PECB ISO/IEC 27005 Foundation Training Course

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at beginner-level professionals who wish to gain an understanding of ISO 27001 and its role in enhancing information security within an organization.

By the end of this training, participants will be able to:

• Understand the purpose and benefits of an ISMS.
• Familiarize themselves with key ISO 27001 concepts, terms, and principles.
• Recognize the role of an auditor in ensuring compliance.
• Gain insight into the audit process and continual improvement within ISO 27001.

Objectives

• Gaining knowledge of ISO 27001:2023
• Gaining knowledge on how to audit in accordance with the standard
• Getting to know good practices

Objectives

• Gaining knowledge of ISO 27001:2023
• Gaining knowledge on how to audit in accordance with the standard
• Getting to know good practices

Objectives

• Gaining knowledge about changes to ISO 27001 2023 edition
• Gaining knowledge on how to audit in accordance with the standard
• Getting to know good practices

Why should you attend?

The ISO/IEC 27001 Foundation training course provides a comprehensive understanding of the essential elements required to implement and manage an Information Security Management System as outlined in ISO/IEC 27001. Throughout this course, you will gain insights into various aspects of the ISMS, such as policy development, procedures, performance metrics, management commitment, internal audits, management reviews, and continuous improvement.

Upon completing this course, you will be eligible to take the exam and apply for the “PECB Certified ISO/IEC 27001 Foundation” certification. This credential demonstrates your proficiency in the fundamental methodologies, requirements, framework, and management approaches outlined in ISO/IEC 27001.

Who should attend?

• Professionals involved in Information Security Management
• Individuals aiming to gain knowledge about the core processes of Information Security Management Systems (ISMS)
• Those interested in pursuing a career in Information Security Management

Educational approach

• Lecture sessions are complemented with practical questions and examples to enhance understanding
• Practical exercises include real-world scenarios and group discussions to reinforce learning
• Practice tests mirror the format of the Certification Exam, helping you prepare effectively

ISO/IEC 27001 Lead Auditor

The ISO/IEC 27001 Lead Auditor training equips you with the essential expertise to conduct an Information Security Management System (ISMS) audit, using widely accepted audit principles, procedures, and techniques.

Why should you attend?

Throughout this training course, you will gain the knowledge and skills required to plan and execute both internal and external audits in accordance with ISO 19011 and the ISO/IEC 17021-1 certification process.

Through practical exercises, you will become proficient in audit techniques and be capable of managing an audit program, leading an audit team, communicating with clients, and resolving conflicts.

Once you have acquired the necessary expertise to perform these audits, you can take the exam and apply for a “PECB Certified ISO/IEC 27001 Lead Auditor” credential. Holding a PECB Lead Auditor Certificate will demonstrate your ability and competence to audit organizations based on best practices.

Who should attend?

• Auditors aiming to conduct and lead Information Security Management System (ISMS) certification audits
• Managers or consultants looking to master the ISMS audit process
• Individuals responsible for ensuring compliance with Information Security Management System requirements
• Technical experts preparing for an ISMS audit
• Expert advisors in Information Security Management

Learning objectives

• Understand the functioning of an Information Security Management System based on ISO/IEC 27001
• Recognize the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
• Understand an auditor’s role in planning, leading, and following up on a management system audit according to ISO 19011
• Learn how to lead an audit and manage an audit team
• Learn how to interpret the requirements of ISO/IEC 27001 in the context of an ISMS audit
• Acquire the competencies of an auditor to plan, lead, draft reports, and follow up on audits in compliance with ISO 19011

Educational approach

• This training combines theoretical knowledge with best practices used in ISMS audits
• Lecture sessions are complemented with examples based on case studies
• Practical exercises include role-playing and discussions based on a case study
• Practice tests mimic the Certification Exam

The ISO/IEC 27005 Lead Risk Manager training equips you with the essential expertise to support an organization in managing risks associated with all relevant information security assets. This training uses the ISO/IEC 27005 standard as a reference framework. Throughout the course, you will gain comprehensive knowledge of a process model for designing and developing an Information Security Risk Management program. The training also provides a deep understanding of best practices in risk assessment methods such as OCTAVE, EBIOS, MEHARI, and harmonized TRA. This course supports the implementation of the ISMS framework outlined in the ISO/IEC 27001 standard.

After mastering the necessary concepts of Information Security Risk Management based on ISO/IEC 27005, you will be eligible to take the exam and apply for the “PECB Certified ISO/IEC 27005 Lead Risk Manager” credential. Holding a PECB Lead Risk Manager Certificate demonstrates your practical knowledge and professional capabilities to support and lead a team in managing Information Security Risks.

Who should attend?

• Information Security risk managers
• Members of the Information Security team
• Individuals responsible for Information Security, compliance, and risk within an organization
• Those implementing ISO/IEC 27001 or seeking to comply with it, as well as individuals involved in a risk management program
• IT consultants
• IT professionals
• Information Security officers
• Privacy officers

Examination - Duration: 3 hours

The “PECB Certified ISO/IEC 27005 Lead Risk Manager” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:

• Domain 1: Fundamental principles and concepts of Information Security Risk Management
• Domain 2: Implementation of an Information Security Risk Management program
• Domain 3: Information security risk assessment
• Domain 4: Information security risk treatment
• Domain 5: Information security risk communication, monitoring, and improvement
• Domain 6: Information security risk assessment methodologies

General Information

• Certification fees are included in the exam price
• Training material containing over 350 pages of information and practical examples will be provided
• A participation certificate with 21 CPD (Continuing Professional Development) credits will be issued
• If you fail the exam, you can retake it within 12 months at no additional cost

Information security threats and attacks are constantly evolving. The best defense against these threats is the effective implementation and management of information security controls and best practices. Ensuring robust information security is also a key expectation from customers, legislators, and other stakeholders.

