Training Catalogue

Transcription

1 Training Catalogue

2 Table of Content Page Company Profile Training Overview.. Training Catalogue... GRC Fundamentals, Strategy & Implementation Workshop Anti Bribery Management System Implementation ISO Compliance Management Implementation Corporate Compliance Workshop Optimizing Your Program.. Certified ISO Risk Manager PECB/ANSI Mastering Risk Management Workshop Toward Risk Convergence.. Certified ISO Governance of IT Manager PECB Certifies ISO Risk Manager of IT PECB/ANSI Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Auditor PECB/ANSI. Certified ISO Disaster Recovery Manager PECB... Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Auditor PECB/ANSI. Certified ISO Lead Manager PECB... Certified ISO/IEC Application Lead Security Implementer PECB. Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Auditor PECB/ANSI. Certified Outsourcing Manager PECB. Certified Lead Privacy Implementer PECB. Certified Lead Forensic Examiner PECB/ANSI Certified Lead Security Incident Professional PECB. Certified Lead SCADA Security Professional PECB/ANSI Certified Lead Penetration Tester PECB.. Certified ISO Lead Implementer PECB. Certified ISO Lead Auditor PECB... Certified ISO Lead Implementer PECB/ANSI.. Certified ISO Lead Implementer PECB

3 Company Profile What We Do GRC Tech is a training and consultancy firm that assists organisations to understand, implement and comply with Governance, Risk and Compliance (GRC) related best practice standards and frameworks that lead to sustained process and business improvement. We meet the training, awareness and consulting needs of organisations in the following categories: Corporate Governance, Risk and Compliance Strategy and Performance Management IT Governance and IT Service Management Business Continuity and Information Security Management International Experience Since our inception in 2010, GRC Tech has successfully provided training, and has delivered GRC related consultancy projects to leading African and international organisations. We have delivered services in among other, South Africa, Botswana, Tanzania, Namibia, Mauritius, Uganda, Swaziland, Oman, Egypt, Kenya and Nigeria. Our Partners 3

4 Training Overview Our training courses are underpinned by internationally accepted Governance, Risk and Compliance (GRC) best practices based on a range of GRC related frameworks and standards including OCEG Red Book 2.1 & 3.0, ISO 19600, BS 10500, COBIT, ISO 38500, ISO 27005, ISO 27001, ISO and ISO Approach to GRC Management Training Our approach to training provides delegates with valuable practical experience of how to overcome the typical challenges they are likely to experience when undertaking GRC related projects within their own organisations. Delegates enjoy the following benefits: A choice of brief management overview, foundation or intensive practitioner-level courses Course development and presentation by subject-matter experts with in-depth knowledge and experience in their field of expertise Practical course content, hand-outs and interactive group discussions International certification exams for selected courses In-house Training On Demand In-house training provides a cost-effective and timesaving training opportunity, especially where an organisation has more than six staff members to train and / or requires training in remote locations. In-house courses can be facilitated at your organisation's own premises or conducted as a private course at a training venue of your choice Self-Study When you choose to study through GRC Tech training you have the option to select your course(s) from our range of certification programs. We offer you an unrivalled selection of quality distance education courses accredited by PECB the most respected awarding bodies Internationally. All of our students have access to an experienced professional in their field of study. He/she is totally committed to helping you succeed and is always on hand to answer any query you may have, no matter how big or small. Training Courses Available Governance, Risk Management & Compliance (GRC) Anti-Bribery Compliance Risk Management IT Governance, Risk Management & Compliance (IT GRC) IT Security Management Business Continuity & Disaster Recovery Management Professional Courses: CMO, CLPI, CLFE, CLSI, CL-SCADASP, CLPT Project Management Supply Chain Security Management Six Sigma 4

5 5

6 Governance, Risk Management & Compliance (GRC) GRC Fundamentals, Strategy and Implementation 3 Days Who Should Attend! CEO s, COO s, Chief Risk Officer, Chief Compliance Officer, Chief Information Officer, Chief Audit Executives and other Senior Managers. The objective is to give you an insight and practical strategies for your Governance, Risk and Compliance integration by: Defining progressive governance, risk, and compliance roles and responsibilities to move forward from silo management Fulfilling regulatory requirements while achieving a real ROI Increasing productivity and capital by putting an end to silo management Leveraging your current IT systems to integrate GRC Gaining an in-depth view into key risk metrics and policy compliance to improve your risk control and self-assessments About the Workshop The workshop provides an introductory overview of this new global groundswell of GRC, including discussion of the challenges organizations will face and business case that will drive this new movement. Topics covered include: An introduction to GRC: the new corporate must have Explanation of an integrated GRC system How is GRC different from current governance, risk, and compliance assurance methods? Building your business case What current laws require: a global perspective on bare minimum compliance, how the corporate governance bar continues to move upwards Integrated GRC: what parts must be assembled, bought, wired up, or rented to build one? What cultural changes are required to make it work? Setting up and staffing an integrated GRC system Overcoming barriers and avoiding pitfalls Maintaining and sustaining your GRC and measuring its benefits Agenda: GRC Overview: Where Are We Going and How Do We Get There? GRC: What s the Business Case for Change? Achieving GRC Buy-in at the Top and Establishing Clear Roles & Responsibilities Practical Strategies for Implementing GRC Establishing the Desired Enterprise-Wide Culture 6

7 Governance, Risk Management & Compliance (GRC) Business Objectives & Drivers Risk & Opportunities Plan & Design Integrated Approach Programs: The three core principles Oversight Personnel Leaders and Champions Strategic & Operating Personnel Plan & Organize the GRC Implementation The GRC Technology Roadmap 7

8 Anti Bribery Anti Bribery Management System Implementation 2 Days Successful implementation of BS Specification for an anti-bribery management system (ABMS) shows an organisation commitment to ethical behaviour and a vital part of Corporate Governance in a well-managed organisation which can help protect your corporate reputation and avoiding potentially corrupt transactions. Led by an experienced tutor, this two-day course will guide you through an implementation of an effective ABMS, using a combination of practical exercises, group activities and class discussions. Learning Objectives On completion of the course, delegates will be able to know: How to determine the threat of bribery within an organization How to recognize the key management system concepts of BS What are the benefits specific to my organization in relation to implementing an effective ABMS How to identify a typical framework for implementing BS following the Plan-Do- Check-Act (PDCA) cycle How to interpret the requirements of BS from an implementation perspective in the context of your organization How to conduct a base line review of your organizations current position with regard to BS Who Should Attend? Those responsible for anti-bribery management, ethical behaviour, corporate governance, risk and compliance, management systems, anti-bribery measures, human resources, procurement and those managing/selecting business associates especially if operating in high-risk bribery environments. Recommended job roles include: Human resource professionals and managers Company secretaries Internal legal teams Governance, risk and compliance managers Internal affairs and investigation teams Internal and external management systems auditors who are new to ABMS Procurement managers Private data and records administration teams Agenda Introduction to Anti-Bribery Management System (ABMS) concepts as required by BS Introduction to management systems and the process approach Fundamental principles in anti-bribery management General requirements Planning the Anti-Bribery Management System (ABMS) Allocating responsibility 8

9 Writing the anti-bribery policy Reviewing the requirements of the ABMS Designing or modifying the necessary policies, procedures and controls for the ABMS Preparing an implementation plan for the ABMS Monitoring and reviewing the ABMS Continual improvement of the ABMS Pre-Requisites There are no formal prerequisites to attend, however it is recommended that you have some knowledge of ABMS, in particular the BS standard, as well as an understanding of how your organization operates and the likely risks it faces. 9

