DIY ISO 27001 - Build your ISMS in-house

ISO 27001 provides structured governance to address your true security risks

Ensuring customers and partners have confidence in your data security is a significant challenge to expanding business. Being ISO 27001 certified is a trusted means to demonstrate that you have the knowledge, technology and processes in place to protect critical data.

ISO 27001 provides a robust and systematic approach to building information security – however – implementation can be a challenging exercise for any business. This workshop series provides a clear do-it-yourself path to an ISO 27001 Information Security Management System for your organisation.

Invest in your information security capabilities

Session dates may change, due to Covid19.
Please refer to dates below.

Vital Advisory offer both face-to-face workshops and live webinars where you’ll learn how the components of ISO 27001 build an effective and unified approach to managing risk and information security. We explore how you can prepare the documentary, procedural and organisational elements of ISO 27001 to achieve both certification and your business objectives.

Security is a long-term proposition. Develop your in-house capabilities for lasting, effective security management. The DIY ISO 27001 workshop series will provide you with the skills, and a clear roadmap, to build your Information Security Management System in-house.

Focus points of the workshop series include:
+ Overview of the ISO 27001 standard – key objectives and conformance requirements
+ Risk analysis and management processes at the heart of ISO 27001
+ The full documentation set needed for conformance
+ The policies and processes of security best practice
+ Internal and certification audit procedures
+ Ongoing management of your security framework

Training backed by experience

Vital Advisory have extensive experience in developing and delivering ISO 27001 projects with organisations of all sizes. Our continuing record is of 100% of clients achieving their certification objectives. Our workshop presenters regularly deliver multi-day training on information security to audiences from business and government. Our workshops are interactive sessions where participants are encouraged to discuss and explore their security challenges.

Our Trainers:

Key benefits and takeaways

+ Build and mature your organisation’s information security capabilities
+ Clearly understand the ISO 27001 standard and the benefits it brings by structuring security
+ Construct a roadmap for establishing your ISO 27001 ISMS in-house
+ Understand the full lifecycle of managing risk for your organisation
+ Receive templates for ISO 27001’s mandatory documentation set
+ Work through examples of implementing and maintaining your ISMS
+ Understand the requirements for achieving certification of your ISMS
+ Simplified implementation which engages your whole organisation

Included with each workshop are the complete set of presentation materials, workshop exercises, and templates for key documents. Attendees enrolling for the full series will receive a full example ISMS documentation pack.

Audience

No previous experience with information security or risk management is required. We recommend staff with responsibilities for security, risk, compliance or project management attend. Although tailored for novice audiences, our workshops include methods and insights which will reward experienced security, risk and compliance officers.

Schedule

Face-2-face workshops are presented in Sydney (from 25 August 2020). Workshops are presented at an easily accessed CBD location. Morning and afternoon tea is included.

If you are unable to attend our face-to-face workshop, we are also offering a series of live webinars commencing on 27 August 2020. See below for details.

Workshop Fees

AU$3,750 / NZ$3,750 per delegate (ex-GST). Choice between Face-2-Face or Online format. Discounts are available:

  • 15% discount for ISACA, AISA, IIA and RMIA members
  • 15% discount for FinTech Australia, TasICT, and NZ Tech Alliance members
  • 15% for 2 or more delegates from the same organisation

Face-to-Face Program

Sydney: Face-to-Face
  1. Tue 25 August, 2020
  2. Wed 26 August, 2020
  3. Tues 15 September, 2020
  4. Tues 13 October, 2020
  5. Tues 3 November, 2020

1

UNDERSTANDING THE ROLE OF YOUR ISMS

Our first workshop introduces you to the foundations of ISO 27001 and the information security issues it can help you address. This workshop examines:
+ Finding the balance between negative and positive risk
+ How security supports business objectives
+ Introduction to ISO 27001
+ Processes for implementing your ISMS
+ Understanding the ISO 27001 documentation suite
+ ISMS project planning
+ Organisational Context – mapping the security needs of your business
[Sydney – 25 August, 2020]
Registration from 8.30am. Session concludes at 4.30pm/

2

IDENTIFYING THE RISKS THAT MATTER

Workshop 2 builds upon your organisational context – identified in the previous session – by using it to structure risk identification and analysis. The multi-faceted approach to risk assessment covered here will allow you to focus resources and effort on the security issues which could realistically impact your organisation. This workshop examines:
+ Review of Organisational Context exercises from Workshop 1
+ Understanding risk methodology
+ Risk identification – Top Down vs Bottom Up
+ Organisation-wide risk identification
+ Constructing your Risk Register
+ Self-assessment of your current security state
+ The role of Gap Analysis
[Sydney – 26 August, 2020]

