ISO 27001 – standard for information security

Context

Information is one of the most valuable assets of an organisation. Inappropriate handling of information or the release of confidential information harms the reputation of an organisation and can even lead to claims for damages or legal action. Apart from external threats, such as viruses, spyware or hacking, internal risks of incorrect and incomplete handling of data are crucial.

Every organisation, big or small, benefits from proper protection and correct management of information and information systems. Setting up an Information Security Management System (ISMS) is therefore a precondition for achieving accuracy, completeness, availability and confidentiality of company information. The ISO/IEC 27001 can be used as a basis for this purpose.

The most recent version of ISO/IEC 27001 was published in 2013 and ISO/IEC 27004 in 2016. It is also available in a Dutch & French version. Its structure was entirely revised according to the new High Level Structure (HLS), which matches the new structure of the 2015 editions of ISO 9001 and ISO 14001.

Target audience

This afternoon information session is particularly suited for professionals who want to get to know the ISO/IEC 27000 series:

  • ICT managers or officers
  • Information security officers
  • Employees of ICT departments
  • ICT auditors
  • ICT consultants
  • Internal auditors
  • Financial auditors
  • Risk Managers
  • Operations managers
  • Financial managers

Additional value

The standard ISO/IEC 27001 provides a framework for defining, implementing, executing, monitoring and improving information security within an organisation. Other standards from the ISO/IEC 27000 family contain more detailed guidelines for risk management or control measures.

The effective application of ISO/IEC 27001 offers the following advantages:

  • Proper protection of proprietary information.

  • Managing ICT risks and thereby avoiding reputation damage, claims or legal action.

  • Proper information security creates trust with shareholders and stakeholders.

  • Certification to ISO/IEC 27001 increases the market value of the organisation if information processing is its core business.

  • In certain sectors security is a basic requirement, especially if sensitive information is processed.

Programme

13:30  Welcome and short introduction

13:40 – 15:00  The key requirements of the new ISO/IEC 27001:2013

  • The High Level Structure (HLS) according to Annex SL
  • The key requirements of the new ISO/IEC 27001
  • Overview of the ISO 27000 family, including the latest developments

15:00 – 15:20  Coffee break and networking opportunity

15:20 – 15:50 The key elements of the ISO/IEC 27004:2016 standard – Assessment of effectivess of Infromation Security

  • Contours of the ISO/IEC 27004:2016, ISO/IEC DIS 27007, ISO/IEC PDTS 27008
  • Security techniques for monitoring, measurement, analysis and evaluation

15:50 – 16:10 Why & how to certify your organisation according to ISO/IEC 27001?

  • The audit and the certification process in practice: planning, execution, reporting formats & follow-up
  • Potential repercussions of inplementing & integrating ISO/IEC 27001 inside your organisation
  • Traps and critical success factors

16:10 – 16:55  Business Case UZA - Director ICT UZA Antwerp- Filip Goyens

  • Importance & added value of applying the International Standard ISO/IEC 27001
  • Integration of ISO/IEC 27001 into business processes
  • Practical tips & tricks in a nutshell

16:55 – 17:00 Closure

  • Final question round, followed by a networking drink

In-company training

In this type of training your requirements provide the starting point. A preliminary interview will help us adapt the content of the session to your particular needs. In-company training offers a number of specific advantages:

  • The training is tailored to the specific needs of your company. This means that your employees will be able to apply their newly acquired knowledge more rapidly after the training session.
  • Your employees will feel more involved because the exercises and cases will be specific to your company or business sector.
  • Lower cost per participant than for individual trainings.
  • Greater flexibility in the choice of the location, date and language of the training (Dutch, French or English).

 

For further information, please contact us.

NBN Academy

The NBN Academy assists organisations in understanding and applying standards. The NBN Academy is part of NBN (Bureau for Standardisation). It organises open trainings as well as in-company training on management standards. NBN is the single point of contact in Belgium for anyone wishing to develop or buy standards, or to follow training in applying management standards.

General terms and conditions

Click here for the General terms and conditions of the NBN Academy.