Iso 27001
Replicon
Member Posts: 124 ■■■□□□□□□□
My company is looking to get ISO 27001 certified, and I have to lead that project.
I was wondering if you can recommend any specific training (I am based in Canada) that I can take or certification I can pursue that will help me in the implementation stage. The training does't have to be in a classroom... I'd prefered online as my employer does not have to play, probably wont
, for travel and hotel.
I was able to find two courses here https://training.advisera.com/ , have not watched them yet so I cant say how good they are.
When I was searching for certification, there was GIAC G2700 but that is retired. Any suggestions will be much appreciated.
I was wondering if you can recommend any specific training (I am based in Canada) that I can take or certification I can pursue that will help me in the implementation stage. The training does't have to be in a classroom... I'd prefered online as my employer does not have to play, probably wont
, for travel and hotel.I was able to find two courses here https://training.advisera.com/ , have not watched them yet so I cant say how good they are.
When I was searching for certification, there was GIAC G2700 but that is retired. Any suggestions will be much appreciated.
Comments
-
amcnow
CISSP, CEH, CHFI, SAFe 4 Practitioner, ITIL v3 Foundation, A+, additional certs for outdated technol Circle CityMember Posts: 215 ■■■□□□□□□□
Have you checked out PECB? They are headquartered in Montreal.
https://pecb.com/iso-iec-27001-training-courses
https://pecb.com/iso-iec-27001-certifications
There's also APMG International.
http://www.apmg-international.com/en/qualifications/isoiec27001/iso-iec-27001.aspxWGU - Master of Science, Cybersecurity and Information Assurance
Completed: JIT2, TFT2, VLT2, C701, C702, C706, C700, FXT2
In Progress: C688
Remaining: LQT2Aristotle wrote:For the things we have to learn before we can do them, we learn by doing them. -
636-555-3226
Member Posts: 976 ■■■■■□□□□□
I've never found a "company" that is ISO 27k compliant, so don't shoot for the stars in whatever you end up doing. Most companies I know are always in a constant "we're working towards ISO 27k compliance" mode. Those that say they are "compliant" (Amazon & Microsoft, I'm looking at you) are actually only compliant in this office here, that datacenter over there, etc.
Also, as with all standards or frameworks, compliance does NOT equal security. It sounds good for vendors, execs, unknowing people, auditors, but ISO 27k compliance does NOT mean you're hack proof or have an awesome state of security.
My recommendation for people looking for ISO 27k compliance is to not try to become compliant with every provision, but rather to find the parts that will help secure you the most for the least cost (80/20 rule there) and prioritize those. Don't spend 6 months making an infosec policy at the cost of not actually doing day-to-day operational stuff during those 6 months! -
Replicon
Member Posts: 124 ■■■□□□□□□□
Thanks a lot amcnow I found a training,
They have classroom training + certification at the end and they have it in my city next year
If anyone knows any other training center that offers training please let me know.
I searched amazon for books, there are few but they don't seem to have lot of reviews so I am hesitant what to buy.
636-555-3226 I agree with you, I think that will be the next hard question, what to get certified , which component of the company.
I know that having the certification doesn't mean you are certified, but from a PR perspective you can get some clients as an company you'll look more secure, and bottom line you can use that knowledge to improve the overall security in the company, its not just about peace of paper. -
ivandavids
Member Posts: 50 ■■□□□□□□□□
Hi
I've recently completed the ISO2001 Lead Auditor training live online at IT Governance - Governance, Risk Management and Compliance for Information Technology and they are awesome. A colleague of mine has just completed the ISO27001 implementer course as well.
hope this helps -
Replicon
Member Posts: 124 ■■■□□□□□□□
@ivandavids
Are they prerecorded videos? You think their course are worth it? Is it just a course of there is option to take exam to get certified? -
ivandavids
Member Posts: 50 ■■□□□□□□□□
@Replicon -
1. The Lead Auditor training is presented through a live online classroom session by Steve Watkins. He was very good at delivering the content in a manner for all levels to understand.
2. I was fortunate enough to have my work pay for the training. I do not perform the audit function at work but I do work very closely with our internal audit team so the training was very useful.
3. Yes you will be writing a certification exam
-
Paul-777
Member Posts: 12 ■□□□□□□□□□
I did the IT Governance 27001 transition course a couple of years ago. It was fine the online training and exam worked ok.
Just my 2p about 27001, it's more about demonstrating good practice to customers and contractural compliance... I don't know any company who did it to "be secure" -
Robertf969
Member Posts: 190
So I am a ISO27001 Lead Auditor. I am going to go out on a limb here and assume you are familiar with general security controls. Assuming this is true I don't think you need any training. Your first step will be to buy the standard and begin to build out your ISMS. Your next step will be to determine your scope and boundaries. After that your next step should be to get a gap assessment. Most Certification bodies offer these for significantly less than the cost of certification. Take good notes during the gap and correct all areas that would have resulted in non-conformities. Then pursue certification. -
ywesan
Registered Users Posts: 1 ■□□□□□□□□□
Hi,
I am preparing to sit for ISO27001 Foundation exam in Jan/Feb 2017. Is there any recommended books to prepare the exam? I saw some training videos at https://training.advisera.com/course/iso-27001-foundations-course/ but not sure it is enough for exam preparation. Thanks. -
chickenlicken09
Senior Member Member Posts: 531 ■■■■□□□□□□
anyone know the certigication body over these exams? I want to self study and then book but cant find who is over these exams?
-
UnixGuy
Are we having fun yet? Mod Posts: 4,171 Mod
636-555-3226 wrote: »I've never found a "company" that is ISO 27k compliant, ..
..!
you can be compliant and not certified. A lot of projects demand you to be 'compliant' which does not necessarily mean certified.
As for ISO certified, there is no need to be certified on all the controls, select the ones applicable to your business. It's not hardGoal: MBA, Jan 2021 -
chickenlicken09
Senior Member Member Posts: 531 ■■■■□□□□□□
they look to be training courses, can you send me link?
-
NetworkNewb
Member Posts: 3,298 ■■■■■■■■■□
Yea, looks like they only offer courses. That would be the certification body over the exams though.
https://pecb.com/iso-27001-foundation-exam -
chickenlicken09
Senior Member Member Posts: 531 ■■■■□□□□□□
must be a cheaper way to do it! like when i wanted to do my ccna i acquired the material and then booked on pearson vue site.
-
safernandez
Member Posts: 15 ■■□□□□□□□□
Dear! Greetings from Argentina. I want to consult the following: Can I take the PECB 27001 LA Online exam? Studying with Kate. Try to pay for the certification, but when applying, ask me for data that I do not have, such as:
Exam Number
Date Of Achievement
Exam Issuer
I dont understand the process, to access to the material and schudel the exam! Can you help me!?
Thanks!!!
-
SteveLavoie
Member Posts: 833 ■■■■■■■□□□
In Quebec, Kereon.com offer some ISO27001 training. Probably in french.
Also, there is on Pluralsight a few hour of training video.
