About this course

In this five-day intensive course participants develop the competence to master a model for implementing an incident  management process throughout their organization using the ISO 27035 standard as a reference framework. Based on  practical exercises, participants acquire the necessary knowledge and skills to manage information security incidents in  time by being familiar with their life cycle. During this training, we will present the ISO 27035 information security incident  management standard, a process model for designing and developing an organizational incident management process,  and how companies may use the standard. This training is also fully compatible with ISO 27035 which supports ISO  27001 by providing guidance for incident management. The course material has also taken into consideration leading industry standards, such as NIST SP 800-61.

Who should attend?

  • Incident managers
  • Business Process Owners
  • Information Security Risk Managers
  • Regulatory Compliance Managers
  • Members of Incident Response Team
  • Persons responsible for information security or conformity within an organization
  • Business Continuity Managers
  • Security and Business Process consultants

Learning Objectives

  • To understand the concepts, approaches, methods, tools and techniques allowing an effective information security incident management according to ISO 27035
  • To understand, interpret and provide guidance on how to implement and manage incident management processes based on best practices of ISO 27035 and other relevant standards
  • To acquire the competence to implement, maintain and manage an ongoing information security incident management program according to ISO 27035
  • To acquire the competence to effectively advise organizations on the best practices in information security management

Course Agenda

Day 1: Introduction, incident management  framework according to ISO 27035

  • Section 2 Information security incident management
  • ISO 27035 core processes
  • Fundamental principles of information security
  • Linkage to business continuity
  • Legal and ethical issues

Day 2: Planning the implementation of an Organizational Incident Management Process based on ISO 27035

  • Initiating a Security Incident Management Process
  • Understanding the organization and clarifying the  objectives
  • Plan and prepare
  • Roles and functions
  • Policies and procedures

Day 3: Implementing an Incident Management  Process

  • Communication planning
  • First implementation steps
  • Implementation support items
  • Implementing Detecting and Reporting
  •  Implementing Assessment and Decision
  • Implementing Responses
  • Implementing Lessons Learned
  • Transition to Operations

Day4: Monitoring, measuring and improving an Incident Management Process

  • Further Analysis
  • Analysis of Lessons Learned
  • Corrective actions
  • Competence and evaluation of incident managers

Day 5: Certification Exam

Training Info

Language: Conducted in Thai Language
Duration: 5 Days
ACinfotec Training Center
16th Fl., Asia Centre Bldg., South Sathorn Rd.
Training Fees: 51,500 BAHT (Ex.Vat 7%)
Tel : 02 670 8980-3 ext. 304, 305
E-mail: [email protected]