Information Security

Information Security Officer (ISO)

The IT Security Act requires operators of critical infrastructures (KRITIS) to introduce and maintain an Information Security Management System (ISMS).

Well-trained information security officers make a significant contribution to the creation and maintenance of information security. In our 4-day course, you will receive the necessary know-how in an intensive and practice-oriented manner on how to ensure the protection of data and information when developing, adapting, implementing and monitoring IT security guidelines.

You will learn how to set up an information security management system (ISMS) and the necessary guidelines of international and German standards as well as the necessary information about the technologies, processes, analyses and documentation used in IT security within a company.

On-Site/Virtual

Preise ab€ 3.250 zzgl. 19% Ust

duration: 5 days

Level: Einsteiger

Code: ISO

CPEs: 37

Buchen Sie noch heute online oder rufen Sie uns an unter +49 7031 2024742, wenn Sie Hilfe bei der Auswahl des richtigen Kurses benötigen oder über Firmenrabatte sprechen möchten.

Learn how to implement the requirements of ISO/IEC27001:2022 in practice.

Your benefits

Schönbrunn TASC is a DEKRA accredited training organization (ATO). This means that you have access to official DEKRA course materials and can take your Information Security Officer (ISO) exam during the course at the Schönbrunn TASC Training Center. If you do not pass the exam on your first attempt (which we do not expect), our performance guarantee covers you - this means you train for free the second time.

• You learn in small groups (max. 10 participants per course)
• In-house modern training room and test center in a distraction-free, quiet atmosphere (PSI/ Pearson Vue/ Kryterion)
• Experienced, constantly trained trainers guide you through the course
• You will receive comprehensive training materials, manuals and case studies for self-study
• Interactive discussions and group work will help you in the application
• A small breakfast, lunch, snacks and drinks are provided throughout the day
• hotel recommendations near the training and test center
• it is possible to take the exam at the Schönbrunn TASC test center afterwards**

Requirements

• At least one year of professional experience (full-time) in the field of IT/information security
• Advanced IT knowledge (network infrastructure, administration, strategic planning)
• Knowledge of management systems is desirable

Target group

The Security Officer training course is aimed at executives, management officers, data protection officers, IT managers and consultants, IT security officers

Training schedule

1. Basics of information security

   • Definition of information security and its importance for organizations.
   • Values of information security
   • Protection goals of information security
   • Security events and incidents

2. Information security management system (ISMS)

   • Management system
   • Difference between policies, processes, procedures, documents and records
   • Explanation of documented information
   • Process orientation in the implementation and maintenance of a management system
   • Deming cycle (PDCA)
   • Audit and improvement
   • Importance and objectives of an information security management system (ISMS)
   • Advantages of implementing an ISMS
   • Awareness and commitment of employees in maintaining an ISMS
   • VDA ISA vs. ISO/IEC 27001

3. Information security management system vs. IT service management

   • Fundamentals and processes of IT service management.
   • Understanding the differences and interfaces between ISMS and IT service management.
   • Role of information security in IT service management.

4. Norms and standards of information security

   • Overview of information security norms, standards and frameworks.

5. Overview of the ISO/IEC 27000 series of standards

   • Overview of the ISO/IEC 27000 series and its structure.
   • Insight into relevant parts of the series of standards.

6. Requirements of ISO/IEC 27001

   • Detailed consideration of the requirements of ISO/IEC 27001 (chapters 4 - 10) and their significance for the organization.
   • Structure of an ISMS in accordance with the ISO 27001 requirements.

7. Objectives and measures (Annex A of ISO/IEC 27001; ISO/IEC 27002)

   • Analysis and selection of measures and measure objectives from Annex A.
   • Implementation and monitoring of the selected measures.

8. Data protection requirements

   • Important data protection processes
   • Anchoring of ISMS & data protection processes.

9. Roles and responsibilities in the ISMS

   • RACI matrix
   • Roles and responsibilities for implementing and maintaining an ISMS

10. Security technologies and cryptography

    • Overview of various security technologies, measures and their areas of application and implementation in practice.
    • Basics of cryptography and its importance for information security.

11. SoA and scope

    • Development of the Statement of Applicability (SoA) and definition of the scope for the ISMS.
    • Best practices, examples and faux pas

12. Risk analysis and assessment

    • Differences between primary & secondary assets.
    • Identification and classification of assets in the organization.
    • Learn methods for performing risk analysis.
    • Assess risks and determine appropriate treatment measures.

Certification

Information Security Officer (ISO)

Duration: 60 minutes

Format: Multiple Choice

Languages: German

The ISO 27000 ff series of standards is approved as an aid