Skip Ribbon Commands
Skip to main content

CISMS-LA - Certified Information Security Management Systems Lead Auditor

Price:

Duration: 4 Days

Audience:

Level:

Technology:

Delivery Method:

Software Assurance Value:

Microsoft CPE:

Course Information

Course Description

​The Certified Information Security Management Systems—Lead Auditor certification course prepares students to competently lead audits of information security management systems (“ISMS”) to ensure that they meet ISO/IEC 27001 standards in any organization.  The ISMS ISO/IEC 27001 Audit Methodology:

  1.  Planning

  2.  Control Evaluation

  3.  Substantive Testing

  4.  Completion


Course Objectives

​Upon CompletionStudents will:

Have learned the ISMS audit principles, procedures and techniques.

Acquire the necessary knowledge to manage an ISMS audit

Be ready to perform an ISO/IEC 27001 audit.

Be ready to sit for the C)ISMS-LA exam


RELATED / Follow-on Courses:

C)ISMS-LI: Information Security Management Systems-Lead Implementer


Course Audience

​he C)ISMS-LA was designed to prepared students to perform information security management systems audits according to the ISO/IEC 27001 international standard. We recommend a background in systems with an interest in performing these ISO/IEC 27001 audits before taking this class.

Internal Auditor

IT Auditor

IT Consultant

Chief Information Officer

Security Consultant


Course Outline

​Intro

Housekeeping

Course Structure

Examination

Certification

Agenda

Exercise 1

Introductions

Learning objectives

Exam and

Certification Objectives

Goal of ISO27001:2013

ISO27001:2013

Implementation objectives

Implementation objectives cont.

The Purpose of Audit


The ISO/27001:2013

Agenda

The ISMS

The ISMS

Integration

Suitable for

Organizations of all Sizes

Assessment

The Evolution of ISO27001, 2

Recent Updates

ISO27002

Control Hierarchy

ISO27001

The ISMS

Constant Change

and Improvement

Adoption of the ISMS

Exclusions


Information Security and Key Controls

Agenda

Key Terms

Information

Information Security Definition

Information Security

Context of the Organization

Leadership

Planning

Planning Continued

Planning Continued

Support

Support Continued

Support Continued

Operation

Performance evaluation

Improvement


Risk Management

Agenda

Definitions

Risk

Risk cont.

Risk cont.

Risk Management Principles

Information Security Risk Management Practices

Information Security

Risk Assessment

Define a Risk

Assessment Approach

Identify Risks

What Is the Value of an Asset?

What Is a Threat Source/Agent?

What Is a Threat?

What Is a Vulnerability?

Factors used in Risk Estimation

Output of Risk Evaluation Process


Risk Treatment

Agenda

Risk Treatment

Definitions

Definitions Risk

Treatment Continued

Definitions Risk

Treatment Continued

Definition of Controls

Examples of Types of Controls

Control Usage

Risk Treatment Options

Risk Definitions

Comparing Cost and Benefit

for Control Selection

Cost of a Countermeasure

Appropriate Controls

Statement of Applicability

Information Security

Risk Monitoring and Review

Monitoring Change in Risk


Audits and Auditors

Agenda

Audits and Auditors Topics

Audit

Audit Evidence

Audit Evidence

Definitions

Audit Criteria

Audit Types

Why Perform

Different Audit Types?

Benefits of Internal ISMS Audits

Audit Roles

Lead Auditor Responsibilities

Auditor Duties

Skills and Behaviors of Effective Auditors

Auditor Competencies


Auditing the Information Security Management System

Agenda

ISO27001 Audit Objective

Audit Standards


Planning and Conducting an Audit

Agenda

Audit Process

Audit Program

Audit Schedules

Preliminary Visit

Audit Planning

Audit Planning

Stage 2 of Audit Process

Stage 2 Audit Plan

The Opening Meeting

Checklist Benefits

Checklist Drawbacks

Reporting on Non-compliance

Nonconformity Report Format

Major Nonconformity

Major Nonconformity Examples

Major Nonconformity Examples

Minor Nonconformity

Minor Nonconformity Examples

Guidelines for Writing

a Non-conformity Report

Example of Writing

a Nonconformity Report

Audit Conclusions

Surveillance and Follow-up Visits

Summary

The Examination


Course Prerequisites

​A basic familiarity with information systems and an interest in the Information Security Management Systems auditing process.

Course Schedule
This course is not scheduled yet.

Upcoming Training

APCERT - A+ Certification