ISO/IEC 27001 adalah standar internasional yang menetapkan persyaratan untuk sistem manajemen keamanan informasi (ISMS). Organisasi di berbagai sektor mengadopsi standar ini untuk melindungi data sensitif dan memastikan kepatuhan terhadap regulasi keamanan informasi. Implementasi ISO/IEC 27001 yang efektif dapat mengurangi risiko keamanan dan meningkatkan ketahanan organisasi terhadap ancaman siber (Smith, 2022).
Training Information Security Foundation based on ISO/IEC 27001 Exam Guide ini dirancang untuk memberikan pemahaman mendalam mengenai prinsip dasar keamanan informasi, termasuk arsitektur informasi, manajemen risiko, langkah-langkah keamanan fisik dan teknis, serta kepatuhan terhadap regulasi dan standar industri. Peserta akan mempelajari bagaimana menerapkan kebijakan keamanan, mengelola insiden keamanan, serta mengembangkan strategi mitigasi risiko dalam lingkungan bisnis yang kompleks (Brown, 2023). Selain itu, pelatihan ini akan membahas praktik terbaik dalam perlindungan aset bisnis, enkripsi, dan pengelolaan komunikasi serta operasi TI.
Pelatihan ini mengadopsi pendekatan berbasis studi kasus dan praktik langsung, memungkinkan peserta untuk memahami bagaimana menerapkan standar ISO/IEC 27001 dalam organisasi mereka. Dengan pendekatan berbasis praktik, peserta akan memperoleh keterampilan yang dibutuhkan untuk menghadapi tantangan dalam keamanan informasi modern.
OBJECTIVES
1. Memahami prinsip dasar keamanan informasi dan arsitektur keamanan
2. Menganalisis dan menerapkan manajemen risiko keamanan informasi
3. Mengimplementasikan langkah-langkah keamanan fisik, teknis, dan organisasi
4. Mengembangkan strategi manajemen insiden dan perlindungan aset bisnis
5. Memahami kepatuhan terhadap regulasi keamanan informasi dan standar internasional
6. Mempersiapkan diri secara optimal untuk ujian sertifikasi ISO/IEC 27001
AUDIENCE
1. IT Security Officer
2. Compliance Specialist
3. Risk Management Professional
4. Information Security Consultant
5. System Administrator
PREREQUISITES
Tidak ada training khusus yang dipersyaratkan
CONTENT
1. Introduction
2 Case study: Springbooks an international bookstore
2.1 Introduction
2.2 Springbooks
3. Definitions
4. Information, security and architecture
4.1 Fundamental principles of security
4.2 Parkerian hexad
4.3 Due care and due diligence.
4.4 Information
4.5 Information management.
4.6 Secure information systems design
4.7 Operational processes and information.
4.8 Information architecture.
5. Security management.
5.1 Security definitions.
5.2 Assessing security risks
5.3 Mitigating security risks
5.4 Risk management.
5.5 Risk analysis
5.6 Countermeasures to mitigate the risk
5.7 Types of threats.
5.8 Types of damage.
5.9 Types of risk strategies
5.10 Guidelines for implementing security measures
6. Business assets and information security incidents
6.1 What are business assets?
6.2 Managing business assets
6.3 Classification of information
6.4 Managing information security incidents
6.5 Roles
7. Physical measures
7.1 Physical security
7.2 Protection rings
7.3 The outer ring
7.4 The building
7.5 The working space
7.6 The object
7.7 Alarms
7.8 Fire protection
8 Technical measures (IT security)
8.1 Computerized information systems
8.2 Logical access control
8.3 Security requirements for information systems
8.4 Cryptography
8.5 Types of cryptographic systems
8.6 Security of system files
8.7 Information leaks
8.8 Cryptography policy
9. Organizational measures
9.1 Security policy
9.2 Personnel
9.3 Business continuity management
10. Managing communication and operating processes
10.1 Operating procedures and responsibilities
10.2 Change management
10.3 Segregation of duties
10.4 Development, testing, acceptance and production
10.5 Management of services by a third party
10.6 Protection against malware, phishing and spam
10.7 Some definitions.
10.8 Back-up and restore
10.9 Managing network security.
10.10 Handling media
10.11 Mobile equipment
10.12 Exchanging information
10.13 Services for e-commerce
10.14 Publically available information
11 Law, regulations and standards
11.1 Observance of statutory regulations
11.2 Compliance
11.3 Intellectual property rights (IPR)
11.4 Protecting business documents
11.5 Protecting data and the confidentiality of personal data
11.6 Preventing abuse of IT facilities
11.7 Observing security policy and security standards.
11.8 Monitoring measures
11.9 Information system audits.
11.10 Protecting tools used for auditing information systems
11.11 Standards and standards organizations
Course Features
- Lectures 13
- Quizzes 2
- Duration 2 days
- Skill level All levels
- Language English
- Students 0
- Certificate No
- Assessments Yes
