upon successful completion of the Training Course.

IRCA Certified Training Course (Course ID: A17533)

Benefits
Successful completion of a IRCA certified ISMS Auditor / Lead Auditor training course will satisfy the training requirements for IRCA certification to all grades of Information Security Management Systems (ISMS) Auditor. Detailed reference to http://www.irca.org. Recognize your competence; International recognition; Improve your CV / resume; Increase your credibility; Increase earning potential.

Who Should Attend?

Those wishing to implement a formal Information Security Management System (ISMS) in accordance with ISO 27001; Existing security auditors who wish to expand their auditing skills Consultants who wish to provide advice on ISO 27001 systems certification; IT and Quality Professionals

Requirements of knowledge & background

Experiences of IT security or Security Management; Experiences of ISO27001; Knowledge of the principles of Security Management Systems; Information

Course Objectives
At the end of this Training Course, you will be able to: Explain the purpose and benefits of Information Security Management System (ISMS); Explain the process (PDCA, PlanDoCheckAct) approach; Explain the processes in establishing, implementing, operating, monitoring, reviewing and improving an ISMS as defined in ISO 27001; Explain the purpose, content and relationship of ISO 27001, ISO 27002 and ISO19011, ISO/IEC TR 13335 (GMITS, Guidelines for the management of IT Security) part 3 and 4, EA 7/03 and legislative framework relevant to ISMS; Explain the roles of an auditor to plan, conduct, report and follow up an ISMS audit in accordance with ISO 19011; Interpret the requirements of ISO 27001 in the context of an ISMS audit; Undertake the roles of an auditor to plan, conduct, report and follow-up an audit in accordance with ISO 19011.

Information

Course Content
A combination of tutorials, workshop exercises and roleplay, including the following topics: Relevant standards, ISO27001, ISO 27002, ISO / IEC TR 13335 part 3 and part 4, ISO 19011; Information security; The importance of information security; Assessing security threats and vulnerabilities; Management of information security risks; Selecting security controls; Information Security Management System (ISMS); Auditing to ISO 27001; ISO 27001 auditing techniques; Managing and leading a ISO 27001 audit team; Audit reporting; Comprehensive course materials; Formal written examination ISO 27001 Lead Auditor Qualification.

. Trainings . Workshops . Empowering . Excellence . Quality . Teamwork .

HRD Approved Class A Training Provider (since Year 2002). Registered with Ministry of Finance

ISO 27001: ISMS Auditor / Lead Auditor Training Courses (5 Days)

DAY 1 08:30 09:00 Description / Objectives Coffee / Registration / Welcome Ice-Breaker: Self introduction of Tutors & Delegates Presentation 1: Introduction 1. Introduction/IRCA Auditor Certification Scheme Course Overview Course Learning Objectives and continuous assessment process Course Methodology Accelerated Learning DAY 2 09:00 09:30 Description / Objectives Recap of Day 1student understandingperformance review Presentation 5: Risk management (due to ISO/ IEC TR 13335 part 3 & 4) 1. 2. Systematic approach to risk assessment Risk management process Risk assessment Risk treatment SOA

09:15

2. 3.

4. 5. 09:45

Workshop 5: Risk identification, assessment and management (include 15 minutes break) 11:40 Presentation 6: Audit Types and Levels 1. 2. 3. 4. 5. 6. 12:00 13:00 Certification industry Different types of Audit Philosophy of Audit Typical audit activities Competence of Auditors Interactive discussion

Presentation 2: An Overview of Information Security Management System 1. 2. 3. 4. Information Security Background to ISO 27001 & ISO 27002 Using ISO 27001 as a model for ISMS Interrelationships between ISO 27001 & ISO 27002

10:15 10:30 11:45

Break Workshop 1: ISMS (ISO/IEC 27001) structure Presentation 3: ISO/IEC 27001 Management Issues Lunch Workshop 2: Intent of management system clauses of ISO/IEC 27001 Presentation 4: ISMS Controls 1. Annex A 15:30 15:45 16:00 18:00 13:15

Lunch Presentation 7: Audit Planning and Stage One Audit 1. 2. 3. Audit Planning Stage One Audit Interactive discussion

12:00 13:00

14:30

Workshop 6: Audit planning, team composition and document review Break Presentation 8: Audit Plan Workshop 7: Audit Plan End of Day 2

14:45

Workshop 3: ISO/IEC 27001 controls (include 15 minutes break) Workshop 4: Documentary requirement End of Day 1

16:30 18:00

IDC Training House Sdn Bhd No 7, Unit 8, Jalan Industri PBP3, Taman Industri Pusat Bandar Puchong, 47100 Puchong, Selangor, Malaysia.