This training course is designed to equip participants with the skills needed to implement an Information Security Management System (ISMS) based on ISO/IEC 27001. It aims to provide a thorough understanding of ISMS best practices and a framework for its continuous management and improvement.

After completing the training, you will be eligible to take the exam. If you pass, you can apply for the “PECB Certified ISO/IEC 27001 Lead Implementer” credential, which confirms your ability and practical knowledge in implementing an ISMS according to the requirements of ISO/IEC 27001.

Who Can Attend?

• Project managers and consultants involved in or concerned with the implementation of an ISMS
• Expert advisors looking to master the implementation of an ISMS
• Individuals responsible for ensuring compliance with information security requirements within an organization
• Members of an ISMS implementation team

General Information

• Certification fees are included in the exam price.
• Training materials containing over 450 pages of information and practical examples will be provided.
• A participation certificate with 31 CPD (Continuing Professional Development) credits will be issued.
• If you fail the exam, you can retake it within 12 months at no additional cost.

Educational Approach

• The training course includes essay-type exercises, multiple-choice quizzes, examples, and best practices for implementing an ISMS.
• Participants are encouraged to communicate with each other and engage in discussions while completing quizzes and exercises.
• Exercises are based on a case study.
• The structure of the quizzes mirrors that of the certification exam.

Learning Objectives

This training course will help you:

• Gain a comprehensive understanding of the concepts, approaches, methods, and techniques used for implementing and effectively managing an ISMS.
• Recognize the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks.
• Understand how an information security management system operates and its processes based on ISO/IEC 27001.
• Learn to interpret and implement the requirements of ISO/IEC 27001 in the context of a specific organization.
• Acquire the knowledge needed to support an organization in effectively planning, implementing, managing, monitoring, and maintaining an ISMS.

ISO 9001 and ISO 27001 are internationally recognized standards for quality management systems and information security management systems, respectively.

This instructor-led, live training (available both online and on-site) is designed for intermediate-level professionals who wish to interpret these ISO standards and conduct internal audits effectively.

By the end of this training, participants will be able to:

• Comprehend the principles and requirements of ISO 9001 and ISO 27001.
• Interpret the clauses and controls in practical scenarios.
• Plan and execute internal audits in line with ISO standards.
• Identify nonconformities and suggest corrective actions.

Format of the Course

• Interactive lectures and discussions.
• Simulated auditing exercises and case studies.
• Practical analysis of quality and security scenarios.

Course Customization Options

• To request a customized training program for this course, please contact us to arrange.

The ISO/IEC 27001 Transition training course enables participants to thoroughly understand the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022. In addition, participants will acquire knowledge on the new concepts presented by ISO/IEC 27001:2022.

Who can attend?

• Auditors who wish to conduct and lead information security management system (ISMS) audits
• Managers or consultants aiming to master the ISMS audit process
• Individuals responsible for maintaining compliance with ISMS requirements within an organization
• Technical experts preparing to undertake ISMS audits
• Expert advisors in information security management

Learning objectives

By the end of this training course, participants will be able to:

1. Explain the fundamental concepts and principles of an information security management system (ISMS) based on ISO/IEC 27001
2. Interpret the ISO/IEC 27001 requirements for an ISMS from an auditor's perspective
3. Evaluate whether an ISMS complies with ISO/IEC 27001 requirements, in line with fundamental audit concepts and principles
4. Plan, conduct, and conclude an ISO/IEC 27001 compliance audit, adhering to ISO/IEC 17021-1 requirements, ISO 19011 guidelines, and other auditing best practices
5. Manage an ISO/IEC 27001 audit program

Educational approach

• This training combines theoretical knowledge with practical experience in ISMS audits
• Lecture sessions are enriched with examples drawn from case studies
• Practical exercises involve a case study that includes role-playing and discussions
• Practice tests mirror the Certification Exam format

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at intermediate to expert-level IT professionals who wish to enhance their skills and qualifications in information security or related fields.

By the end of this training, participants will be able to:

• Understand the differences between ISO/IEC 27001:2013 and ISO/IEC 27001:2022.
• Gain the knowledge and skills to plan and implement the transition from the 2013 to the 2022 version of the standard efficiently.
• Apply the knowledge in real-world scenarios, facilitating a smooth transition in their respective organizations.

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at intermediate-level professionals who wish to develop a systematic approach to identifying, analyzing, and resolving problems using RCA methodologies.

By the end of this training, participants will be able to:

• Understand essential concepts of RCA and continuous improvement cycles.
• Apply different RCA tools to identify the root cause of problems.
• Develop and implement effective problem-solving strategies.
• Integrate RCA into organizational improvement and prevention efforts.

This instructor-led, live training in Uzbekistan (online or onsite) is aimed at intermediate-level internal auditors who wish to enhance their audit effectiveness by applying structured RCA techniques.

By the end of this training, participants will be able to:

• Understand RCA methodologies and their role in internal auditing.
• Identify and analyze the root causes of audit findings.
• Apply RCA tools such as the 5 Whys, Fishbone Diagram, and Failure Mode and Effects Analysis (FMEA).
• Develop corrective and preventive action plans based on RCA findings.
• Integrate RCA into the internal audit process to improve risk management.

This instructor-led, live training (online or onsite) is aimed at intermediate-level safety professionals and operational managers who wish to enhance their ability to investigate incidents, identify systemic weaknesses, and design effective corrective and preventive actions.