C)ISMS-LA - Certified Information Security Management Systems—Lead Auditor
Home Courses Categories Information Security Management

C)ISMS-LA – Certified Information Security Management Systems—Lead Auditor

Duration: 3 days
Format: Instructor-led classroom, Live-virtual Training
Prerequisites: A basic familiarity with information systems and an interest in auditing.
CPEs: 24 Hours
Certification Exams: C)ISMS-LI: Information Security Management Systems-Lead Implementer
Who Should Attend: Internal Auditor
IT Auditor, IT Consultant, Chief Information Officer, Security Consultant

The Certified Information Security Management Systems—Lead Auditor certification course prepares students to competently lead audits of information security management systems (“ISMS”) to ensure that they meet ISO/IEC 27001 standards in any organization. Mile2’s ISMS ISO/IEC 27001 Audit Methodology:

  • Planning
  • Control Evaluation
  • Substantive Testing
  • Completion

The C)ISMS-LA is perfect for those looking to perform an internal or external ISMS ISO/IEC 27001 audit or to certify their ISO/IEC 27001 expertise.

1. Intro

Housekeeping
Course Structure
Examination
Certification
Agenda
Exercise 1
Introductions
Learning objectives
Exam and
Certification Objectives
Goal of ISO27001:2013
ISO27001:2013
Implementation objectives
Implementation objectives cont.
The Purpose of Audit

2: The ISO/27001:2013

Agenda
The ISMS
The ISMS
Integration
Suitable for
Organizations of all Sizes
Assessment
The Evolution of ISO27001, 2
Recent Updates
ISO27002
Control Hierarchy
ISO27001
The ISMS
Constant Change
and Improvement
Adoption of the ISMS
Exclusions

3: Information Security and Key Controls

Agenda
Key Terms
Information
Information Security Definition
Information Security
Context of the Organization
Leadership
Planning
Support
Operation
Performance evaluation
Improvement

4: Risk Management

Agenda
Definitions
Risk
Risk Management Principles
Information Security Risk Management Practices
Information Security
Risk Assessment
Define a Risk
Assessment Approach
Identify Risks
What Is the Value of an Asset?
What Is a Threat Source/Agent?
What Is a Threat?
What Is a Vulnerability?
Factors used in Risk Estimation
Output of Risk Evaluation Process

5: Risk Treatment

Agenda
Risk Treatment
Definitions
Definitions Risk
Treatment Continued
Definitions Risk
Treatment Continued
Definition of Controls
Examples of Types of Controls
Control Usage
Risk Treatment Options
Risk Definitions
Comparing Cost and Benefit
for Control Selection
Cost of a Countermeasure
Appropriate Controls
Statement of Applicability
Information Security
Risk Monitoring and Review
Monitoring Change in Risk

6: Audits and Auditors

Agenda
Audits and Auditors Topics
Audit
Audit Evidence
Definitions
Audit Criteria
Audit Types
Why Perform
Different Audit Types?
Benefits of Internal ISMS Audits
Audit Roles
Lead Auditor Responsibilities
Auditor Duties
Skills and Behaviors of Effective Auditors
Auditor Competencies

7: Auditing the Information Security Management System

Agenda
ISO27001 Audit Objective
Audit Standards

8: Planning and Conducting an Audit

Agenda
Audit Process
Audit Program
Audit Schedules
Preliminary Visit
Audit Planning
Audit Planning
Stage 2 of Audit Process
Stage 2 Audit Plan
The Opening Meeting
Checklist Benefits
Checklist Drawbacks
Reporting on Non-compliance
Nonconformity Report Format
Major Nonconformity
Major Nonconformity Examples
Major Nonconformity Examples
Minor Nonconformity
Minor Nonconformity Examples
Guidelines for Writing
a Non-conformity Report
Example of Writing
a Nonconformity Report
Audit Conclusions
Surveillance and Follow-up Visits
Summary
The Examination

Upon completion, Certified Information Security Management Systems—Lead Auditor students will

  • Have learned the ISMS audit principles, procedures and techniques.
  • Acquire the necessary knowledge to manage an ISMS audit
  • Be ready to perform an ISO/IEC 27001 audit.
  • Be ready to sit for the C)ISMS-LA exam.

The Certified Information Security Management Systems-Lead Auditor exam is taken on-line through Mile2’s Assessment and Certification System Mile2’s Assessment and Certification System (MACS), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $500 USD and must be purchased from the store on Mile2.com.