• (0)

    ISO 27001 & ISO 22301 Blog

    How to learn about ISO 27001 and BS 25999-2

    Training is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I’ll try to explain their benefits and the differences between them.

    The first is the list of in-person courses – these courses are still prevalent, but steadily losing share in favour of online courses (explained at the end of this article).

    ISO 27001 or BS 25999-2 Lead Auditor Course

    This is the most popular course for either ISO 27001 or BS 25999-2 – it lasts 5 days, and finishes with a written exam. The exam is quite difficult, so one could consider that this is the top course for those two standards. If you do pass the exam, you can become an auditor for a certification body, but that is not its main benefit – it is the most useful for professionals implementing the standards because it gives an excellent overview of the standards and provides in-depth explanations of what the certification auditors will ask for at the certification audit. Therefore, it is useful for both auditors and implementers.

    The target audience for this course are professionals with moderate or significant experience in information security, business continuity, auditing or IT. You should choose only accredited courses (e.g. by IRCA – www.irca.org).

    ISO 27001 or BS 25999-2 Lead Implementer Course

    This course is somewhat similar to, but not so popular as ISO 27001 or BS 25999-2 Lead Auditor Course. The difference is that it focuses on implementation techniques rather than auditing techniques – therefore, if the certification is not your concern, you may find this course more suitable.

    Here the target audience is similar – professionals with moderate or significant experience in information security, business continuity or IT.

    ISO 27001 or BS 25999-2 Internal Auditor Course

    This course is a “light” version of ISO 27001 or BS 25999-2 Lead Auditor Course – it usually lasts 2 or 3 days, could be with or without an exam, and the content is a condensed version of Lead Auditor Course. The main difference is that with this course you cannot pursue a career as an auditor in a certification body; however, if you want to get a systematic introduction to the world of ISO 27001 or BS 25999-2 or you plan to be an internal auditor in your company, this course is the right choice for you.

    The target audience are professionals with little or moderate experience in information security, business continuity or IT.

    ISO 27001 or BS 25999-2 Foundation Course / Introduction Course

    These courses usually last for one or two days – their purpose is not to teach you about auditing or implementation techniques, but to give you an overview of the requirements and implementation issues. If you don’t have a lot of time to spare and you want to know what you company will be experiencing during implementation, do think about one of these courses.

    The target audience are members of the management, or professionals with no experience in information security or business continuity.

    Other information security / business continuity courses

    You may have heard of Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) – although I consider these courses very useful for your information security or business continuity career, they are not directly relevant to ISO 27001 or BS 25999-2. Therefore, you should attend CISA, CISM and/or CISSP after you complete courses directly related to the two standards.

    Online courses

    In addition to the above mentioned in-person courses, online courses (either in the form of e-learning or live webinars) are becoming increasingly popular, partly because of the lower costs – no travelling expenses, no lost time away from office. There are more and more vendors on the Internet, offering more and more quality content (including our 27001Academy) – you can find courses lasting from 1 hour (e.g. free webinars) to a few weeks (e.g. e-learning courses).

    The main benefit of online courses is that you can receive more relevant knowledge in a shorter period of time and for less money, although the question of real effectiveness of such courses still remains unanswered.

    But, regardless of which form or type of course you take, be sure about one thing – the return on investment will show very quickly.

    Check out this free online training ISO 27001 Foundations Course that explains every step in ISO 27001 implementation.

    Advisera Dejan Kosutic
    Dejan Kosutic
    Dejan holds a number of certifications, including Certified Management Consultant, ISO 27001 Lead Auditor, ISO 9001 Lead Auditor, and Associate Business Continuity Professional. Dejan leads our team in managing several websites that specialize in supporting ISO and IT professionals in their understanding and successful implementation of top international standards. Dejan earned his MBA from Henley Management College, and has extensive experience in investment, insurance, and banking. He is renowned for his expertise in international standards for business continuity and information security – ISO 22301 & ISO 27001 – and for authoring several related web tutorials, documentation toolkits, and books.