Certified Information Security Management (ISO 27001) Foundation (CISMF)
GSDC’s Certified Information Security Management (ISO 27001) Foundation Certification has an end goal to share the knowledge about controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. By extension, ISM includes information risk management, a process that involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders. This requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets. As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001 standards on information security.
The Information Security Management (ISO 27001) Foundation is specially curated to shape the professionals in a way that they can handle threats, vulnerabilities, and mitigation. This certification empowers the participants to create, implement, communicate and evaluate any organization’s security policies, procedures, and objectives in order to achieve a better guarantee of an organization’s overall information security.
Course Fee: NGN 80,000.00
Certified Information Security Management (ISO 27001) Foundation Certification’s main objective is to provide the participants with an understanding of:
1. The range of application for an ISMS
2. Information security-related legislation applicable to the country(s) of operation
3. Techniques and tools used in information security management
4. The potential business impacts of ISMS
5. Importance of asset and owner identification
6. Control objectives and how these are addressed
7. Risk assessment and identification
8. Threats, vulnerabilities, and impacts
9. Difference between risk assessment and risk evaluation
10. The methodology of risk treatment, application, residual risk and review of the risk treatment plan
11. Importance of the statement of applicability in the ISMS, and how it is used
12. Difference between an IS event and incident.
• ISMS auditors, such as those employed/contracted by third-party certification/registration bodies and those involved in first or second-party ISMS audits.
• Information security practitioners, such as information security consultants, IT security managers and IT personnel.
• Employees conducting ISMS audits within their own organization (internal audits).
After the completion of this certification, the participants will have access to:
• Practical knowledge of information security.
• Better job opportunities with enhanced credibility and marketability.
• Valuable resources like peer networking and idea exchange.
• A network of globally accredited industries and subject matter experts.
• Security information resources.
• Business and technology orientation to risk management.
• 40 multiple-choice questions
• Participants must score a minimum of 65% of the total marks (i.e. 26 out of 40) to pass this examination.
• 60-minutes duration.
In case the participant does not score the passing %, a 2nd attempt is granted at no additional cost. Re-examination can be taken up to 30 days from the date of the 1st exam attempt.
• Understand the advantages of ISMS
• Understand the purpose of ISO 27001
• Information Security: Who is responsible?
• Information Asset Classification
• Password Security
• Spam & Malware Protection
• Email Security
• Clear Desk & Clear Screen
• Mobile Usage : Best Practices
• Social Media Usage : Best Practices
• Social Engineering
• Physical Security
• Information Security Incidents