Sec1310cl Iso27k Ig r5.0.0 Itp Single

8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single

1/40

llllllllll

Certified ISO/IEC 27001Lead Auditor

Instructor Guide

Information Security Training


2/40

Copyright

ISO 27001 Lead Auditor, Classroom course, release 5.0.0

Copyright and Trademark Information for Partners/Stakeholders.

ITpreneurs Nederland B.V. is affiliated to Veridion.

Copyright 2013 ITpreneurs. All rights reserved.

Please note that the information contained in this material is subject to change

without notice. Furthermore, this material contains proprietary information that is

protected by copyright. No part of this material may be photocopied, reproduced,

or translated to another language without the prior consent of

ITpreneurs Nederland B.V.

The language used in this course is US English. Our sources of reference for

grammar, syntax, and mechanics are from The Chicago Manual of Style, The

American Heritage Dictionary, and the Microsoft Manual of Style for Technical

Publications.


3/40


4/40


5/40


6/40

Thispag

eha

sbe

enleftbl

ank

intentio

nally


7/40


8/40


9/40


10/40


11/40


12/40


13/40


14/40


15/40


16/40


17/40


18/40


19/40


20/40


21/40


22/40


23/40


24/40


25/40


26/40


27/40


28/40


29/40


30/40

Customer focus: Organizations depend on their customers and therefore shouldunderstand current and future customer needs, should meet customer requirements andstrive to exceed customer expectations.

Leadership: Leaders establish unity of purpose and direction of the organization. Theyshould create and maintain the internal environment in which people can become fullyinvolved in achieving the organization's objectives.


31/40

Involvement of people: People at all levels are the essence of an organization and theirfull involvement enables their abilities to be used for the organization's benefit.

Process approach: A desired result is achieved more efficiently when activities andrelated resources are managed as a process.

System approach to management: Identifying, understanding and managinginterrelated processes as a system contributes to the organization's effectiveness and

efficiency in achieving its objectives.

6. Continual improvement: Continual improvement of the organization's overallperformance should be a permanent objective of the organization.


32/40

Factual approach to decision making: Effective decisions are based on the analysisof data and information.

Mutually beneficial supplier relationships: An organization and its suppliers areinterdependent and a mutually beneficial relationship enhances the ability of both tocreate value.


33/40


34/40


35/40


36/40


37/40


38/40


39/40


40/40

(Clause 4 to 8)

ISO 27001, clause 0.1: GeneralThis International Standard has been prepared to provide a model for establishing,implementing, operating, monitoring, reviewing, maintaining and improving an InformationSecurity Management System (ISMS). The adoption of an ISMS should be a strategicdecision for an organization. The design and implementation of an organizations ISMS isinfluenced by their needs and objectives, security requirements, the processes employedand the size and structure of the organization. These and their supporting systems areexpected to change over time. It is expected that an ISMS implementation will be scaled in

accordance with the needs of the organization, e.g. a simple situation requires a simpleISMS solution.

This International Standard can be used in order to assess conformance by interestedinternal and external parties.

Sec1310cl Iso27k Ig r5.0.0 Itp Single

Documents

Transcript of Sec1310cl Iso27k Ig r5.0.0 Itp Single