Skip to Main Content
USA
Select regional store:
Learn for less: Save 25% on high-quality instructor-led and self-paced foundation training | Find out more

We're sorry but that page cannot be found

Please use the links above to find what you were looking for.

You may not have been able to visit your page because of:

   1. An out-of-date bookmark/favourite
   2. A search engine that has an out-of-date listing
   3. A mistyped address
   4. You have no access to this page
   5. The requested resource was not found.
   6. An error has occurred while processing your request.

Are you looking for:

An Introduction to Information Security and ISO 27001 (2013) A Pocket Guide, Second Edition
Overview

The ideal primer for anyone implementing an Information Security Management System (ISMS)

This pocket guide will help you to:

  • Make informed decisions
    Using this guide will enable the key people in your organization to make better decisions before embarking on an information security project.
  • Ensure everyone is up to speed
    Use this guide to give the non-specialists on the project board and in the project team a clearer understanding of what the project involves.
  • Raise awareness among staff
    Use this guide to make sure your people know what is at stake with regard to information security and understand what is expected of them.
  • Enhance your competitiveness
    Use this guide to let your customers know that the information you hold about them is managed and protected appropriately.
About the author

Steve G. Watkins

Steve G. Watkins managed the world’s first successful BS7799 (the forerunner of ISO27001) implementation project and leads the consultancy and training services of IT Governance Ltd. He is Chair of the ISO/IEC 27001 User Group, the UK Chapter of the ISMS International User Group, and an ISMS Technical Assessor for UKAS, advising on their assessments of certification bodies offering accredited certification. He has over 20 years’ experience managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. His experience includes senior management positions in both the public and private sectors.

Assessing Information Security - Strategies, Tactics, Logic and Framework, 2nd Edition
Overview

Build a strategic response to cyber attacks

The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations.

Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war.

It is clear that organizations need to develop a view of cybersecurity that goes beyond technology: all staff in the organization have a role to play, and it is the senior managers who must ensure, like generals marshaling their forces, that all staff know the cybersecurity policies that explain what to do when under attack.


Cybercrime… cyber war?

With this in mind, the authors have drawn on the work of Clausewitz and Sun Tzu and applied it to the understanding of information security that they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.

Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.


Contents: 

  1. Information Security Auditing and Strategy
  2. Security Auditing, Governance, Policies, and Compliance
  3. Security Assessments Classification
  4. Advanced Pre-Assessment Planning
  5. Security Audit Strategies and Tactics
  6. Synthetic Evaluation of Risks
  7. Presenting the Outcome and Follow-Up Acts
  8. Reviewing Security Assessment Failures and Auditor Management Strategies 
About the author

About the authors 

Dr. Andrew Vladimirov is a security researcher. His fields of expertise include network security and applied cryptography, and he has extensive experience of performing information security assessments. He and his fellow authors are the founders of Arhont Ltd, a leading information security consultancy.

Konstantin Gavrilenko has over 15 years of experience in IT and security. As a researcher, information security is his specialty, and he has a particular interest in wireless security. He holds a BSc in management science from De Montfort University and an MSc in management from Lancaster University.

Andriej Michajlowski is an expert on network security. His research interests include user and device authentication mechanisms and wireless networking security. He has extensive experience carrying out internal and external information security assessments. He is a graduate of the University of Kent at Canterbury and he holds an MBA.

Information Security Breaches - Avoidance and Treatment based on ISO27001, Second Edition
Overview

What if you suffer an information security breach?

Many books explain how to reduce the risk of information security breaches. Nevertheless, breaches do occur, even to organizations that have taken all reasonable precautions. Information Security Breaches – Avoidance and treatment based on ISO27001:2013 helps you to manage this threat by detailing what to do as soon as you discover a breach.

Be prepared, be prompt, be decisive

When your organization’s security is compromised, you cannot afford to waste time deciding how to resolve the issue. You must be ready to take prompt and decisive action. Updated to cover ISO27001:2013, this second edition gives you clear guidance on how to treat an information security breach and tells you the plans and procedures you have to put in place to minimize damage and return to business as usual.