3

EFFECTIVE RISK CONTROL

The workshop series continues with its examination of risk procedures by evaluating your risk set, prioritising them, and determining which control measures are going to be genuinely effective in reducing your risk profile. This workshop examines:
+ Review of risk exercises from Workshop 2
+ Risk evaluation
+ Determining risk appetite
+ Approaches to risk treatment
+ Overview of ISO 27001 Annex A security controls
+ What makes a good control? Effective control selection
+ ISO 27001 Statement of Applicability
[Sydney – 15 September, 2020]

4

STRUCTURING AND ACTIVATING YOUR SECURITY RESPONSE

Workshop 4 dives into developing the processes which put security governance into effect. The ISO 27001 standard requires a wide umbrella of security policies and procedures. Understanding which components are essential is key to ensuring a successful and compliant ISMS. This workshop examines:
+ Review of risk and control exercises from Workshop 3
+ Simplifying control documentation for staff adoption
+ Key security policies – ensuring conformance and effectiveness
+ Planning for the worst – incident response and business continuity
+ Awareness and Engagement – making security a whole-of-organisation concern
[Sydney – 13 October, 2020]

5

ACHIEVING CERTIFICATION

We complete the ISO 27001 series with a workshop devoted to ensuring that your ISMS is functioning correctly and your organisation reaps the benefits you expect. This workshop examines:
+ ISMS and security performance evaluation
+ Identifying meaningful security metrics
+ Management review of your ISMS
+ Audit processes
+ Going for ISO 27001 certification
+ Ongoing ISMS management
[Sydney – 3 November, 2020]

Webinar Series

Live Webinar Series
  1. Thu 27 Aug, 2020 [9.00 to 14.30 AEST]
  2. Thu 10 Sep, 2020 [9.00 to 14.30 AEST]
  3. Thu 15 Oct, 2020 [9.00 to 14.30 AEST]
  4. Thu 29 Oct, 2020 [9.00 to 14.30 AEST]
  5. Thu 12 Nov, 2020 [9.00 to 14.30 AEST]
  6. Thu 26 Nov, 2020 [9.00 to 14.30 AEST]
  7. Thu 10 Dec, 2020 [9.00 to 14.30 AEST]

If you’re unable to attend our face-2-face workshop in Sydney, we also offer the same content in a series of live webinars. Webinar attendees will receive the same documentation and template packs as in-person attendees. Pricing for the complete webinar series is AU$3,750 / NZ$3,750 (ex-GST), with discounts available for ISACA, AISA, IIA, RMIA, FinTech Australia and TasICT members. Call our Registration Desk for further details [+61 410 379 407].

  • Introduction to the basics of ISO 27001 and how it addresses information security issues.
    + Finding the balance between negative and positive risk
    + How security supports business objectives
    + Introduction to ISO 27001
    + Processes for implementing your ISMS
    [27 August 2020, 9.00 to 14.30 AEST, 11:00 to 16:30 NZST]

  • Covers initial stages of your ISMS implementation:
    + how to structure your ISMS project
    + ISMS project planning
    + ensuring key stakeholders are engaged
    + capturing your organisational context
    + understanding Risk Methodology
    [10 September 2020, 9.00 to 14.30 AEST, 11:00 to 16:30 NZST]

  • + Understanding risk methodology
    + Risk identification – Top Down vs Bottom Up
    + Organisation-wide risk identification
    + Constructing your Risk Register
    [15 October 2020, 9.00 to 14.30 AEST, 11:00 to 16:30 NZST]

  • + Self-assessment of your current security state
    + The role of Gap Analysis
    + Risk evaluation
    + Determining risk appetite
    + Approaches to risk treatment
    [29 October 2020, 9.00 to 14.30 AEST, 11:00 to 16:30 NZST]

  • + Overview of ISO 27001 Annex A security controls
    + What makes a good control? Effective control selection
    + ISO 27001 Statement of Applicability
    + Simplifying control documentation for staff adoption
    [12 November 2020, 9.00 to 14.30 AEST, 11:00 to 16:30 NZST]

  • + Key security policies – ensuring conformance and effectiveness
    + Planning for the worst – incident response and business continuity
    + Awareness and Engagement – making security a whole-of-organisation concern
    [26 November 2020, 9.00 to 14.30 AEST, 11:00 to 16:30 NZST]

  • + ISMS and security performance evaluation
    + Identifying meaningful security metrics
    + Management review of your ISMS
    + Audit processes
    + Going for ISO 27001 certification
    + Ongoing ISMS management
    [10 December, 9.00 to 14.30 AEST, 11:00 to 16:30 NZST]

CONTACT

If you’d like to discuss the benefits this DIY ISO 27001 Workshop Series can bring to your organisation, please contact Paras Shah on +61 420 978 258 or email paras.shah (at) vitaladvisory.com. For bookings, please contact our registration desk on +61 410 379 407‬.