Self-education is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses, I will try to explain their advantages and the differences between them.
First is the list of face-to-face courses – these courses are still prevalent but are steadily losing ground in favor of online courses (explained at the end of this article).
ISO 27001 or BS 25999-2 lead auditor course
This is the most popular ISO 27001 or BS 25999-2 course – it lasts 5 days and ends with a written exam. The exam is quite difficult, so you might think that this is the best course for those two standards. If you pass the exam, you can become an auditor for a certification body, but that’s not the main benefit – it’s most useful for professionals implementing the standards, as it gives an excellent overview of the standards and provides detailed explanations of what the certification auditors do be required during the certification audit. Hence, it is useful for both reviewers and implementers.
The target audience for this course are professionals with moderate or significant experience in information security, business continuity, auditing or IT. You should only choose accredited courses (e.g. from IRCA).
ISO 27001 or BS 25999-2 Lead Implementer course
This course is similar to the ISO 27001 or BS 25999-2 lead auditor course but not as popular. The difference is that it focuses on implementation techniques rather than auditing techniques. So if you don’t care about certification, this course might be a better fit.
Here the target group is similar – professionals with medium or significant experience in information security, business continuity or IT.
Course for internal auditors according to ISO 27001 or BS 25999-2
This course is a “lightweight” version of the ISO 27001 or BS 25999-2 Lead Auditor course – it is typically 2 or 3 days long, can be with or without an exam and the content is a condensed version of the Lead Auditor course. The main difference is that this course does not allow you to pursue a career as an auditor in a certification body; However, if you would like to get a systematic introduction to the world of ISO 27001 or BS 25999-2 or plan to become an internal auditor in your company, this course is the right choice for you.
The target group are professionals with little or medium experience in information security, business continuity or IT.
ISO 27001 or BS 25999-2 Basic Course / Introductory Course
These courses typically last one to two days – their purpose is not to teach you auditing or implementation techniques, but to give you an overview of the requirements and implementation issues. If you’re short on time and want to know what your company will experience during implementation, consider one of these courses.
The target audience are members of management or professionals with no experience in information security or business continuity.
More information security/business continuity courses
You may have heard of Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) – although I think these courses are very useful for your information security or business continuity career it is not directly relevant to ISO 27001 or BS 25999-2. Therefore, you should attend CISA, CISM and/or CISSP after taking courses directly related to the two standards.
In addition to the classroom courses mentioned above, online courses (either in the form of e-learning or live webinars) are becoming increasingly popular, also because of the lower cost – no travel expenses, no downtime. There are more and more providers on the web offering more and more quality content (including our Information Security & Business Continuity academy ) – find courses from 1 hour (e.g. free webinars) to several weeks (e.g. e-learning courses).
The main advantage of online courses is that you can get more relevant knowledge in less time and for less money, although the question of the real effectiveness of such courses still remains unanswered.
But no matter what form or type of course you take, rest assured: the return on investment will show up very quickly.
Thanks to Dejan Kosutic | #Learn #ISO