10 Compliance ISO Compliance Management Implementation 3 Days ISO defines requirements to continually improve a compliance management system s effectiveness. It requires an organisation to establish, develop, document, implement, evaluate, maintain and improve an effective and responsive Compliance Management System (CMS). The policy, objectives and processes needed for compliance management must be determined, including the sequence and interaction, and be applied throughout. Learning Objectives This 3-day course provides delegates with an understanding of the International Organisation for Standardisation s (ISO) standard for compliance management systems ISO Upon successful completion of this course, participants should be able to: Identify compliance requirements and an appropriate system for recording them Plan, document and establish a compliance management system Review a compliance system & its processes Determine the purpose and the scope of compliance research that needs to be undertaken to meet legal and client obligations Define a compliance research plan and gather the required data Analyse the collected data in a manner that is meaningful to the organisation Document and communicate the compliance research outcomes Understand the components of a Continual improvement framework Use a Continual improvement Framework to ensure new ideas and improvements are managed in a consistent and systematic manner Who Should Attend? Compliance managers and officers Internal legal teams Governance, risk and compliance managers IT GRC officers Internal and external management systems auditors who are new to CMS Agenda Introduction to Compliance Management concepts as required by ISO Introduction to management systems and the process approach Fundamental principles in compliance management General requirements: presentation of the clauses of ISO Planning the Compliance Management System (CMS) Allocating responsibility Writing the compliance management policy and framework Reviewing the requirements of the CMS Designing or modifying the necessary policies, procedures and controls for the CMS 10

11 Preparing an implementation plan for the CMS Monitoring and reviewing the CMS Continual improvement of the CMS Pre-Requisites None 11

12 Compliance Corporate Compliance Workshop (Optimizing Your Program) 2 Days To create a program that reflects, incorporates and is integrated with your organization's culture, ethos and corporate compliance objectives, design a program that is tailored and fine-tuned with specific regard to the size, form, complexity and history of your organization, document specific steps taken in the implementation and operation of a compliance program and measure the program with metrics. Learning Objectives To recognize the importance of the mission, meeting compliance goal To set standards to be followed To empower employees to make decisions following prescribed guidelines, to ensure that progress was continuing to achieve agreed-upon goals To establish a decision-support mechanism To document specific steps taken in the implementation and operation of a compliance program To measure the program with metrics Who Should Attend? This workshop is designed for senior managers recognizing the importance of the mission - meeting compliance goals, specifically in terms of what is expected by stakeholders, the regulators, with no exceptions. Governance Officer Compliance Officer Legal Counsel Risk Manager Internal Auditor IT Manager Senior Managers in Planning, Finance, Marketing, Project, HR, etc. Consultants & Business Advisors Agenda Introduction Compliance Key Functions The four aspects of compliance operation: Demonstrating Compliance with relevant regulations Embedding Compliance within your organization Managing the cost of Compliance; and Identifying, addressing and resolving regulatory failures Purism v/s Pragmatism Looking at the Big Picture 12

13 What are the Compliance Issues! Governance Issues Compliance Issues Risk Issues IT Compliance Issues Why focus on compliance programs! Introduction to effective compliance program: Culture Scope & Strategy Structure & Resources Policies Communication & training Issue Management Evaluation The Framework Establishing an Enterprise Compliance Program: The Principles The Roadmap to Effective Compliance Policies, Procedures, and Controls The Measuring Criteria How do we measure! The Metrics The Compliance Maturity Model Awareness (external & internal) Structure & Accountability Culture & Consistency Processes/ Controls Automation & Integration Measurement Technology Reporting on measurement Integration of Compliance into the GRC Framework Case Study XYZ Ltd. 13

14 Risk Management Certified ISO Risk Manager (PECB/ANSI) 3 Days MASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT BASED ON ISO AND IEC/ISO In this three-day intensive course participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to perform an optimal risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will present the ISO general risk management standard, the process model it recommends, and how companies may use the standard. This training is also fully compatible with IEC/ISO 31010; which supports ISO by providing guidance for risk assessment. Learning Objectives To understand the concepts, approaches, methods and techniques allowing an effective Risk Management according to ISO To understand the relationship between the Risk Management and the compliance with the requirements of different stakeholders of an organization To acquire the competence to implement, maintain and manage an ongoing Risk Management program according to ISO compliance with all the other requirements To acquire the competence to effectively advise organizations on the best practices in Risk Management Who Should Attend? Governance Officer Compliance Officer Risk Manager Internal Auditor IT Manager Senior Managers in Planning, Finance, Marketing, Project, HR, etc. Consultants & Business Advisors Agenda Introduction, Risk Management framework according to ISO Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Implementation of a risk management framework Understanding an organization and its context Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO Risk identification Risk analysis and risk evaluation Risk treatment 14

15 Risk acceptance and residual risk management Risk communication and consultation Risk monitoring and review Risk assessment methodologies according to IEC/ISO and Exam Presentation of risk assessment methodologies PECB/ANSI Certification Exam - 2 hours Pre-Requisites None General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Risk Manager Certification fees are included in the exam price Participant manual contain over 350 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to participants 15

16 Risk Management Mastering Risk Management Workshop (Toward Risk Convergence) 2 Days In today's fast-moving, complex operating environment, risk executives need to cultivate an understanding across all areas of risk and business. Business problems are multifaceted, interrelated and increasingly global - executives must possess enhanced skills to identify and address a wide range of risks with an integrated approach and enterprise-wide perspective. This intensive two-day programme exposes participants to a rigorous, yet inspiring blend of theory, practice and cutting-edge research. Learning Objectives Gain a valuable perspective on risk management in terms of corporate governance, as well as its relationship to cultural and stakeholder concerns Expand your network by linking up with a variety of individuals in risk-related fields and various business lines who think and make decisions about risk in the context of the entire enterprise Broaden your knowledge of leading-edge theory and practice, to increase your ability to create and sustain a high level of performance and steer projects to completion through an increased understanding of the issues impacting your organization Take part in focused learning and interact with your peers to improve your decisionmaking, leading to advanced proficiency and strategic advantages. Who Should Attend? Senior risk practitioners Executives with influence over their organization s risk strategy Business-line executives Non-Executive Directors Consultants & Business Advisors Agenda Introduction to GRC & E Defining the terms What is GRC convergence? A View At The Current State An Overview Of Standards Traditional vs Modern Risk Management Challenges with Risk Assessment GRC Risk Convergence - Key issues GRC Risk Convergence The Challenges GRC Risk Convergence Benefits GRC Risk Convergence Defined 16

17 Assessing Risks Developing A Common Shared Context Case Study Control vs Risk Focus Risk Taxonomy: Focus on Risk Types Understanding The Anatomy Of Risk The DNA Of Risk Management The Key Indicator Trio Risk Assessment Methodology Risk Assurance The GRC Framework Building A Business Case GRC Desired State Risk Maturity Level 17

18 IT Governance, Risk Management & Compliance Certified ISO Governance of IT Manager (PECB) 2 Days MASTERING THE FUNDAMENTAL PRINCIPLES AND CONCEPTS OF CORPORATE GOVERNANCE OF INFORMATION TECHNOLOGY BASED ON ISO This two day intensive course enables the participants to develop the necessary expertise to support an organization in implementing corporate governance of Information Technology as specified in ISO/IEC Participants will also gain a thorough understanding of best practices used to implement guidance for Corporate Governance of IT from all areas of ISO ISO/IEC applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization. Learning Objectives To understand the implementation of guidance for the corporate governance of IT in accordance with ISO 38500, & To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of an corporate governance of IT To understand the relationship between the components of a corporate governance of IT, including responsibility, strategy, acquisition, performance, conformance, human behavior To acquire necessary expertise to manage a team implementing ISO Who Should Attend? Project managers or consultants wanting to prepare and to support an organization in the implementation of corporate governance of Information Technology ISO auditors who wish to fully understand the corporate governance of IT implementation process Senior Managers responsible for the IT governance of an enterprise and the management of its risks Members of groups monitoring the resources within the organization External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies; Vendors of hardware, software, communications and other IT products Internal and external service providers (including consultants) Agenda Introduction to corporate governance of IT Fundamental principles of corporate governance of IT Initiation process of corporate governance of IT Definition of the scope Corporate governance application Objectives of ISO Benefits of using this standard Referenced documents ISO & Definitions 18

