Workshop one: An Overview of Information Security Management System:
- The purpose and business benefits of an ISMS.
- Plan-Do-Check-Act framework and its application to information security management processes.
- The intent of Annex SL Appendix 2 & ISO/IEC 27001: 2013 structure.
- Relevant Common Terms (ISO 27000:2014).
Workshop Two: Scope, Policies and Objectives of the ISMS – (case study):
- Purpose and the intended outcome(s) of the ISMS and the relevant external and internal issues.
- Interested parties and any relevant requirements.
- Scope of ISMS.
- Information security policy and objective.
- Documentary requirement.
Workshop Three: Documentary requirement.
Workshop Four: Risk Management (Assessment, Analysis and Treatment) - (base on case):
- Evaluate the actions to address risks and opportunities.
- Risk assessment process.
- Risk treatment process.
- Statement of Applicability.