Finesto Advisors logo.png


Mastering the implementation and management of an
Information Security Management System
(ISMS) based on ISO/IEC 27001


Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO/IEC 27001; Initiating an ISMS

  • Introduction to management systems and the process approach

  • Presentation of the standards ISO/IEC 27001, ISO 27002 and ISO 27003 and regulatory framework

  • Fundamental principles of Information Security

  • Preliminary analysis and establishment of the level of the maturity level of an existing information security management system based on ISO 21827

  • Writing a business case and a project plan for the implementation of an ISMS

Day 2: Planning the implementation of ISMS based on ISO/IEC 27001

  • Defining the scope of an ISMS

  • Development of an ISMS and information security policies

  • Selection of the approach and methodology for risk assessment

  • Risk management: identification, analysis and treatment of risk (drawing on guidance from ISO/IEC 27005

  • Drafting the Statement of Applicability

Day 3: Implementing ISMS based on ISO/IEC 27001

  • Implementation of a document management framework

  • Design of controls and writing procedures

  • Implementation of controls

  • Development of a training & awareness program and communicating about the information security

  • Incident management (based on guidance from ISO 27035)

  • Operations management of an ISMS

Day 4: Controlling, monitoring, measuring and improving an ISMS; certification audit of the ISMS

  • Controlling and Monitoring the ISMS

  • Development of metrics, performance indicators and dashboards in accordance with ISO 27004

  • ISO/IEC 27001 internal Audit

  • Management review of an ISMS

  • Implementation of a continual improvement program

  • Preparing for an ISO/IEC 27001 certification audit

Day 5: Certification Exam

Who should attend?

  • Project managers or consultants wanting to prepare and to support an organization in the implementation of an Information Security Management System (ISMS)

  • ISO/IEC 27001 auditors who wish to fully understand the Information Security Management System implementation process

  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks

  • Members of an information security team

  • Expert advisors in information technology

  • Technical experts wanting to prepare for an information security function or for an ISMS project management function

Learning objectives

  • To understand the implementation of an Information Security Management System in accordance with ISO/IEC 27001

  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an Information Security Management System

  • To understand the relationship between the components of an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization

  • To acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS as specified in ISO/IEC 27001

  • To acquire the necessary expertise to manage a team implementing ISO/IEC 27001

  • To develop the knowledge and skills required to advise organizations on best practices in the management of information security

  • To improve the capacity for analysis and decision making in the context of information security management

Course duration

  • Duration of the course in 5 days, including certification exam

  • 5 days course include training materials, lunch and coffee brakes and Certificate

  • The minimum number of participants (to organize the course) should be 5 persons

  • Course language is English (exam is available in English, Spanish, French and Portuguese)

Available options for course weeks:

  • Please propose the suitable course week for your company

Course will take place in Helsinki or in your companies other location in Finland / or in Larnaca, Cyprus as another option.
Travel and accommodation expenses should be covered by participant.