19 Framework and guidance for good governance of IT Principles Model Responsibility of directors for corporate governance of IT Strategy of IT development Acquisition Performance of corporate governance of IT Conformance Human Behavior PECB Certification Exam - 2 hours General Information After successfully completing the ISO Corporate Governance of IT Manager exam, participants can apply for the credentials of Certified ISO Corporate Governance of IT Provisional Manager or Certified ISO Corporate Governance of IT Manager, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 200 pages of information and practical examples A participation certificate of 14 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 19

20 IT Governance, Risk Management & Compliance Certified ISO IT Risk Manager (PECB/ANSI) 3 Days MASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT IN INFORMATION SECURITY BASED ON ISO In this three-day intensive course participants develop the competence to master the basic risk management elements related to all assets of relevance for information security using the ISO/IEC 27005:2011 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal information security risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will also present other risk assessment methods such as OCTAVE, EBIOS, MEHARI and Harmonized TRA. This training fits perfectly with the implementation process of the ISMS framework in ISO/IEC 27001:2013 standard. Learning Objectives To understand the concepts, approaches, methods and techniques allowing an effective risk management according to ISO To interpret the requirements of ISO on information security risk management To understand the relationship between the information security risk management, the security controls and the compliance with the requirements of different stakeholders of an organization To acquire the competence to implement, maintain and manage an ongoing information security risk management program according to ISO To acquire the competence to effectively advise organizations on the best practices in information security risk management Who Should Attend? Risk managers Member of the information security team Persons responsible for information security or conformity within an organization Staff implementing or seeking to comply with ISO or involved in a risk management program IT consultants Agenda Introduction, risk management program according to ISO Concepts and definitions related to risk management Risk management standards, frameworks and methodologies Implementation of an information security risk management program Understanding an organization and its context Risk identification and assessment, risk evaluation, treatment, acceptance, communication and surveillance according to ISO Risk identification Risk analysis and risk evaluation Risk assessment with a quantitative method Risk treatment 20

21 Risk acceptance and residual risk management Information Security Risk Communication and Consultation Risk monitoring and review Overview of other information security risk assessment methods and exam Presentation of OCTAVE method Presentation of MEHARI method Presentation of EBIOS method Presentation of Harmonized TRA method PECB/ANSI Certification Exam (2 hours) General Information After successfully completing the Certified ISO Risk Manager exam, participants can apply for the credentials of Certified ISO Risk Manager or Certified ISO Risk Manager, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 350 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 21

22 Business Continuity Certified ISO Lead Implementer (PECB/ANSI) 5 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A BUSINESS CONTINUITYMANAGEMENT SYSTEM (BCMS) BASED ON ISO This five-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Business Continuity Management System (BCMS) based on ISO The participants will also gain a thorough understanding of best practices used to implement Business Continuity processes from the ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with BS (Business Continuity Management Specification) and ISO (Guidelines for information and communication technology readiness for Business Continuity) Learning Objectives To understand the implementation of a BCMS in accordance with ISO 22301, ISO or BS To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a BCMS To understand the relationship between the components of a BCMS and the compliance with the other requirements To acquire the necessary expertise to support an organization in implementing, managing and maintaining a BCMS as specified in ISO or BS To acquire the necessary expertise to manage a team implementing ISO or BS Who Should Attend? Project managers or consultants wanting to prepare and support an organization in the implementation of a Business Continuity Management System (BCMS) Business Continuity auditors who wish to fully understand the implementation of a Business Continuity Management System Individuals responsible for the Business Continuity or conformity in an organization Members of a Business Continuity team Expert advisors in Business Continuity Members of organizations that want to prepare for a business continuity function or for a BCMS project management function Agenda Introduction to Business Continuity Management System (BCMS) concepts as required by ISO 22301: Initiating a BCMS Introduction to the management systems and the process approach Presentation of the standards ISO 22301, ISO/PAS 22399, ISO 27031, BS and regulatory framework Fundamental principles of Business Continuity 22

23 Preliminary analysis and determining the level of maturity of the existing BCMS based upon ISO Writing a business case and a project plan for the implementation of a BCMS Planning a BCMS based on ISO Definition of the scope of a BCMS Development of a BCMS and Business Continuity Policies Business Impact Analysis (BIA) and Risk Assessment Implementing a BCMS based on ISO Implementation of a document management framework Design and implementation of Business Continuity processes and writing procedures Development of a training & awareness program and communicating about the BCMS Incident management and emergency management Operations management of a BCMS Controlling, monitoring and measuring e a BCMS and the certification audit of a BCMS in accordance with ISO Monitoring BCMS processes Development of metrics, performance indicators and dashboards Internal audit and management review of a BCMS Implementation of a continual improvement program Preparing for an ISO certification audit PECB/ANSI Certification Exam - 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provisional Implementer, Certified ISO Implementer or Certified ISO Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 23

24 Business Continuity Certified ISO Lead Auditor (PECB/ANSI) 4 Days MASTERING THE AUDIT OF A BUSINESS CONTINUITY MANAGEMENT SYSTEM (BCMS) BASED ON ISO 22301, IN COMPLIANCE WITH THE REQUIREMENTS OF ISO AND ISO This four-day intensive course enables the participants to develop the needed expertise to audit a Business Continuity Management System (BCMS), and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the needed knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO and certification audits according to ISO Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution) necessary for efficient conduct of an audit. This training is compatible with BS audit (Business continuity management specification) and ISO (Guidelines for information and communication technology readiness for business continuity). Learning Objectives To acquire the expertise of performing an ISO or BS internal audit, following the ISO guidelines To acquire the expertise of performing an ISO or BS certification audit, following the ISO guidelines and the specifications of ISO To acquire the expertise necessary for managing a BCMS audit team To understand the operation of the BCMS in accordance with ISO 22301, ISO or BS To understand the relationship between a Business Continuity Management System, including risk management, controls, the relationship & the compliance with the other requirements Who Should Attend? Internal auditors and auditors wanting to perform and lead BCMS certification audits Project managers or consultants wanting to master the BCMS audit process Individuals responsible for Business Continuity or conformity in an organization Members of a Business Continuity team Expert advisors in information technology Technical experts wanting to prepare for a Business Continuity audit function Agenda Introduction to Business Continuity Management System (BCMS) concepts as required by ISO Presentation of the standards ISO 22301, ISO 27031, ISO/PAS 22399, BS and regulatory framework Fundamental principles of Business Continuity ISO certification process 24

25 Business Continuity Management System (BCMS) Detailed presentation of the clauses of ISO22301 Planning and initiating an ISO audit Fundamental audit concepts and principles Audit the approach based on evidence and risk Preparation of an ISO certification audit BCMS documentation audit Conducting an opening meeting Conducting an ISO audit Communication during the audit Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation Audit test plans Formulation of audit findings and documenting of nonconformities Concluding and ensuring the follow-up of an ISO audit Audit documentation Conducting a closing meeting and conclusion of an ISO audit Evaluation of corrective action plans ISO surveillance audit ISO internal audit management program and second party audits PECB/ANSI Certification Exam - 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provisional Auditor, Certified ISO Auditor or Certified ISO Auditor, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 25

26 Business Continuity Certified ISO Disaster Recovery Manager (PECB) 3 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF ICT DISASTER RECOVERY SERVICES ACCORDING TO ISO This three day intensive course enables participants to develop the necessary expertise to support an organization in implementing; maintaining and managing an ongoing Information and Communications Technology Disaster Recovery plan according to ISO Participants will also gain a thorough understanding of best practices described by this International Standard. Learning Objectives To understand the concepts, approaches, methods and techniques for the implementation and effective management of Disaster Recovery services To understand the relationship between ICT Disaster Recovery and the compliance with the requirements of different stakeholders on an organization To acquire the competence to implement, maintain and manage a Disaster Recovery plan in accordance with ISO To acquire the competence to effectively advise organizations on the best practices in ICT Disaster Recovery Who Should Attend? Disaster Recovery of IT Persons responsible for disaster recovery of conformity within an organization Member of a disaster recovery team IT disaster recovery consultants Staff implementing or seeking to comply with ISO or involved in a disaster recovery plan Agenda Introduction, risk assessment and mitigation according to ISO Differences between business continuity and disaster recovery Asset management Risk assessment and mitigation Document management Information security Business continuity Recovery facilities and sites, outsourced services and activation of DR plan according to ISO Recovery facilities Outsourced services Recovery sites Activation of disaster recovery plan Measurement, testing and continual improvement 26

