Overview
This innovative two-day course provides a solid foundation in all aspects of the Information Security audit process. The aim of this course is to enable participants to understand, develop and implement an in-house ISMS audit programme, which fulfils the requirements for internal audits to BS 7799-2:2002
Delegates will acquire an understanding of:
• The importance of information security and compliance
• The key requirements of ISO/IEC17799/ BS 7799-2:2002
• How the audit process facilitates the continual improvement of security controls
• The benefits of implementing corrective and preventive actions.
• Auditing best practice as defined by ISO 19011:2002
• How to plan, execute and report a security audit

Course Benefits
At the end of this course, delegates will be able to:
• understand the principles of auditing
• conduct effective internal audits
• audit suppliers and subcontractors
• deal with typical auditing difficulties
To your business-
• Professionally, planned executed audits will identify potential and actual security weaknesses in the company thus providing the opportunity to initiate action before a security breach has the chance to cause damage.

Who should attend?
• Managers who need an understanding of the security issues within their company
• Those nominated to perform security audits
• Consultants who wish to advice on BS7799 methodology.
• Existing Security professionals
Required Prerequisites
• This course does not require a prior knowledge of the standard
• Previous Experience of Information Security and Auditing will help

Course Outline
A combination of tutorials, syndicate exercises & role-play, including the following topics:

• Introduction to information security and threats.
• Business approach to establishing, implementing and maintaining an Information Security Management System
• Background to the ISO/IEC 17799/ BS 7799 standards
• Business applications of the ISO/IEC 17799/ BS 7799 standards
• Process of building an Information Security Management system (ISMS) after conducting
• Risk Assessment
• Risk Management
• Control selection.
• Policy Design, Development and Maintenance
• BS7799 controls – a short overview
• Roadmap to BS7799 certification
• BS 7799 Audits

Award of Certificate:
Certified Internal Information Security Auditor for BS 7799 (CIISA)

To achieve the above delegates must
Pass the Continuous Assessment: by demonstrating acceptable levels of performance in a formal continuous assessment processes

Pass the written Examination: students must clear the written ISMS examination.