+603-80615126 / 8720 +603-8068 7720

info@idc-training.com www.idc-training.com

ISO 27001: ISMS Auditor / Lead Auditor Training Courses (5 Days)

DAY 3 09:00 09:30 Description / Objectives Recap of Day 2 student understanding performance review Presentation 9: Audit Checklist and Questionnaire Workshop 8: Audit Checklist (include 15 minutes break) Presentation 10: Process and process audit 1. Process 2. Process Approach 3. Skill of Process Audit Lunch Workshop 9: Process and process audit Presentation 11: Overview of On-Site Audit Process (Stage two audit) Presentation 12: Meeting 1. Opening meeting 2. Daily review meeting 3. Team meeting 4. Interactive discussion Break Workshop 10: Preparation of Opening Meeting Workshop 11: Conduct Opening Meetings End of Day 3 14:20 15:30 15:45 18:00 DAY 5 09:00 09:30 DAY 4 09:00 09:30 Description / Objectives Recap of Day 3student understandingperformance review Presentation 13: Collection information & Audit Skills 1. Collection information/ objective evidence 2. Audit Skills Sampling Conducting interviews Questioning Note taking Generic 3. Interactive discussion Workshop 12: Preparation of On-site Auditing Break Workshop 13: Conduct Auditing Lunch (Audit activity continued) Presentation 14: Audit findings and Nonconformity 1. Audit Findings 2. Nonconformity 3. Classification of nonconformity 4. Interactive discussion Workshop 14: Classification of Finding Break Presentation 15: Writing Nonconformity Report; NCR End of Day 4

11:35

12:00 13:00 14:45 15:00

10:30 10:45 12:00 13:00 14:00

15:15 15:30 16:00 18:00

10:30 10:45 11:00 12:00 13:00 14:00

14:15

14:30

14:45 15:00 17:00

Description / Objectives Recap of Day 4 student understanding - performance review Presentation 16: Preparing Audit Conclusion and Closing Meeting 1. Preparing Audit Conclusion 2. Draft Audit Report (summary report) 3. Closing Meeting Workshop 16: Auditing review, preparing audit conclusion & Closing Meeting 1. Preparing Audit Conclusion 2. Writing Draft Audit Report (summary report) 3. Preparing Closing Meeting Break Briefing for Closing Meeting & Role Play Workshop 17: Conduct Closing Meeting Lunch (Closing Meeting activity continued) Presentation 17: Audit Report and Corrective/Preventive process 1. Audit Report 2. Corrective/Preventive process Presentation 18: ISMS certification audit 1. Certification Audit 2. Surveillance Audit 3. Repeat Audit 4. Interactive discussion Final discussion and Course review Student course feedback forms Response Course evaluation form Examination Briefing Break Examination: ISMS Lead Auditor Examination End of Course

IDC Training House Sdn Bhd No 7, Unit 8, Jalan Industri PBP3, Taman Industri Pusat Bandar Puchong, 47100 Puchong, Selangor, Malaysia. Tel: +603- 8061 5126 / 8061 8720 / 8060 8720 / 8060 7720 Fax: +603- 8068 7720 Email: info@idc-training.com URL: www.idc-training.com

TESTIMONIALS & CLIENTS for ISMS Training Courses

Our Recent Participants are from:

Malaysian Administrative Modernisation And Management Planning Unit

Feedback from participants

The ISMS Lead Auditor Training course was organized by IDC Training House in an efficient manner. I highly recommend organizations to send their employees for the ISMS Lead Auditor Training organized by IDC Training House. The presentations by the Instructor (Mr. Philip Ku) were clear, and understandable. The training objectives for each topic were identified, and followed. The training materials were relevant, and well organized. The week-long training met my expectations. I would rate the training overall as excellent. After the training, and the examination, I'm able to strength the value proposition of the internal control process, and establishing greater assurance in risk management, and compliance for my organization. Thanks Mr. Philip Ku and IDC!!! Vijandran Ramasamy Senior Information Security Officer ISM Insurance Services Malaysia Berhad I wish to extend my sincere thanks for the courses organized by IDC Training House. I'm very pleased and impressed with the facilities provided by IDC. The engagement of tutors is extremely highly professional qualified with the experience, expertise, skills, deliverables, knowledge transferred, relationship, etc will definitely worth the fees, time, effort spend for attending the courses. A good example, I've build my total confidence in gaining the ISO 27001: 2005 Certification Audit within 3 months after attending the ISO 27001 Lead Auditor course in May 2007. I will highly recommend IDC Training House to whom that wishes to gain the extra knowledge and skills to contribute to the organization growth, or personal development. Elissa Cher CCNA, CISA, CISSP, ISMS Implementer & LA Malaysian Assurance Alliance Bhd The class is really fun & productive as it provides a lot of interaction case studies among lecturer & students rather than just ton of theories that make it a difference. I would strongly recommend the training course to those who wants to learn to be the ISMS auditor or want to understand the mindset of the ISMS auditor during the audit process!!! Henry Ho Kien Wai Head, Group IT KUB Malaysia Bhd The ISMS Implementation organized by IDC is a good exposure and knowledgeable for organization that has intention to perform ISMS implementation and certification. From the course, I learnt the skills and processes on how to establish ISMS, the controls and risks involvement in the ISMS implementation. I strongly recommend to organization that has intention to pursue towards ISMS certification. Lastly thank you to the instructor (Philip Ku) as well as to IDC for the well coordination work and assistance to make the workshop a success. Khor Hong Leng Security Management Eon Bank Berhad