A recovery plan will help you to:

  • Recover, and resume normal operations, more quickly
  • Preserve customer confidence by quickly resolving service disruption
  • Secure evidence to help with any criminal investigation and improve your chances of catching those responsible. 

Reviews from the first edition

"… I recommend this pocket guide to anyone implementing ISO27001, and indeed to anyone who is concerned about the risks of security breaches, and who wants to know how best to prepare their organization for the unpleasant events that are bound to happen from time to time…”

- Willi Kraml, Global Information Security Officer

 

"… Michael Krausz has created a valuable tool … Written in plain English, this handbook is easy to follow even by a novice in the Information Technology Field. Therefore "Information Security Breaches" is a must within the 'tool box' of anyone who deals with IT issues on an every-day basis…”

- Werner Preining, Interpool Security Ltd

 
About the author

Michael Krausz

Michael Krausz is an IT expert and experienced professional investigator. He has investigated over a hundred cases of information security breaches. Many of these cases have concerned forms of white-collar crime. He studied physics, computer science, and law at the University of Technology in Vienna, and at Vienna and Webster Universities. He has delivered over 5000 hours of professional and academic training and has provided services in eleven countries to date.

BS 10012:2017 +A1 2018 - Specification for a personal information management system (PIMS)

Data protection compliance with BS 10012:2017 +A1 2018

The BS 10012:2017 +A1 2018 specification provides a framework to manage the risks to the privacy of personal data and implement the necessary policies, procedures and controls to help ensure compliance with the GDPR. It is designed to follow the plan-do-check-act cycle (PDCA) to ensure continual improvement.

View table of contents >>

The benefits of a BS 10012:2017 +A1 2018 personal information management system

  • Identify risks to personal information and put controls in place to mitigate them
  • Use as part of a privacy compliance framework to demonstrate compliance with the GDPR
  • Gain stakeholder and customer trust that their personal data is protected
  • Safeguard your organization’s reputation and avoid adverse publicity
  • Benchmark your personal information management practices against recognised best practice
Certified ISO 27001:2022 ISMS Lead Auditor Module Self-Paced Online Training Course
Description

Training course outline

This self-paced modular course teaches you the skills to plan and execute an audit of an ISMS that conforms to ISO 27001:2022. It also prepares you to pass the ISO 27001:2022 Certified ISMS Lead Auditor (CIS LA) exam on the first attempt.

You will learn:

  • The skills to conduct second-party (supplier) and third-party (external and certification) ISMS (information security management system) audits
  • How to lead a team of auditors and gain the skills to achieve compliance with ISO 27001
  • How to competently manage an ISMS audit program

Please note that this course is part of the Lead Auditor modular training scheme, and you must have previously taken the Core Audit Skills Self-Paced Online Training Course.


Save time and cost with our unique modular approach.

The Lead Auditor modular training program teaches the skills required to conduct external and supplier audits against standards that include ISO 27001, ISO 22301, ISO 9001, and ISO 14001.

Take our Core Audit Skills module to gain knowledge of the generic auditing process as defined by ISO 19011 and ISO 17021. Build on the basics and choose the specific standard Lead Auditor module of your choice.

The Core Audit Skills Self-Paced module is currently available as part of the Certified ISO 22301 BCMS Lead Auditor Self-Paced Online Training Course.

If you only wish to focus on ISO 27001 lead auditing, please purchase the Certified ISO 27001:2022 ISMS Lead Auditor Self-Paced Online Training Course.


Certified ISO 27001:2022 ISMS Lead Auditor Module Self-Paced Online Training Course benefits

 Designed by experts

Designed by the team that led the world’s first successful ISO 27001 implementation project.

 Delivered by professionals

Taught by an ISO 27001 consultant with extensive experience auditing management systems and helping organizations prepare for an ISO 27001 audit.

 Aligned with best practice

Aligned with the best-practice ISO 19011:2018 (Guidelines for auditing management systems) audit methodology.

 Study at your own pace

Learn at a time, place, and pace that suit you.

 Bite-sized learning

Pre-recorded online course and learner guide enabling you to learn in easy, manageable, bite-sized chunks.

