8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
1/40
llllllllll
Certified ISO/IEC 27001Lead Auditor
Instructor Guide
Information Security Training
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
2/40
Copyright
ISO 27001 Lead Auditor, Classroom course, release 5.0.0
Copyright and Trademark Information for Partners/Stakeholders.
ITpreneurs Nederland B.V. is affiliated to Veridion.
Copyright 2013 ITpreneurs. All rights reserved.
Please note that the information contained in this material is subject to change
without notice. Furthermore, this material contains proprietary information that is
protected by copyright. No part of this material may be photocopied, reproduced,
or translated to another language without the prior consent of
ITpreneurs Nederland B.V.
The language used in this course is US English. Our sources of reference for
grammar, syntax, and mechanics are from The Chicago Manual of Style, The
American Heritage Dictionary, and the Microsoft Manual of Style for Technical
Publications.
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
3/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
4/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
5/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
6/40
Thispag
eha
sbe
enleftbl
ank
intentio
nally
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
7/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
8/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
9/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
10/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
11/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
12/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
13/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
14/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
15/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
16/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
17/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
18/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
19/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
20/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
21/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
22/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
23/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
24/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
25/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
26/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
27/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
28/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
29/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
30/40
Customer focus: Organizations depend on their customers and therefore shouldunderstand current and future customer needs, should meet customer requirements andstrive to exceed customer expectations.
Leadership: Leaders establish unity of purpose and direction of the organization. Theyshould create and maintain the internal environment in which people can become fullyinvolved in achieving the organization's objectives.
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
31/40
Involvement of people: People at all levels are the essence of an organization and theirfull involvement enables their abilities to be used for the organization's benefit.
Process approach: A desired result is achieved more efficiently when activities andrelated resources are managed as a process.
System approach to management: Identifying, understanding and managinginterrelated processes as a system contributes to the organization's effectiveness and
efficiency in achieving its objectives.
6. Continual improvement: Continual improvement of the organization's overallperformance should be a permanent objective of the organization.
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
32/40
Factual approach to decision making: Effective decisions are based on the analysisof data and information.
Mutually beneficial supplier relationships: An organization and its suppliers areinterdependent and a mutually beneficial relationship enhances the ability of both tocreate value.
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
33/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
34/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
35/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
36/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
37/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
38/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
39/40
8/13/2019 Sec1310cl Iso27k Ig r5.0.0 Itp Single
40/40
(Clause 4 to 8)
ISO 27001, clause 0.1: GeneralThis International Standard has been prepared to provide a model for establishing,implementing, operating, monitoring, reviewing, maintaining and improving an InformationSecurity Management System (ISMS). The adoption of an ISMS should be a strategicdecision for an organization. The design and implementation of an organizations ISMS isinfluenced by their needs and objectives, security requirements, the processes employedand the size and structure of the organization. These and their supporting systems areexpected to change over time. It is expected that an ISMS implementation will be scaled in
accordance with the needs of the organization, e.g. a simple situation requires a simpleISMS solution.
This International Standard can be used in order to assess conformance by interestedinternal and external parties.
Top Related