IDC Training House Sdn Bhd No 7, Unit 8, Jalan Industri PBP3, Taman Industri Pusat Bandar Puchong, 47100 Puchong, Selangor, Malaysia. Tel: +603- 8061 5126 / 8061 8720 / 8060 8720 / 8060 7720 Fax: +603- 8068 7720 Email: info@idc-training.com URL: www.idc-training.com

Trainers Profile

Philip Ku
Mr. Philip Ku has more than 15 years hands-on experience in Information Technology. Philip

graduated with Master of Advanced Business Practice degree (2001 2003) from University of South Australia, DBA (Doctoral of Business Ma s t e r Administration) of Business

Philips qualifications include: IRCA ISMS (ISO 27001) lead tutor TGA (German accreditation body) registered ISMS auditor JAS-ANZ (Australia and New Zealand accreditation body) registered
ISMS Lead Auditor

IRCA Accelerated Learning methodology IRCA and TUV ISMS (ISO/IEC 27001) / ITSMS (ISO/IEC 20000) /
BCMS (BS 25999) Lead Auditor

IRCA Certified ISMS / ITSMS / BCMS Auditor / Lead Auditor training

course Lead Tutor

programme,

Administration (MBA) degree (1995 1997) from Leicester University, British England and Electronic Engineer and Computer Science degree (1984 1989) from College, Taiwan. Kuang-Wu

IT security product evaluation training Germany Bonn, German Federal

Office for Information Security (BSI, Bundesamt fr Sicherheit in der Informationstechnik) and licensed Common Criteria (ISO 15408) Evaluator

More than 5,000 individuals of various levels have benefited from Philips trainings. The participants were from various industries in public, private and government sectors: MAMPU (Malaysia Administrative Modernisation And Management
Planning Unit)

He served 4 years as the Director and another 4 years as Manager of Digital United Telecom Inc. Furthermore, he worked as Engineer and team leader to Institute for Information Industry (III) since year 1992 to 1995. In his years of experience, he has various achievements and references in organizational and worldwide, Indonesia,

Thailand, Vietnam, Taiwan, China, Malaysia, Poland, Germany, Greece, India, Czech Republic and Slovak Republic.

SMPKE Division, Prime Ministers Office, Putrajaya Malaysia Suruhanjaya Sekuriti (Securities Commission Malaysia) ISM Insurance Services Malaysia Berhad Measat Broadcast Network System Sdn Bhd Dagangnet Technologies Sdn Bhd Malaysia Airlines, MEPS Sime Darby, TUV Nord HSBC Bank & many others

The achievements and references include accreditation of IRCA Training Organization, development of site security inspection

scheme, ISMS Lead auditor training course, establish the CC ITSEF and etc.

Moreover, Philip has attended numerous networks and business related seminars, workshops, and conferences since 1992. These can be categorized into different categories; management system and security related, data communication, database, software and business management. This gave him a special edge to share his knowledge in the areas of IRCA registered ISO 9000 Lead Auditor, CISCO (ICRC ACRC Hardware maintenance Internetworking design ISP service develop workshop), Oracle Web application server installation and Oracle7 for Solaris in concept and installation.

IDC Training House Sdn Bhd No 7, Unit 8, Jalan Industri PBP3, Taman Industri Pusat Bandar Puchong, 47100 Puchong, Selangor, Malaysia.