27 Performance measurement Self-assessment Testing Continual improvement PECB Certification Exam 2 Hours General Information The Certified ISO Disaster Recovery Manager exam fully meets the requirements of the PECB Examination and Certification Program (ECP). Certification fees are included in the exam price Participant manual contains over 300 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 27

28 Information Security Management System Certified ISO Lead Implementer (PECB/ANSI) 5 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO This five-day intensive course enables the participants to develop the expertise necessary to support an organization in implementing and managing an Information Security Management System (ISMS) based on ISO/IEC The participants will also be given a thorough grounding in best practices used to implement Information Security controls from all areas of ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is also fully compatible with ISO (Guidelines for the Implementation of an ISMS), ISO (Measurement of Information Security) and ISO (Risk Management in Information Security). Learning Objectives To understand the implementation of an ISMS To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS To acquire the necessary expertise to support an organization in implementing, managing and maintaining an ISMS To acquire the necessary expertise to manage a team implementing ISO Who Should Attend? Compliance project managers Information Security consultants Internal and external ISO auditors Members of an Information Security team Agenda Introduction to Information Security Management System (ISMS) concepts as required by ISO 27001; initiating an ISMS Introduction to the management systems and the process approach Presentation of the ISO family standards and regulatory framework Fundamental principles of Information Security Preliminary analysis and determining the level of maturity based on ISO Writing a business case and a project plan for the implementation of an ISMS Planning the implementation of an ISMS based on ISO Defining the scope of an ISMS Drafting an ISMS and Information Security policies Selection of the approach and methodology for risk assessment Risk management: identification, analysis and treatment of risk (based on ISO 27005) Drafting the statement of applicability 28

29 Implementing an ISMS based on ISO Implementation of a document management framework Design of and implementation of controls Information Security training, awareness and communication program Incident management (drawing on guidance from ISO 27035) Operations management of an ISMS Control, monitor and measure an ISMS and the certification audit of the ISMS in accordance with ISO Monitoring the ISMS controls Development of metrics, performance indicators and dashboards in accordance with ISO ISO internal audit Management review of an ISMS Implementation of a continual improvement program Preparing for an ISO certification audit PECB/ANSI Certification Exam (3 Hours) General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provision Implementer, Certified ISO Implementer or Certified ISO Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 29

30 Information Security Management System Certified ISO Lead Auditor (PECB/ANSI) 4 Days MASTERING THE AUDIT OF AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO 27001, IN COMPLIANCE WITH THE REQUIREMENTS OF ISO AND ISO This four-day intensive course enables the participants to develop the expertise needed to audit an Information Security Management System (ISMS), and manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participants will acquire the knowledge and skills needed to proficiently plan and perform internal and external audits in compliance with certification process of the ISO/IEC standard. Based on practical exercises, the participants will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to conduct an audit efficiently. Objectives To acquire expertise of performing an ISO internal audit, following the ISO guidelines To acquire expertise of performing an ISO certification audit, following the ISO guidelines and the specifications of ISO and ISO To acquire necessary expertise for managing an ISMS audit team To understand the operation of an ISO Who Should Attend? Internal auditors Auditors wanting to perform and lead an ISMS certification audits Members of an Information Security team Technical experts wanting to prepare for an Information Security audit function Agenda Introduction to Information Security Management System (ISMS) concepts as required by ISO Normative, regulatory and legal framework related to Information Security Fundamental principles of Information Security The ISO certification process Detailed presentation of the clauses of ISO Planning and initiating an ISO audit Fundamental audit concepts and principles Audit the approach based on evidence and on risk Preparation of an ISO certification audit Documenting of an ISMS audit Conducting an ISO audit 30

31 Communication during the audit Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation Drafting test plans Formulation of audit findings, drafting of nonconformity reports Concluding and ensuring the follow-up of an ISO audit Audit documentation Conducting a closing meeting and conclusion of an ISO audit Evaluation of corrective action plans ISO surveillance audit and audit management program PECB/ANSI Certification Exam General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provision Auditor, Certified ISO Auditor or Certified ISO Lead Auditor, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, participants are allowed to retake it for free under certain conditions 31

32 Information Security Management System Certified ISO Lead Manager (PECB) 4 Days MASTERING THE FUNDAMENTAL PRINCIPLES, CONCEPTS AND IMPLEMENTATION OF THE BEST PRACTICES OF INFORMATION SECURITY CONTROLS WITHIN THE PROCESS OF IMPLEMENTING AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) BASED ON ISO/IEC This four day intensive course enables the participants to develop the expertise needed to support an organization in implementing and managing the information security controls of an Information Security Management System (ISMS) based on ISO Participants will also be given a thorough grounding in the best practices used to implement information security controls from all the areas of ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). It is also fully compatible with ISO (Guidelines for the Implementation of an ISMS), ISO (Measurement of Information Security) and ISO (Risk Management in Information Security). Learning Objectives To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques related to an ISMS and the required information security controls To understand the initiation, implementation, maintenance and improvement of the ISMS within an organization To acquire the necessary expertise to manage a team implementing ISO To develop the knowledge and skills required to advise organizations on best practices in the management of information security controls To improve the capacity for analysis and decision making in the context of information security controls Who Should Attend? Managers or consultants wanting to implement an Information Security Management System (ISMS) Project managers or consultants wanting to master the Information Security Management System implementation process Persons responsible for the information security or conformity in an organization Members of information security teams Expert advisors in information technology Technical experts wanting to prepare for an Information Security Audit function Persons responsible to develop their own information security management guidelines Agenda Introduction to Information Security Management System (ISMS) concepts and ISO Course objective and structure Standard and regulatory framework Fundamental Principles of Information Security Introduction to Information Security Management System Information security policies Organization of information security 32

33 Implementation of information security controls related to Human Resources, Asset Management and Access Control Human resources security Asset Management Access Control Implementation of information security controls related to Cryptography, Physical and Environment Security, Operations and Network Cryptography Physical and Environmental Security Operations Security Communications security Implementation of information security controls for Systems, Supplier Relationships, Incident Management, Continuity and Compliance System acquisition, development and maintenance Supplier Relationships Information security Incident Management Information security aspects of business continuity management Compliance Golden Rules and Conclusion PECB Certification Exam - 3 Hours General Information After successfully completing the ISO Lead Manager exam, participants can apply for the credentials of Certified ISO Provisional Lead Manager, Certified ISO Manager or Certified ISO Lead Manager, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 33

34 Information Security Management System Certified ISO/IEC Application Lead Security Implementer (PECB) 4 Days MASTERING THE IMPLEMENTATION OF APPLICATION SECURITY (AS) PROCESSES, ACTIVITIES AND SECURITIES TECHNIQUES ACROSS THE ORGANISATION BASED ON THE INTERNATIONAL STANDARD ISO/IEC APPLICATION SECURITY This four-day intensive course enables the participants to understand specific principles and concepts proposed by ISO/ IEC for AS and understand how they can be implemented, step by step, to help organizations to develop, acquire, implement, use, and maintain trustworthy applications, according to their specific business context, at an acceptable cost. More specifically, the ISO/IEC framework proposes components and processes to provide verifiable evidences that an application have reached and maintained a targeted level of trust as specified by the organization. The responsibility of a Certified ISO/IEC Application Security Lead Implementer is to assist organizations to put in place required framework elements and guide the organization to integrate Application Security Controls (ASC) seamlessly throughout the life cycle of their applications. AS applies not only to the software of an application but also to its other components and contributing factors that impact its security, such as its technological context, its regulatory context, its business context, its specifications, the sensitivity of its data, and the processes and actors supporting its entire life cycle. This framework applies to all sizes and all types of organizations (e.g. not only to commercial enterprises, government agencies and nonprofit organizations that are using applications, but also to large, medium and small vendors that develop software, application and business services) exposed to security risks on information associated with their applications. Learning Objectives To understand the implementation of AS in accordance with ISO/IEC To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of AS To understand the relationship between the components of an AS including risk management, controls and compliance with the requirements of different stakeholders of the organization To acquire necessary expertise to support an organization in implementing, managing and maintaining an AS as specified in ISO/IEC To acquire necessary expertise to manage a team implementing ISO/IEC To develop knowledge and skills required to advise organizations on best practices in the management of AS To improve the capacity for analysis and decision making in the context of AS Who Should Attend? Managers, such as information security managers, project managers, administrators, software development managers, application owners and line managers, who wish to: Balance the cost of implementing and maintaining AS against the risks and value it 34

