The Information Security Management Advanced (ISMAS) addresses organisational and managerial aspects of Information Security at the strategic level.
Following on from the EXIN Information Security Foundation, this 3½ day course prepares delegates for the EXIN Information Security Advanced Management examination.
The goal of the course is to ensure that individuals responsible for information within their department or organisation possess a practical understanding of the theory behind its protection.
Successful candidates with information responsibilities; those who plan and implement policy, Information Asset Owners and process managers, are able to consider which controls contained within ISO/IEC 27002 are required in order to mitigate identified risks, ultimately satisfying the specifications of ISO/IEC 27001.
In addition, ISMAS holders offer guidance, support and direction for fellow employees to follow. While encouragement and leadership are good practice, it is also important to have direct oversight of employee activity as it happens in order to ensure basic Information Security measures and controls are maintained.
Course Contents
Risk Assessment – Overview of analysis and evaluation techniques
Relationships – Relationships with other management processes, 3rd party suppliers / partners and customers
Information Security Framework – Identification of controls contained within ISO/IEC 27002 along with other technical standards
Policy – Development and implementation
Legal Compliance – Privacy and protection of personal information
Evaluation – Review of monitoring techniques and auditing practices
Course Format
Information Security Management Advanced (ISMAS) – 3½ Day Course / 90 minute exam
Target Audience
Information Security, Assurance & Governance Managers
IT, IT Security & IT Service Management Heads
Data Protection Managers, Records Managers
Information Risk Managers
Information Asset Owners, Information Asset Accreditors
Information Security Internal Audit Team