+603-80615126 / 8720 +603-8068 7720

info@idc-training.com www.idc-training.com

Trainers Profile

Philip Ku
COURSES & I.T. SERVICES BY PHILIP KU:
Business Continuity Management Systems (BCMS: BS 25999-2) Data Protection and Privacy service Data Center Design and Security Management Information Security Management & Technical services Information Security Management Systems (ISMS: ISO 27001) Personal Information Management System (PIMS: BS 10012)

Philips Experience in Telco related industries:

Philip was the Senior Director of Digital United Inc. (also known as SEEDNET) from 1995 to 2003. The core businesses of the company is Telecommunication and Internet Service Provider, providing data and voice communication services; line leasing such as dedicated line, ADSL, dial-up; cable internet integrated with Cable TV operator; managed network services call center and other network solutions. As a Senior Director of the company, Philip was responsible to:

Managed services; New business / services development for VoIP cooperate with mobile operators, Symantec in security and Microsoft Taiwan in ASP business; Manage of corporate customer service center, including business intelligent system development using Oracle and OLAP tools; Developing Call Center with ticketing, tracking systems integrated with workflow; Built up 12 service stations in Taiwan from networking topology, construction, to cabling; Phone system: Database Administrator, DBA (Oracle) System Administrator (Sun Solaris, HP Unix, IBM R6) Network Administrator (Cisco router, switch / TCP/IP, Fiber, ADSL, ISDN, X.25 etc.)
Other then his career backgound, the telecoms below are currently the customers of Philip: Taiwan Mobile, FarEastTone Telecom and Chunghwa Telecom in Taiwan; DTAC Telecom, CAT Telecom and TrueMove Telecom in Thailand.

IDC Training House Sdn Bhd No 7, Unit 8, Jalan Industri PBP3, Taman Industri Pusat Bandar Puchong, 47100 Puchong, Selangor, Malaysia. Tel: +603- 8061 5126 / 8061 8720 / 8060 8720 / 8060 7720 Fax: +603- 8068 7720 Email: info@idc-training.com URL: www.idc-training.com

ISO 27001: ISMS Auditor / Lead Auditor Training Course Limited to

10 pax only!

REGISTER NOW!
Fax : +60 3 8068 7720 Tel : +60 3 8061 5126 / 8720 +60 3 8060 8720 / 7720 Email: info@idc-training.com
Workshop Schedule
5 Days: 9am - 6pm Registration begins at 8.45am on Day 1.

26 - 30 March 2012
IDC Training House, Puchong, Selangor, Malaysia DELEGATES
1 Name Job Title Email Mobile 2 Name Job Title Email Mobile 3 Name Job Title Email Mobile : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________

Break Session
Morning Break: 10.30am - 10.45am Lunch: 1pm - 2pm, Fri: 12.30pm - 2.30pm Afternoon Break: 3.30pm - 3.45pm

Items To Bring

Sweater / Jacket (temperature in Training Room fluctuates) Laptop (Optional - but would be useful) Lots of Questions & a CAN-DO attitude Stationeries will be provided

TRAINING DEPARTMENT
Name Job Title Email Tel No. : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________

Map to Training Venue

Please download the location map from http://www.idc-training.com/map/idc_map.jpg

General Information
1. Closing date for registration: 6 March 2012 2. Fees: Include Course Materials, Lunch, Tea breaks, Certificate and Photo 3. Meals: Vegetarian meal upon request 4. Attire: Smart Casual 5. Accommodation: Please provide us the Check-In & Check-Out Date for hotel bookings. Payment by pax account. 6. Course Confirmation: Will be sent via email

INVOICE TO
Name Job Title Email Tel No. Fax No. : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________ : ____________________________________

Disclaimer
IDC reserves the right to make alternative arrangement to the Course Contents, Date, Trainer, Venue or Fee if the needs arise due to unforeseen circumstances.

Organization : ____________________________________ Address : ____________________________________ ________________________________________________ ________________________________________________

Thank you for your registration! PAYMENT DETAILS

All payments must be received prior to the event date. Bank Transfer Account Holder: IDC Training House Sdn Bhd Account No: 091-201-200378-6 Swift No: ARBK MYKL Name of Bank: AmBank (M) Berhad Bank Address: G01 Block A, Menara PJ, No. 18, Jalan Persiaran Barat, 46050 Petaling Jaya, Selangor, Malaysia

FEES

(HRDF/PSMB Claimable)

RM 5,300 per delegate RM 5,100 - Registration with payment before 15 Feb 2012 RM 4,800 - 3 delegates or more
The fee does not include any taxes (withholding or otherwise). In case of any taxes applicable, the client has to ensure that the taxes are paid on top of the investment fee paid for the course. Compliance with the local tax laws is the responsibility of the client.

* Save up to 50% for In-house Trainings (subject to courses) For Enquiries, please contact info@idc-training.com

IDC Training House Sdn Bhd (594752-M) No. 7, Unit 8,Jalan Industri PBP 3, Taman Industri Pusat Bandar Puchong, 47100 Puchong, Selangor, Malaysia