Delegates are expected to have the following prior knowledge:
Understand the Plan-Do-Check-Act (PDCA) cycle.
Information security management (Knowledge of the following information security management principles and concepts):
- Awareness of the need for information security;
- the assignment of responsibility for information security;
- incorporating management commitment and the interests of stakeholders;
- enhancing societal values;
- using the results of risk assessments to determine appropriate controls to reach acceptable levels of risk;
- incorporating security as an essential element of information networks and systems;
- the active prevention and detection of information security incidents;
- ensuring a comprehensive approach to information security management;
- continual reassessment of information security and making of modifications as appropriate.
Knowledge of the requirements of ISO/IEC 27001 (with ISO/IEC 27002) and the commonly used information security management terms and definitions, as given in ISO/IEC 27000.
It is therefore recommended that delegates attend the BSI ‘Requirements of ISO/IEC 27001’ Training Course, prior to attending this course. It would also be beneficial to have been involved in, or preferably undertaken, ISMS Audits before attending this course.