 Learning support

Comes with a learner guide to read alongside the video modules.


Who should attend this course?

This course is aimed at people who want a globally recognized ISO 27001 lead auditor qualification to further their careers. It is also designed for managers responsible for implementing and maintaining an ISO 27001-compliant ISMS, such as:

  • IT/information security managers
  • Compliance auditors
  • GDPR consultants
  • IT/information security consultants
  • Cybersecurity consultants
  • Heads of IT
  • Information and risk managers
  • Information security analysts
  • Information security officers
  • Internal auditors
  • ISMS managers

Your learning path

Find out how the Certified ISO 27001:2022 ISMS Lead Auditor Module Self-Paced Online Training Course will help you enhance your knowledge and career.

This course is an essential component of the following learning paths:

ISO 27001 learning path

Why choose IT Governance for your training needs?

  • We are the global specialists – As global specialists in information security, cybersecurity, and privacy, we pride ourselves on being market leaders and keeping one step ahead. Our expert instructors use their working knowledge to bring the course content to life, while covering all the essential and technical content.

  • Built and delivered by experts – Our courses are built and delivered by subject-matter experts and innovative instructional design specialists with years of practical, hands-on experience.

  • Learn your way – We have the training methods and solutions to suit your business or personal learning style. We offer instructor-led (classroom, Live Online, or hybrid), blended, self-paced, elearning, in-house, and custom training options.

  • Our service levels are exemplary – From the sales team that pays close attention to your development needs, to the operations team that makes things tick like a Swiss watch, to the energy and skill of the instructors. We are all passionate about what we do and want to ensure you get the best training experience possible.

  • Pass the first time or train again for free – We have trained more than 28,000 people and we’re confident you’ll pass with us first time. If you don’t, we’ll train you again for free.*

* T&Cs apply.

Course details

What does this course cover?

  • An overview of the structure and major requirements of ISO/IEC 27001:2022
  • An overview of the audit process used by certification bodies
  • The purpose, benefits, and core principles of effective auditing
  • Common auditing terms and definitions
  • Critical skills required for performing an audit
  • How to establish, maintain, and manage an audit program
  • How to plan, conduct, report, summarize, and follow up on an audit
  • Effective interviewing techniques and observation skills
  • How to use audits to identify nonconformities and ensure appropriate corrective action is taken
  • How to assess and evaluate the competence of auditors
  • Accredited certification audit specifics
  • How the audit process is used in first-, second-, and third-party audits
  • How to apply continual improvement of the ISMS

What’s included in this course?

  • Full course materials (digital copy provided as a PDF file).
  • Access to our LMS (learning management system) for one year.
  • The ISO 27001:2022 Certified ISMS Lead Auditor exam (if purchased).
  • A certificate of attendance.
  • Access to a monthly security bulletin from our in-house information security experts to keep you up to date with the latest threats. To see an example, click here.

Please note that this course can be purchased with or without the exam as required.


What equipment do I need?

You will need a laptop for the duration of your course and exam.


Are there any prerequisites for this course?

This course is part of the Lead Auditor modular training scheme, and all learners must have previously taken the Core Audit Skills Self-Paced Online Training Course.

The Core Audit Skills Self-Paced Online module is currently available as part of the Certified ISO 22301 BCMS Lead Auditor Self-Paced Online Training Course.

Learners should also have a good knowledge of ISO 27001. This could be obtained through practical experience, reading, or taking the Certified ISO 27001:2022 ISMS Foundation Self-Paced Online Training Course or Certified ISO 27001:2022 ISMS Lead Implementer Self-Paced Online Training Course.

Participants will need to have their own copies of the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 standards for use during the course.


Is there any recommended reading?

We strongly recommend purchasing and reading the Standards before attending the course:

We also recommend purchasing and reading the following textbook:

Exams and qualifications

ISO 27001:2022 Certified ISMS Lead Auditor exam

If purchased, candidates take the ISO 27001:2022 Certified ISMS Lead Auditor (CIS LA) exam set by IBITGQ.

  • Delivery method: Online
  • Duration: 90 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 75%

This course is equivalent to:

21

CPD points


What qualifications will I receive?

