ISO 27001:2005 Information Security Management Course Fees are

System Implementation Course claimable –

HRDF/SBL
Date: 6 – 8 April 2010 ¡ Venue: Federal Hotel, Kuala Lumpur

Course Description
Organisations are becoming increasingly aware of the value of their business-critical information and the need to protect
their information-related assets. An information security management systsms (ISMS) is a risk management approach to
maintaining the confidentiality, integrity and availability of the organization’s information. This three-day course leads you
through a series of exercises following the requirements of ISO 27001:2005 for ISMS implementation. Key
implementation stages are illustrated by case study examples of techniques using both simple office tools (i.e.
spreadsheets) and specialized information risk management software.

Benefits to Your Business

You will learn practical information risk management techniques that cover the advice and requirements of the ISO 27000
series of standards for information security management; their relation to ISO 17799, BS 7799 and business continuity
management; and future developments in best practice. The ISO 27000 series is an emerging body of international
standards designed to help you maintain information security in your organization, replacing the ISO 17799 and BS 7799
standards. In the coming years, the ISO 27000 series will become a comprehensive body of documents providing a
certification specification for information security management systems; a code of practice on security safeguards or
controls; and a number of reference documents on implementation guidance, measurements or metrics, and risk
management methodology.
Who should Attend?
• Those wishing to implement a formal
Information Security Management System
Course Structure (ISMS) in accordance with ISO. Those tasked
• Background to the standards with improving and management information
• Objectives of and ISMS security management in the organization.
• Code of Practice ISO 17799:2005 Attendees should have a basic knowledge of
• Certification Specification ISO 27001:2005 networks and information systems, and
competence in using normal office software
• Certification to ISO 27001:2005 tools (i.e., word processors, spreadsheets
• The ISO 27000 Series of Standards and presentation software).
• Defining the Scope and Boundaries of an ISMS • Consultants who wish to provide advice on
• Information Security Policy ISO 27001:2005 systems certification.
• Information Risk Assessment • Security and Quality Professionals.
• Information Risk Management
• Implementing and Operating the ISMS
• Monitoring and Reviewing the ISMS Call Evelyn at
• Maintaining and Improving the ISMS Tel: +03-2032 2252 Ext 110
• Management Responsibility, Audit, Review and Fax: +03-2032 2253
Improvement H/P: +012-2122 576
• Business Continuity Management Email: evelyn.chye@bsigroup.com

Course Director
David Pye has been commissioned by the British Standards Institution (BSi) in
Singapore to write and direct their new series of ISO 27000 awareness and
implementation courses. He is trained in the BSi’s methodologies for both Training Fee
implementing and auditing information security management systems. With a RM3,200/participant
background of World Bank, Government and private technical project
management around Asia since 1990, David specializes in planning and * Group Discount is available for
implementation. He works with a number of educational institutions and private registration 3 or more
training providers in the Asian region; maintains strategic partnerships with participants from the same
security practitioners around the world; participates in security and standards- organization.
related organizations, and has written occasional articles for the Singapore and
Malaysia press. David is a member of the Singapore working group contributing
to the development of the ISO 27000 series of standards.