35 represents for the organization; Prepare and to support organization in the implementation of an AS project Provisioning and operation teams such as architects, analysts, programmers, testers, system administrators, DBA, network administrators, and technical personnel, who wish to: minimize the impact of introducing ASC into organizations existing processes, such as design, development, test, deployment, operation, archival and destruction understand which controls should be applied at each stage of an application's life cycle and witch one should be implemented inside the application itself Acquirers and Suppliers who wish to: prepare/comply to requests for proposals that include requirements for ASC and Level of Trust Auditors who wish to: fully understand the AS processes involves in the ISO/IEC Agenda Introduction: AS overview and concepts as proposed by ISO/IEC Introduction to ISO/IEC AS and its global vision Fundamental principles in Information Security Overview, concepts, principles, definitions, scope, components, processes and actors involved in AS Embedded implicit concepts Presentation of the series: ISO/IEC : Overview & concepts ISO/IEC : AS in an organization ISO/IEC : AS in a project ISO/IEC : AS validation, verification and certification ISO/IEC : AS structures requirements ISO/IEC : XML Schemas ISO/IEC : Examples and cases study Implementation of AS based on ISO/IEC Security in application project The Application Security Management Process Provisioning and operating an application Maintaining the Actual Level of Trust on the Targeted Level of Trust Development of AS validation Implementation of AS based on ISO/IEC (cont.) AS at the organization level Goals of AS for a organization The Organization Normative Framework (ONF) The ONF committee The ONF Management process Integration of ISO/IEC elements into the organization s existing processes Design, validation, implementation, verification, operation and evolution of ASCs The ASC libraries The AS Traceability matrix Drafting the certification process Security guidance for specific organizations and applications Case Study implementation examples for small and large organizations 35

36 How can help to resolve conflicting regulations requirements for an application Developing ASCs Acquiring ASCs AS validation and certification The purpose of internal AS audit Minimize the cost of an audit Be sure you have all expected evidences ready Overview of the AS validation and certification process under How to help an organization to be certified How to help an application project to be certified Protocols and ASC data structure based on ISO/IEC An free formal languages for ASC communication ISO/27034 proposed XML schemas, data structure, descriptions, graphical representation ISO/IEC AS final review PECB Certification Exam 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC Application Security Provisional Implementer, Certified ISO/IEC Application Security Implementer or Certified ISO/IEC Application Security Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 350 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 36

37 IT Service Management Certified ISO Lead Implementer (PECB/ANSI) 5 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A SERVICE MANAGEMENT SYSTEM (SMS) BASED ON ISO This five-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Service Management System as specified in ISO/IEC Also, the participants will gain a thorough understanding of in best practices for planning and implementing the Service Management processes starting from the fields of ISO planning and implementing new and changed services, service delivery process, relationship management processes, problem resolution process, control processes and release processes. This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO (Guidelines for the Implementation of an SMS) and ITIL. Learning Objectives To understand the implementation of a Service Management System in accordance with ISO To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques allowing an effective management of a Service Management System To know the interrelationships between ISO/IEC , ISO/IEC and ITIL To acquire expertise to support an organization in implementing, managing and maintaining a Service Management System (SMS) as specified in ISO/IEC To acquire the necessary expertise to manage a team in implementing the ISO standard Who Should Attend? Project managers or consultants willing to implement of a Service Management System (SMS) ISO auditors who wish to fully understand the SMS implementation process Individuals responsible for the SMS conformity in an organization Technical experts wanting to prepare for a SMS function Agenda Introduction to Service Management System (SMS) concepts as required by ISO 20000; initiating a SMS Presentation of the ISO family of standards and comparison with ITIL V2 and V3 Fundamental principles of Service Management System Preliminary analysis and establishment of the maturity level of an existing SMS Writing a business case and a project plan for the implementation of a SMS Planning a SMS based on ISO Definition of the scope of a SMS Definition of a SMS policy and objectives 37

38 Documentation of the processes and procedures and SLAs Budgeting and accounting for IT services Implementing a SMS based on ISO Change, configuration, release, capacity and availability management Service continuity and security management Incident and problem management Operations management of a SMS Controlling, monitoring, measuring and improving a SMS certification audit of a SMS in accordance with ISO Controlling and monitoring a SMS Development of metrics, performance indicators and dashboards ISO internal audit and management review Implementation of a continual improvement program Preparing for an ISO certification audit PECB/ANSI Certification Exam 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC Provisional Implementer, Certified ISO/IEC Implementer or Certified ISO/IEC Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 350 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 38

39 IT Service Management Certified ISO Lead Auditor (PECB/ANSI) 4 Days MASTERING THE AUDIT OF A SERVICE MANAGEMENT SYSTEM (SMS) BASED ON ISO 20000, IN COMPLIANCE WITH THE REQUIREMENTS OF ISO AND ISO This four day intensive course enables the participants to develop the necessary expertise to audit a Service Management System (SMS) based on ISO and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO and certification audits according to ISO Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit. Learning Objectives To acquire the expertise of performing an ISO internal audit, following the ISO guidelines To acquire the expertise of performing an ISO certification audit, following the ISO guidelines and ISO specifications To acquire the necessary expertise of performing a SMS audit team To understand the operation of an ISO conformant service management system To know the interrelationships between ISO/IEC , ISO/IEC and ITIL Who Should Attend? Internal auditors and expert advisors in Service Management Auditors wanting to perform and lead Service Management System (SMS) certification audits Project managers or consultants wanting to master the SMS audit process Individuals responsible for the information technology service conformity in an organization Technical experts wanting to prepare for a SMS audit function Agenda Introduction to Service Management System (SMS) concepts as required by ISO Fundamental principles of service management ISO certification process Service Management System (SMS) Detailed presentation of the clauses of ISO Planning and initiating an ISO audit Fundamental audit concepts and principles Audit the approach based on evidence and risk Preparation of an ISO certification audit SMS documentation audit 39

40 Conducting an opening meeting Conducting an ISO audit Communication during the audit Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation Audit test plans Formulation of audit findings and documenting nonconformities Concluding and ensuring the follow-up of an ISO audit Audit documentation Conducting a closing meeting and conclusion of an ISO audit Evaluation of corrective action plans ISO surveillance and internal audit management program PECB/ANSI Certification Exam 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO/IEC Provisional Auditor, Certified ISO/IEC Auditor or Certified ISO/IEC Lead Auditor depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 350 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 40

41 Professional Certification Certified Outsourcing Manager (PECB) 3 Days MASTERING THE ESTABLISHMENT MANAGEMENT OF AN OUTSOURCING AGREEMENT This three-day intensive course enables participants to develop the necessary expertise to support an organization in outsourcing its activities based on ISO Participants will gain a thorough understanding of how to enter into, and continue to sustain, successful outsourcing arrangements throughout the contractual period. The training covers the entire outsourcing lifecycle and provides a framework which specifies a common outsourcing terminology, defines the actors and their roles in outsourcing lifecycle and governance, provides an industry generic foundation which can be tailored to suit sector specific requirements, describes the processes necessary to fit the outsourcing strategy and aims to enable mutually beneficial collaborative relationships. Learning Objectives Understand the components and the operation of an Outsourcing Framework based on the principles of key standards Understand the complete procurement lifecycle involved in outsource management Master the concept, approaches, standards, methods and techniques to effectively manage an outsourcing project, transition and supplier(s) throughout the procurement lifecycle Interpret the recommendations of ISO in the specific context of an organization Develop the expertise to support an organization to plan, implement, manage, monitor and maintain an effective framework for outsource management Acquire the expertise to advise an organization on outsourcing and supplier management best practice Strengthen the personal qualities necessary to act with due professional care when conducting an outsourcing project or managing outsourced suppliers Who Should Attend Project managers or consultants wanting to prepare and to support organizations on outsourcing their activities Decision makers Stakeholders engaged in outsourcing arrangements Individuals responsible for outsourcing within an organization Professionals interested in earning certification related to outsourcing Risk managers Professional consultants Expert advisors in outsourcing Persons and organizations involved in outsourcing tasks Agenda Fundamental Outsourcing Principles and Outsourcing Governance Concepts and definitions related to outsourcing 41

