Buku Jurus Sukses Sertifikasi ISO 27001 oleh Andi Rafiandi & Hadi Cahyono

Judul Buku : Jurus Sukses Sertifikasi ISO 27001

Penulis : Andi Rafiandi & M. Hadi Cahyono

Penerbit : Andita Publishing

Tahun : 2010

ISBN : 978-602-96438-0-0

ISO 27001:2005 adalah standar pengamanan informasi internasional yang secara resmi dipublikasikan pada tahun 2005. Dengan mengimplementasikan ISO 27001:2005 ini secara optimal, akan memberikan kontribusi bagi keberhasilan pelaksanaan proses bisnis perusahaan secara keseluruhan sehingga visi dan misi perusahaan dapat tercapai.

Buku yang memberikan panduan step by step dalam implementasi ISO 27001:2005 ditinjau dari kacamata manajemen ini, juga menerangkan tentang apa yang harus dilakukan oleh seorang security expert untuk mengamankan informasi di perusahaan. Oleh sebab itu, bagi Perusahaan yang ingin membuat program keamanan informasi atau meningkatkan program yang sudah ada, buku ini sangat tepat digunakan sebagai panduan berdasarkan “international best practice”. Tentu saja buku ini akan sangat membantu anda dalam mendapatkan sertifikasi ISO 27001 bagi perusahaan anda.

Dengan gaya penulisan yang lugas dan mudah dicerna bahkan oleh orang yang awam dalam dunia IT Security sekalipun, buku ini memberikan apa yang dibutuhkan perusahaan dalam pengimplementasian ISO 27001:2005 dan sukses mendapatkan sertifikasinya. Pengalaman “hands on experience” penulis yang terjun langsung dalam pengimplementasian ISO 27001:2005 selama beberapa tahun di beberapa perusahaan terkemuka di Indonesia, membantu dalam memberikan gambaran penuh dan lebih detail yang dilengkapi dengan tips-tips dalam pengamanan informasi.

Bagi anda yang ingin membeli buku ini dapat mengirimkan email ke lemtiui at ie.ui.ac.id
Akhir kata selamat membaca buku ini.

http://www.lemtiui.com

http://lemtiui.multiply.com

http://lemtiui.blogspot.com

http://arafiandi.multiply.com

http://arafiandi.wordpress.com

http://arafiandi.blogspot.com

ISO 38500 is the leading standard on how organisations direct and control their use of IT for strategic advantage and operational stability. It encourages organizations to use appropriate standards to underpin their governance of IT.
This course is an introduction for anyone involved in the development, implementation and management of an information technology standard based on ISO 38500. It will be able to explain why ISO 38500 is an essential element of an overall strategy for effective governance.

Learning Objective

• Understanding of ISO 38500 Standard
• Understanding of the principles for good corporate governance of IT
• Understanding of the ISO 38500 objective as a guidance to those involved in designing and implementing the management system of those policies and processes that support governance.

Course Details

Day 1: Introduction to the standard for corporate governance of information technology based on ISO 38500

• Overview of Corporate Governance
• ISO 38500 (Scope, Application and Objective)
• IT Governance concepts and practices
• Framework for Good Corporate Governance of IT
• Guidance For The Corporate Governance of IT

Day 2: Implementing ISO 38500 in correlation with others IT governance standards

• Review from day 1
• Other Correlated Process Models
• Planning and scoping the IT Governance initiative
• Building governance processes using ISO 38500
• ISO 38500 to deliver value to the stakeholders
• Case Studies

Information

Samiha

Phone : 021-91307746 / 021-97605726

Email : lemtiui@ie.ui.ac.id

Website : www.lemtiui.com

ISO/IEC 20000 is the first worldwide standard specifically aimed at IT Service Management. It describes an integrated set of management processes for the effective delivery of services to the business and its customers. ISO/IEC 20000 helps organizations benchmark how they deliver managed services, measure service levels and assess their performance. ISO 20000, which has two parts both with the general title Information technology – Service management, enables IT service providers to identify how to enhance the quality of service they deliver to their customers, both internal and external.
This 3 days training, provides the audiences with all aspects of ISO 20000 standard and its related process. This training also provides students with a comprehensive understanding of ISO 20000, the international standard for IT Service Management.

Learning Objective

• Explain the purpose and intent of the ISO 20000 standards
• Describe the requirements of ISO 20000
• Explain the relationship between the clauses of ISO 20000.
• Understand the IT Service Management cycles
• Understand the purpose and requirements of ISO 20000 as a tool for the continual improvement of the service management.

Course Details

Day 1: Introduction to the management of an IT services based on ISO 20000

• Overview of the ISO20000 Service Management standard
• Scope and applicability
• Requirements for a management system
• Planning and implementing ITSM (PDCA)

Day 2: Launching and implementing ISO 20000 standard

• Service delivery processes:
• Service Level Management
• Service Reporting
• Capacity Management
• Service Continuity and Availability Management
• Budgeting and accounting for IT Services
• Information Security Management
• Release Process
• Resolution Process (Incident and problem management)

Day 3: Launching and implementing ISO 20000 standard (Contd’)

• Relationship Process (Business Relationship and Supplier Management)
• Control Process (Configuration and Change Management)
• Alignment of ITIL and ISO 20000 standard
• Implementing a documentation management framework
• Case study

Information

Samiha

Phone : 021-91307746 / 021-97605726

Email : lemtiui@ie.ui.ac.id

Website : www.lemtiui.com

Increasingly, enterprises today rely upon IT for the delivery of business-critical services – often direct to the end consumer. Therefore, it is vital to adopt the most efficient and effective approach to the management of IT Services. In many cases, it is not only necessary to deploy best practice solutions, but also be able to prove this.
This program is ideal for those new to ISO 20000 (IT Service Management) and for awareness campaigns during its implementation. It is an introduction, accurate and exciting program based on real-world examples that explores IT Service Management and its contribution to demonstrable IT service value. Attendees are introduced to ITSM process objectives, activities, and relationships.

