Day 1: Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; Initiating an ISMS
Introduction to management systems and the process approach
Presentation of the standards ISO 27001, ISO 27002 and ISO 27003 and regulatory framework
Fundamental principles of Information Security
Preliminary analysis and establishment of the level of the maturity level of an existing information security management system based on ISO 21827
Writing a business case and a project plan for the implementation of an ISMS
Day 2: Planning the implementation of an ISMS based on ISO 27001
Defining the scope of an ISMS
Development of an ISMS and information security policies
Selection of the approach and methodology for risk assessment
Risk management: identification, analysis and treatment of risk (drawing on guidance from ISO 27005)
Drafting the Statement of Applicability
Day 3: Implementing an ISMS based on ISO 27001
Implementation of a document management framework
Design of controls and writing procedures
Implementation of controls
Development of a training & awareness program and communicating about the information security
Incident management (based on guidance from ISO 27035)
Operations management of an ISMS
Day 4: Controlling, monitoring,measuring and improving an ISMS; certification audit of the ISMS
Controlling and Monitoring the ISMS
Development of metrics, performance indicators and dashboards in accordance with ISO 27004
ISO 27001 internal Audit
Management review of an ISMS
Implementation of a continual improvement program
Preparing for an ISO 27001 certification audit
Day 5: Certification Exam
"Taken from PECB <https://pecb.com