42 Principles of outsourcing Outsourcing standards, frameworks and methodologies Analysis of the outsourcing lifecycle Outsourcing governance Audit Outsourcing strategy analysis The procurement lifecycle from requirements to supplier selection Risk management related to outsourcing Creating and presenting a business case Initiating and selecting an outsourcing project Supplier selection Definition of the organizational structure of outsourcing Implementing the transition and transformation plan The procurement lifecycle from monitoring through to termination Transition of knowledge, people, process and technology Measuring, monitoring, and evaluating the delivery value Exit, termination and migration of an outsourcing agreement Competence and evaluation of outsourcing managers PECB Certification Exam 3 Hours GENERAL INFORMATION A certificate of Certified Outsource Manager will be issued to those participants who successfully pass the exam and comply with all the other requirements. Certification fees are included in the exam price Participant manual contains over 350 pages of information and practical examples A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 42

43 Professional Certification Certified Lead Privacy Implementer (PECB) 4 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF PRIVACY FRAMEWORK This four-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Privacy Framework based on ISO Participants will gain a thorough understanding of how to design, build and lead organizations privacy programs in all processes of ICT systems and services, through the use of best practices. The training provides a privacy framework which specifies a common privacy terminology, defines the actors and their roles in processing personally identifiable information (PII), describes privacy safeguarding considerations and provides references to known privacy principles for information technology. Learning Objectives To understand the core competences on Privacy Framework To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective protection of personally identifiable information (PII) To define privacy safeguarding requirements related to PII within an ICT environment To understand the relationship between the components of Privacy Framework with existing security standards and various applicable laws To acquire necessary expertise in privacy governance, specifically in personally identifiable information governance To acquire necessary expertise in privacy risk management compliance connected with personally identifiable information To develop knowledge and skills required to advise for improve organizations privacy programs through the use of best practices To improve the capacity for analysis of privacy incident management Who Should Attend? Project managers or consultants wanting to prepare and to support organizations on implementing and managing a Privacy Framework Security auditors who wish to fully understand the Privacy Framework implementation process Experienced IT security management professionals IT security professionals interested in earning Privacy Management Framework certification Privacy Officers, Data Protection Officers, and Compliance professionals with an interest in privacy legislation and risk Security professionals with front-line experience Information security staff Expert advisors in information technology Persons and organizations involved in tasks where privacy controls are required for the processing of PII Agenda 43

44 Introduction to Privacy Framework concepts as recommended by ISO Privacy Framework based on ISO and regulatory framework Fundamental Principles of Privacy Privacy Legislation US & Europe Writing a business case and a project plan for the implementation of a Privacy Framework Initiating the Privacy Framework implementation Planning the implementation of the Privacy Framework Preliminary analysis of Existing Controls Leadership and approval of the Privacy Framework project Defining the scope of a Privacy Framework Development of a Privacy policy Selection of the approach and methodology for risk assessment Control Statement and management decision to implement the Privacy Framework Definition of the organizational structure of Privacy Implementing a Privacy Framework Implementation of a document management framework Design of controls and writing procedures and specific policies Implementation of privacy controls Development of a training & awareness program and communicating about the privacy Incident management Operations Management Privacy Framework measurement and continuous improvement Monitoring, Measurement, Analysis and Evaluation Internal Audit Management Review Treatment of problems and points of concern Continual improvement Competence and evaluation of implementers PECB Certification Exam 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified Provisional Privacy Implementer, Certified Privacy Implementer or Certified Privacy Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 44

45 Professional Certification Certified Lead Forensic Examiner (PECB) 5 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF COMPUTER FORENSICS PROCESSES This five-day intensive course enables the participants to develop the necessary expertise in mastering the computer forensics processes as specified in CLFE certification. Participants will gain a thorough understanding of fundamental computer forensics, based on the best practices used to implement the forensics evidence recovery and analytical processes. The CLFE certification focuses on core skills required to collect and analyze; data from Windows, Mac OS X, Linux computer systems, as well as from mobile devices. Learning Objectives To ensure that the CLFE can protect him or herself against injury, threat to credibility and protect the integrity of the examined media throughout the computer forensics operation To ensure that the CLFE can conduct a complete computer forensics operation and determine the course of action to be followed in order to achieve the goal of the operation To ensure that the CLFE can safely handle computers, extract and install peripherals and components, relate the presence of certain ports to the actual or eventual presence of a media containing information to be examined To ensure that the CLFE has a clear knowledge where the information can be found on an electronic media or bit-stream image of a media, it would be operating the systems or user information, actual deleted or hidden information To ensure that the CLFE can conduct a forensically sound examination, extraction and preservation of evidence located on a network, in the cloud or in a virtual environment To ensure that the CLFE can conduct a basic, yet forensically sound examination of a cell phone or tablet To ensure that the CLFE can use efficiently the tools (software, hardware and supplies) of the field examination kit for a better goal achievement of the computer forensics operation To ensure that the CLFE can justify the way an artifact was acquired or left behind in an ordered, standard and forensically sound manner Who Should Attend? Computer Forensic specialists Electronic data analysts Specialists in computer search and evidence recovery Professionals working or interested in law enforcement Professionals willing to advance their knowledge in computer forensic analysis Members of an information security team Expert advisors in information technology Individuals responsible for examining media to extract and disclose data Agenda Introduction to scientific principles of Computer Forensics operations Scientific principles of computer forensics 45

46 Introduction to computer forensics process approach The analysis and implementation of the fundamental operations Preparation and execution of forensics procedures and operations The computer and operating structure Identification and selection of the characteristics of the computer structure Identification of peripherals and other components Understanding the operating systems Extraction and analysis of the file structure Forensics of networks and mobile devices Understanding the network, cloud and virtual environments Generic methods for data examination in a virtual environment Examination of a cell phone or tablet Enumeration of cell phones and tablets needed for forensics examination Storage of information in mobile devices Computer Forensics tools and methodologies Enumeration and examination of the computer hardware and software Determination and testing of corrective measures Analysis and selection of the best procedures for computer forensics operation Discovery, documentation and return of the evidence on-site Analyzing and applying the contextual parameters PECB/ANSI Certification Exam 3 Hours General Information A certificate of Certified Lead Forensics Examiner will be issued to those participants who successfully pass the exam and comply with all the other requirements. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 46

47 Professional Certification Certified Lead Security Incident Professional (PECB) - 4 Days MASTERING THE INCIDENT MANAGEMENT PROCESS BASED ON ISO In this four-day intensive course participants develop the competence to master a model for implementing an incident management process throughout their organization using the ISO standard as a reference framework. Based on practical exercises, participants acquire the necessary knowledge and skills to manage information security incidents in time by being familiar with their life cycle. During this training, we will present the ISO information security incident management standard, a process model for designing and developing an organizational incident management process, and how companies may use the standard. This training is also fully compatible with ISO 27035; which supports ISO by providing guidance for incident management. The course material has also taken into consideration leading industry standards, such as NIST SP Learning Objectives To understand the concepts, approaches, methods, tools and techniques allowing an effective information security incident management according to ISO To understand, interpret and provide guidance on how to implement and manage incident management processes based on best practices of ISO and other relevant standards To acquire the competence to implement, maintain and manage an ongoing information security incident management program according to ISO To acquire the competence to effectively advise organizations on the best practices in information security management Who Should Attend? Incident managers Business Process Owners Information Security Risk Managers Regulatory Compliance Managers Members of Incident Response Team Persons responsible for information security or conformity within an organization Business Continuity Managers Security and Business Process consultants Agenda Introduction, incident management framework according to ISO Section 2: Information security incident management ISO core processes Fundamental principles of information security Linkage to business continuity Legal and ethical issues Planning the implementation of an Organizational Incident Management Process based on ISO Initiating a Security Incident Management Process 47