Successfully completing the course and exam awards the ISO 27001:2022 Certified ISMS Lead Auditor (CIS LA) qualification.


Accreditation

This course holds accreditation from IBITGQ (International Board for IT Governance Qualifications) and CIISec (The Chartered Institute of Information Security), satisfying CIISec Knowledge Areas requirements at Level 1: A1, A3, A7, C1, C2, D2, E3, F2, H1 and H2; and at Level 1+: A2, A4, A5, A6, B1, B2, D1, E1, E2, F1 and G1.

As a premier personnel certification body, IBITGQ specialises in certifying individuals who demonstrate exceptional proficiency in IT governance practices.

IBITGQ maintains accreditation to the ISO/IEC 17024:2012 standard, a globally recognised benchmark for conformity assessment. Accreditation by the International Accreditation Service (IAS) further underscores the course's commitment to meeting stringent certification requirements.

ISO 17024 certification is esteemed within the industry and universally acknowledged by employers worldwide. By aligning with this standard, our course ensures that your qualifications are not only recognised but also highly valued by employers across diverse sectors.

Upon successful completion of the course, you have the opportunity to validate your professional expertise by registering your qualification on the esteemed IBITGQ/GASQ successful candidate register. This platform serves as a testament to your commitment to excellence in IT governance, setting you apart as a distinguished professional in the field.


How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately after completing the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are emailed directly to candidates by the relevant exam board; please note that hard-copy exam certificates are not issued.

Can exams be retaken?

Yes, if you are unsuccessful on the first attempt, you can retake the exam for an additional fee. You can email us to schedule the retest.


Recertification

To support your continued professional development, it is essential that you maintain an adequate level of current knowledge associated with an ISO 27001 Lead Auditor. To demonstrate this competency to employers and other key stakeholders, you must recertify your IBITGQ qualification at regular intervals.

Individuals awarded the ISO 27001:2022 Certified ISMS Lead Auditor (CIS LA) qualification are required to recertify after three years.

Candidates can undertake a recertification exam any time from one month before or two months after the expiry date (months 35–38) of their certificate. Please see IBITGQ Exams for further details. After this period, candidates can take the standard ISO 27001:2022 Certified ISMS Lead Auditor (CIS LA) exam at any convenient time.

Fulfillment

Fulfillment of your self-paced online training course

After you have completed your order, you will receive a sales receipt and a “Thank you for your order” confirmation email. This email will ask you to provide essential participant information and gives instructions on how to access your course. If you don’t receive this email, please check your junk folder.


Participant information

You must provide the requested participant information, including a valid email address. This applies whether you have made the booking for yourself or on behalf of someone.

Please check this information is correct before submitting, as you are unable to change the participant’s email address once it has been added to our system.


Accessing the course

If you are a new customer, you will receive an email from noreply@grcelearning.com with instructions on how to access the LMS. If you or other participants do not receive this email, please check your junk folders.

If you have accessed the LMS previously, please log in using your credentials. You can access the LMS at any time from your My Account page.

Once you have logged in to the LMS, you can download the course material immediately.


Exams

Important information: Please read our examination guide before scheduling your exam.

All exams are delivered online using an automated proctor system managed by GASQ on behalf of IBITGQ.


What you need

When you’re ready to take your exam, please log in to your My Account page, scroll down to the ‘Self-paced online training courses’ section, and click the ‘Course completed’ button. A member of our team will be in touch to provide details of your exam booking procedure.

Exam candidates are required to have:

  • A desktop or laptop computer with a webcam and microphone
  • Google Chrome browser installed
  • Photo ID such as a student card, an ID card, or a driver’s license
  • A tablet or smartphone with a camera (optional – but required for some courses)
  • A stable Wi-Fi Internet connection with a minimum upload speed of 1.5 Mbps
Please see our examination guide for exact specifications.

Scheduling your exam

You are required to book your exam online at least 96 hours before the exam date.

Please be aware that you can reschedule your exam once (if needed) at least 48 hours before your booked exam date for no additional charge.

top
This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION
TRAINING
Loading...