Learning Objective

• Explain the purpose and intent of the ISO 20000 standards
• Describe the requirements of ISO 20000
• Explain the relationship between the clauses of ISO 20000.
• Understand the IT Service Management cycles
• Understand the purpose and requirements of ISO 20000 as a tool for the continual improvement of the service management.

Course Details

Day 1: Introduction to the IT Service Management based on ISO 20000 Standard

• Introduction to the IT Service Management (ITSM) principles and focuses
• Relationship between ITIL, ITSM, ISO 27001 and COBIT
• Business service management fundamental
• Overview the ISO 20000 standards
• Overview service delivery processes

Day 2: Planning and Implementing ISO 20000 Standard

• Review of day 1
• Implementation stage of an ISO 20000 framework (planning relationship, process relationship, resolution process, control, and release process)
• Introduction to the domains and control measures of ISO 20000
• Implementing a documentation management framework
• Achieving Operational Excellence

Information

Samiha

Phone : 021-91307746 / 021-97605726

Email : lemtiui@ie.ui.ac.id

Website : www.lemtiui.com

This five-day intensive course enables the participants to develop an expertise to support an organization in implementing and managing an Information Security Management System as specified in ISO 27001:2005: risk management principles, risk management plan, implementation, surveillance, re-examination and operation of an ISMS, continuous improvement of information security, management’s commitment, follow-up and review as well as an introduction to ISO 27001 audit certification.
In addition, the participant will be able to become proficient in the best practices in the implementation of information security control measures based on the eleven (11) ISO 27002 security domains that is: security policy, organization of information security, asset management, physical and environmental security, communications and operations management, information systems acquisition, development and maintenance, information security incident management, etc

Learning Objective

• Understanding the application of an information security management system in the ISO 2701:2005 context.
• Understanding the relationship between the information security management system, including the management of risks and controls, and the various stakeholders.
• Acquiring the expertise to support an organization in implementing, managing and maintaining an ISMS as specified ISO 27001
• Acquiring the personal skills and knowledge necessary to advise an organization on the best practices in information security management

Course Details

Day 1 : Introduction to the management of an Information Security Management Sys tem based on ISO 27001 and launching of an ISMS
• Introduction to management systems and the process approach & information security
• Introduction to ISO 27001 family standards
• Implementation of the governance framework: information security roles and responsibilities, ISMS policies, etc.

Day 2 : Planning an ISMS based on ISO 27001
• Risk management : risk identification, risk analysis and risk treatment
• Drafting the statement of applicability
• Implementing a documentation management framework
• Designing performance indicators of control measures (metrics and operating reports).

Day 3 : Launching and implementing an ISMS based on ISO 27002
• Implementing security controls in organization

Day 4: Launching and implementing an ISMS based on ISO 27002
• Implementing security controls in organization (continue)

Day 5: ISO 27001 certification audit
• Implementing security controls in organization (continue)
• Continuous improvement
• Preparation ISMS internal audit and ISO 27001 certification audit
• Simulation and Case Study

Information

Samiha

Phone : 021-91307746 / 021-97605726

Email : lemtiui@ie.ui.ac.id

Website : www.lemtiui.com

This course will enables participants to learn the stages needed to implement a management system as specified in ISO 27001:2005 and take part in the implementation: risk management (based on ISO 27005), risk management plan, implementation, sur- veillance, re-examination and operation of an ISMS, continuous improvement of infor- mation security, management’s commitment, follow-up and review as well as an introduction to ISO 27001 audit certification. In addition, the participant will be able to master the best practices in the implementation of information security control measures based on the eleven (11) ISO 27002 domains that is: security policy, organization of information security, asset management, communications and operations management, access control, information systems acquisition, information security incident management, business continuity management and compliance.

Learning Objective

• Understanding the application of the information security management system in the ISO 27001:2005 context.
• Understanding the relationship between the information security management system, including the management of risks and controls, and the various stakeholders.
• Acquiring the competence to support an organization in implementing, managing and maintaining an ISMS as specified ISO 27001
• Acquiring the personal skills and knowledge necessary to advise an organization on the best practices in information security management

Course Details

Day 1 : Introduction to the management of an Information Security Management System based on ISO 27001 and launching of an ISMS

• Introduction to management systems and the process approach
• Fundamental principles in information security
• Introduction to ISO 27001 and ISO 27002 standards
• Plan-Do-Check-Act approach

Day 2 : Launching and implementing an ISMS based on ISO 27001

• Risk management : risk identification, risk analysis and risk treatment
• Drafting the statement of applicability
• Implementing a documentation management framework
• Gap Analysis concept

Day 3 : Controlling and monitoring an ISMS based on ISO 27001

• Designing performance indicators of control measures (metrics and operating reports)
• Implementing security control measures and monitoring
• Implementing security controls in organization
• Case Studies & Simulations

Information

Samiha

Phone : 021-91307746 / 021-97605726

Email : lemtiui@ie.ui.ac.id

Website : www.lemtiui.com