48 Understanding the organization and clarifying the objectives Plan and prepare Roles and functions Policies and procedures Implementing an Incident Management Process Communication planning First implementation steps Implementation support items Implementing Detecting and Reporting Implementing Assessment and Decision Implementing Responses Implementing Lessons Learned Transition to Operations Monitoring, measuring and improving an Incident Management Process Further Analysis Analysis of Lessons Learned Corrective actions Competence and evaluation of incident managers PECB Certification Exam 3 Hours General Information After successfully completing the Certified Lead Security Incident Professional exam, participants can apply for the credentials of Certified Provisional Lead Security Incident Professional or Certified Lead Security Incident Professional, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 48

49 Professional Certification Certified Lead SCADA Security Professional (PECB/ANSI) 5 Days MASTERING THE SKILLS OF A SCADA SECURITY PROFESSIONAL This five-day intensive course enables participants to develop the necessary expertise to plan, design, and implement an effective program to protect SCADA systems. Participants will be able to understand common Industrial Control System (ICS) threats, vulnerabilities, and risks related to ICS systems and how they can be managed. This training focuses on a mix of knowledge and skills related to SCADA/ICS security. The course has been designed by industry experts; with in-depth experience in SCADA and Industrial Control Systems Security. Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to advice on, or manage risks related to SCADA environments and systems. Given the high profile nature, and the significant impacts associated with such environments, a holistic professional approach to security is needed and that is exactly what this course is designed to provide. In addition to presenting the theoretical knowledge needed by a SCADA Security Professional, a comprehensive methodology for the implementation is presented. Thus, at the end of this course, participants will gain knowledge on how to effectively implement a security program for SCADA/ICS systems. Learning Objectives To understand and explain the purpose and risks to SCADA Systems, Distributed Control Systems and Programmable Logic Controllers. To understand the risks faced by these environments and the appropriate approaches to manage such risks. To develop the expertise to support a pro-active SCADA security program including policies and vulnerability management. To define and design network architecture incorporating defense in depth security controls for SCADA. To explain the relationship between management, operational and technical controls in a SCADA security program. To improve the ability to design resilient high availability SCADA systems. To be able to manage a program of effective security testing activities. Who Should Attend? Security professionals wanting to gain SCADA security professional skills IT staff looking to enhance their technical skills and knowledge IT and Risk Managers seeking a more detailed understanding of ICS and SCADA systems SCADA system developers SCADA Engineers and Operators SCADA IT personnel Agenda Introduction to SCADA and ICS with Fundamental Principles Course objective and structure Fundamental principles and concepts of SCADA and SCADA Security Industrial Control Systems (ICS) characteristics, threats and vulnerabilities 49

50 Designing a Security Program and Network Security Architecture SCADA Security Program, design, development and implementation Risk assessment Network security architecture for SCADA Systems Implementing ICS Security Controls, Incident Management and Business Continuity Development and implementation of security controls for SCADA Systems Incident management in relation to SCADA Business Continuity and Disaster recovery Monitoring, measurement analysis and evaluation of SCADA security Security testing of SCADA systems Testing principles Legal and ethical issues Penetration testing approaches Security testing of ICS Management of a penetration test Documentation of the test, quality review and report Maintaining a testing program PECB/ANSI Certification Exam 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified Lead SCADA Security Professional. A certificate will be issued to participants who successfully pass the exam and comply with all the other requirements. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 50

51 Professional Certification Certified Lead Penetration Tester (PECB) 5 Days MASTERING THE LEADERSHIP OF A PROFESSIONAL PENETRATION TEST This five-day intensive course enables participants to develop the necessary expertise to lead a professional penetration test using a mix of practical technical techniques and management skills. The course has been designed by Industry experts; with in-depth experience in the Penetration Testing fields. Unlike other certifications, this course focuses specifically on the knowledge and skills needed by a professional looking to lead or take part in a penetration test. We drill down into the latest technical knowledge, tools and techniques in key areas including Infrastructure, Web Application and Mobile security as well as Social Engineering. In addition, the course focuses on how to practically apply what has been learned on current day-to-day penetration testing and does not expand on unrelated, dated or unnecessary theoretical concepts. Along with the in-depth technical hands on skills we teach our participants the management skills they need to lead a penetration test taking into account business risk and key business issues, allowing individuals who complete the course to have the right blend of the real business and technical competencies needed to be a respected, understood and professional penetration tester. On day four of the course delegates get to use the skills learned in a comprehensive capture the flag penetration testing exercise. Learning Objectives To be able to interpret and illustrate the main Penetration Testing Concepts and Principles To understand the core technical knowledge needed to organize and carry out an effective set of tests To learn how to effectively plan a penetration test and identify a scope which is suitable and appropriate based on risk To learn the practical hands on skills and relevant tools and techniques to conduct a penetration testing effectively To effectively manage the time and resources needed to scale a specific Penetration Test Educational Approach This training is based on both theory and practice: Sessions of lectures illustrated with examples based on real cases Practical exercises based on a full case study and lab environment to carry out test using real tools and techniques Review exercises to assist the exam preparation To benefit from the practical exercises, the number of training participants is limited Agenda Introduction to Penetration Testing, ethics, planning and scoping Penetration testing principles Legal and ethical issues Fundamental principles of information security and risk management 51

52 Penetration testing approaches Phases of penetration testing Management of a penetration test Technical Foundation Knowledge and Techniques (with practical exercises in all areas) Network and Infrastructure Security Web Application Security Mobile Application Security Social Engineering Conducting a penetration test using tools and techniques and review of testing areas Conducting a penetration test Infrastructure testing Conducting a penetration test Web application penetration testing Conducting a penetration test Social engineering testing Conducting a penetration test Physical security testing Analyzing results from testing, reporting and follow up Documentation of the test quality review and reporting Action plans and follow up Managing a test program Practical Capture the flag exercises A 3 hour in class penetration test to be carried out by the delegates PECB Certification Exam 3 Hours Examination and Certification The "Certified Penetration Tester" exam fully meets the requirements of the PECB Examination Certification Program (ECP). 52

53 Project Management Certified ISO Lead Implementer (PECB) 4 Days MASTERING THE MANAGEMENT OF A PROJECT BASED ON ISO This four-day intensive course enables participants to develop the necessary expertise to support an organization in implementing Guidance on Project Management as specified in ISO Participant will also gain a thorough understanding of best practices used to implement Project Management processes. This training is consistent with the project management practices in ISO 1006 (Quality Management Systems - Guidelines for Quality Management in Projects). Learning Objectives To understand the implementation of Guidance on Project Management in accordance with ISO To gain a comprehensive understanding of the concepts, approaches, methods, techniques and processes allowing an effective project management according to ISO To understand the relationship between the project management and the compliance with the requirements of different stakeholders of an organization To acquire the competence to initiate, plan, implement, control and close a project as specified in ISO To acquire the competence to effectively advise organizations on the best practices in project management Who Should Attend? Project managers Operations managers Program managers Quality managers Senior managers Consultants Members of a Project Management team Project sponsors Agenda Introduction, project management framework and project management concepts and processes as specified in ISO 21500; initiating processes Introduction to project management Terms and definitions related to Project Management Project Management standards, frameworks and methodologies Project Management concepts and their relationships Project Management processes Initiation of Project Management processes Planning the processes as specified in ISO Develop project plans 53

