Iso 27001

My company is looking to get ISO 27001 certified, and I have to lead that project.
I was wondering if you can recommend any specific training (I am based in Canada) that I can take or certification I can pursue that will help me in the implementation stage. The training does't have to be in a classroom... I'd prefered online as my employer does not have to play, probably wont

, for travel and hotel.
I was able to find two courses here https://training.advisera.com/ , have not watched them yet so I cant say how good they are.

When I was searching for certification, there was GIAC G2700 but that is retired. Any suggestions will be much appreciated.

Find more posts tagged with

Comments

amcnow

Have you checked out PECB? They are headquartered in Montreal.

https://pecb.com/iso-iec-27001-training-courses

https://pecb.com/iso-iec-27001-certifications

There's also APMG International.

http://www.apmg-international.com/en/qualifications/isoiec27001/iso-iec-27001.aspx

636-555-3226

I've never found a "company" that is ISO 27k compliant, so don't shoot for the stars in whatever you end up doing. Most companies I know are always in a constant "we're working towards ISO 27k compliance" mode. Those that say they are "compliant" (Amazon & Microsoft, I'm looking at you) are actually only compliant in this office here, that datacenter over there, etc.

Also, as with all standards or frameworks, compliance does NOT equal security. It sounds good for vendors, execs, unknowing people, auditors, but ISO 27k compliance does NOT mean you're hack proof or have an awesome state of security.

My recommendation for people looking for ISO 27k compliance is to not try to become compliant with every provision, but rather to find the parts that will help secure you the most for the least cost (80/20 rule there) and prioritize those. Don't spend 6 months making an infosec policy at the cost of not actually doing day-to-day operational stuff during those 6 months!

Replicon

Thanks a lot amcnow I found a training,
They have classroom training + certification at the end and they have it in my city next year

If anyone knows any other training center that offers training please let me know.
I searched amazon for books, there are few but they don't seem to have lot of reviews so I am hesitant what to buy.
636-555-3226 I agree with you, I think that will be the next hard question, what to get certified , which component of the company.
I know that having the certification doesn't mean you are certified, but from a PR perspective you can get some clients as an company you'll look more secure, and bottom line you can use that knowledge to improve the overall security in the company, its not just about peace of paper.

ivandavids

Hi

I've recently completed the ISO2001 Lead Auditor training live online at IT Governance - Governance, Risk Management and Compliance for Information Technology and they are awesome. A colleague of mine has just completed the ISO27001 implementer course as well.

hope this helps

Replicon

@ivandavids
Are they prerecorded videos? You think their course are worth it? Is it just a course of there is option to take exam to get certified?

ivandavids

@Replicon -

1. The Lead Auditor training is presented through a live online classroom session by Steve Watkins. He was very good at delivering the content in a manner for all levels to understand.
2. I was fortunate enough to have my work pay for the training. I do not perform the audit function at work but I do work very closely with our internal audit team so the training was very useful.
3. Yes you will be writing a certification exam

rob1234

There exams are pretty easy, you might be better to just book the exam Exams this is the exam they offer that way you get the same qualification for a fraction of the price.

ivandavids

Agree with rob1234 - the exam is not hard at all.

Paul-777

I did the IT Governance 27001 transition course a couple of years ago. It was fine the online training and exam worked ok.

Just my 2p about 27001, it's more about demonstrating good practice to customers and contractural compliance... I don't know any company who did it to "be secure"

Robertf969

So I am a ISO27001 Lead Auditor. I am going to go out on a limb here and assume you are familiar with general security controls. Assuming this is true I don't think you need any training. Your first step will be to buy the standard and begin to build out your ISMS. Your next step will be to determine your scope and boundaries. After that your next step should be to get a gap assessment. Most Certification bodies offer these for significantly less than the cost of certification. Take good notes during the gap and correct all areas that would have resulted in non-conformities. Then pursue certification.

ywesan

Hi,
I am preparing to sit for ISO27001 Foundation exam in Jan/Feb 2017. Is there any recommended books to prepare the exam? I saw some training videos at https://training.advisera.com/course/iso-27001-foundations-course/ but not sure it is enough for exam preparation. Thanks.

chickenlicken09

anyone know the certigication body over these exams? I want to self study and then book but cant find who is over these exams?

UnixGuy

636-555-3226 wrote: »

I've never found a "company" that is ISO 27k compliant, ..
..!

you can be compliant and not certified. A lot of projects demand you to be 'compliant' which does not necessarily mean certified.

As for ISO certified, there is no need to be certified on all the controls, select the ones applicable to your business. It's not hard

chickenlicken09

anyone?

NetworkNewb

eddo1 wrote: »

anyone?

Second post from the top...

chickenlicken09

they look to be training courses, can you send me link?

NetworkNewb

Yea, looks like they only offer courses. That would be the certification body over the exams though.
https://pecb.com/iso-27001-foundation-exam

chickenlicken09

must be a cheaper way to do it! like when i wanted to do my ccna i acquired the material and then booked on pearson vue site.

safernandez

Dear! Greetings from Argentina. I want to consult the following: Can I take the PECB 27001 LA Online exam? Studying with Kate. Try to pay for the certification, but when applying, ask me for data that I do not have, such as:

Exam Number
Date Of Achievement
Exam Issuer

I dont understand the process, to access to the material and schudel the exam! Can you help me!?

Thanks!!!

SteveLavoie

In Quebec, Kereon.com offer some ISO27001 training. Probably in french.

Also, there is on Pluralsight a few hour of training video.