54 Define scope, create work breakdown structure and define activities Estimate resources and define project organization Sequence activities, estimate activity durations and develop schedule Estimate costs and develop budget Identify and assess risks Plan quality Plan procurements Plan communications Implementing the processes as specified in ISO Direct project work Manage stakeholders Develop project team Treat risks Perform quality assurance Select suppliers Distribute information Controlling and closing the processes as specified in ISO Control project work and changes Control scope Control resources and manage project team Control schedule Control costs Control risks Perform quality control Administer procurements Manage communications Close project phase or project PECB Certification Exam 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provisional Implementer, Certified ISO Implementer or Certified ISO Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 54

55 Project Management Certified ISO Lead Auditor (PECB) 4 Days MASTERING THE AUDIT OF GUIDANCE ON PROJECT MANAGEMENT BASED ON ISO 21500, IN COMPLIANCE WITH THE REQUIREMENTS OF ISO AND ISO This four-day intensive course enables the participants to develop the necessary expertise to audit Guidance on Project Management as specified in ISO and to manage a team of auditors by applying widely recognized audit principles, procedures and techniques. During this training, the participant will acquire the necessary knowledge and skills to proficiently plan and perform internal and external audits in compliance with ISO and ISO Based on practical exercises, the participant will develop the skills (mastering audit techniques) and competencies (managing audit teams and audit program, communicating with customers, conflict resolution, etc.) necessary to efficiently conduct an audit. Learning Objectives To acquire expertise to perform an ISO internal audit following ISO guidelines To acquire necessary expertise to manage a GPM audit team To understand the concepts and processes of a Project Management To understand the relationship between Project Management and compliance with the requirements of different stakeholders Who Should Attend? Internal auditors Auditors wanting to perform and lead guidance on Project Management (GPM) audits Project managers Senior managers Quality managers Members of a Project Management team Agenda Introduction to concepts and processes of Project Management as specified in ISO Introduction to Project Management Terms and definitions related to Project Management Project Management standards, frameworks and methodologies Detailed presentation of the clauses of ISO Planning and initiating an ISO audit Fundamental audit concepts and principles Audit approach based on evidence and on risk Preparation of an ISO audit Conducting an opening meeting Conducting an ISO audit Communication during the audit 55

56 Audit procedures: observation, document review, interview, sampling techniques, technical verification, corroboration and evaluation Audit test plans Formulation of audit findings Documenting nonconformities Concluding and ensuring the follow-up of an ISO audit Audit documentation Quality review Conducting a closing meeting and conclusion of an ISO audit Evaluation of corrective action plans ISO surveillance audit ISO internal audit management program PECB Certification Exam 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provisional Auditor, Certified ISO Auditor or Certified ISO Lead Auditor depending on their level of experience. Those credentials are available for internal and external auditors. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 56

57 Supply Chain Security Management Certified ISO Lead Implementer (PECB/ANSI) 4 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF A SUPPLY CHAIN SECURITY MANAGEMENT SYSTEM (SCSMS) BASED ON ISO This four-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing and managing a Supply Chain Security Management System (SCSMS) based on ISO Participants will also gain a thorough understanding in best practices used to implement supply chain security controls from all areas of ISO This training is consistent with the project management practices established in ISO (Quality Management Systems - Guidelines for Quality Management in Projects). This training is fully compatible with ISO (Guidelines for the Implementation of a SCSMS). Learning Objectives To understand the implementation of a Supply Chain Security Management System in accordance with ISO To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Supply Chain Security Management System To acquire the necessary expertise to support an organization in implementing, managing and maintaining a SCSMS as specified in ISO To acquire the necessary expertise to manage a team implementing ISO Who Should Attend? Project managers or consultants willing to prepare and to support an organization in the implementation of an SCSMS ISO auditors who wish to fully understand the SCSMS implementation process Persons responsible for the Supply Chain Security or conformity in an organization Expert advisors in physical security Agenda Introduction to Supply Chain Security Management System (SCSMS) concepts as required by ISO 28000; initiating a SCSMS Introduction to management systems and the process approach Presentation of the standards ISO 28000, ISO 28001, ISO and regulatory and legal framework related to Supply Chain Security Preliminary analysis and establishment of the maturity level of an existing SCSMS based upon ISO Writing a business case and a project plan for the implementation of an SCSMS Planning a SCSMS based on ISO Definition of the scope of an SCSMS Development of SCSMS and Supply Chain Security policies Selection of the approach and methodology for security risk assessment Security risk management (identification, analysis and treatment of risk) Development of a security plan 57

58 Implementing a SCSMS based on ISO Implementation of a document management framework Implementation of processes and controls Development of a training & awareness program and communication about the supply chain security Operations management of an SCSMS Controlling, monitoring and measuring a SCSMS and the certification audit of a SCSMS Controlling and monitoring the SCSMS controls Development of metrics, performance indicators and dashboards ISO internal audit and management review of a SCSMS Implementation of a continual improvement program Preparing for an ISO certification audit PECB/ANSI Certification Exam 3 Hours General Information After successfully completing the exam, participants can apply for the credentials of Certified ISO Provisional Implementer, Certified ISO Implementer or Certified ISO Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 58

59 Six Sigma Certified ISO Lead Implementer (PECB) 4 Days MASTERING THE IMPLEMENTATION AND MANAGEMENT OF QUANTITATIVE METHODS IN PROCESS IMPROVEMENT SIX SIGMA BASED ON ISO This four-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Six Sigma process improvement based on quantitative methods of ISO Participants will also gain a thorough understanding of best practices used to implement DMAIC methodology based on requirements from ISO Learning Objectives To understand the implementation and management of quantitative methods in process improvements Six Sigma in accordance with ISO To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Six Sigma process To understand the relationship between the components of Six Sigma quantitative methods in process improvement and the compliance with the requirements of different stakeholders of an organization To acquire necessary expertise to support an organization in implementing, managing and maintaining Six Sigma quantitative methods in process improvement as specified in ISO and ISO To acquire necessary expertise to manage a team implementing ISO To develop knowledge and skills required to advise organizations on best practices in the management of quantitative methods in process improvement Six Sigma To improve the capacity for analysis and decision making in the context of process improvement management To prepare an organization for an ISO audit Who Should Attend? Project managers or consultants willing to prepare and to support an organization in the implementation of a Six Sigma methodology Quality executives and/or quality engineers ISO auditors who wish to fully understand the Six Sigma method Persons responsible for the quality or conformity in an organization Members of a quality team Expert advisors in quantitative methods in process improvements Technical experts (Quality technicians, plant managers, managers of customer service, operations managers, CEO s, etc.) who want to prepare for a quality function or for a management of process improvements based on quantitative methods. Agenda Introduction to management of a quantitative method in process improvement Six Sigma concepts as required by ISO Introduction to Six Sigma quantitative methods for process improvement Fundamental principles of Process Improvement 59

60 Normative frameworks and methodologies related to Quantitative methods process improvement Six Sigma s relationship with Quality Management (ISO 9001) Understanding the requirements of ISO clause-by-clause Definition and measurement according to Six Sigma Six Sigma measures Identification and analysis of customer needs and requirements The role of personnel in Six Sigma Master black belt, black belt, green belt, yellow belt Analysis and Improvement according to Six Sigma Six Sigma project prioritization and selection DMAIC methodology Development of a training & awareness process Control Six Sigma tools and techniques Controlling and monitoring a quantitative method in process improvement project Six Sigma infrastructures within an organization Tools and techniques used for Six Sigma according to ISO internal audit Preparing for a ISO certification audit PECB Certification Exam 3 Hours General Information After successfully completing the exam, the participants can apply for the credentials of Certified ISO Provisional Implementer, Certified ISO Implementer or Certified ISO Lead Implementer, depending on their level of experience. Certification fees are included in the exam price Participant manual contains over 450 pages of information and practical examples A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of the exam, the participants are allowed to retake it for free under certain conditions 60

61 South Africa Office GRC Tech (Pty) Ltd Corner Hyperion Road & Witkoppen Dr. Northriding Randburg 2138 South Africa Tel: URL: Mauritius Office GRC Tech Services Ltd 5 th Floor Orbis Court St Jean Road Quatre Bornes Mauritius Tel: [email protected] URL: 61