Information Security

Today, it is of strategic importance to create an environment of trust regarding the confidentiality, integrity and accessibility of information in organisations defined not only with their employees but also with their customers, business partners and shareholders. Ensuring information security is possible with the establishment of a sound security management system together with technological solutions. It is a standard prepared to establish an effective information security management system. The growing risks from IT security threats such as hacking, data loss, and breach of confidentiality is inevitable.

The Information Security Management System helps you to identify and improve the risks specific to your company. Risk assessments are required for ISMS. The results of the risk assessment are your action plans to reduce, prevent, transfer or accept risks. These action plans are optimized according to the nature and goals of your business.

The international information security management standard ISO / IEC 27001 broadly describes the technical specifications for the implementation of an ISMS.

• Personnel responsible for the implementation and management of the ISO / IEC 27001: 2013 information security management system,
• Information security consultants,
• Employees in IT departments,
• Employees in the field of computer technologies, management information systems, software systems and software development technologies.

• Information security management basic definitions and concepts,
• Information security standards and development of ISO / IEC 27001: 2013,
• Requirements of ISO / IEC 27001: 2013 ISMS standard,
• Document control, control of records, internal audit and continuous improvement in ISO / IEC 27001: 2013,
• History of Information Security,
• Determining the scope of the Information Security policy,
• Identification of information assets,
• Determining the value of information assets,
• Determination of risks and impacts,
• Defining control objectives and controls,
• Defining policies,
• Establishing policies, standards and procedures,
• Completion of ISMS certification requirements,
• The certification preparation process,

Purpose of this training; explain the documentation structure and the features that the documents in the ISO / IEC 27001 Information Security Management System standard and requirements. Participants in their own organizations; It aims to explain the principles of simple, understandable and effective document preparation.

• Personnel responsible for the implementation and management of the ISO / IEC 27001: 2013 information security management system,
• Information security consultants,
• Employees in IT departments,
• Employees in the field of computer technologies, management information systems and software development technologies.

• Information security management basic definitions and concepts,
• What are the differences between Procedure and Instruction and how to prepare,
• What are the document management and conditions?
• Required documents as per ISO / IEC 27001: 2013,
• What are the mandatory records as per ISO / IEC 27001: 2013 and how they should be kept,
• Documents recommended in accordance with ISO / IEC 27001: 2013,
• Determining the scope of the Information Security policy,
• Identification of information assets,
• Determining the value of information assets,
• Determination of risks and impacts,
• Defining control objectives and controls,
• The certification preparation process,

You can download the training brochure for detailed information.

The Information Security Management Systems or ISMS, standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation

Internal audit is one of the management tools required to examine and report the adequacy, suitability and effectiveness of the ISO / IEC 27001: 2013 Information Security Management System within the organization. It is also a requirement of the ISO / IEC 27001: 2013 standard.

For an effective Information Security Management, it is necessary to audit the organization systematically and transparently. ISO / IEC 27001: 2013 internal auditor training aims to provide participants with the following competencies;
To be able to examine the Information Security Management System of its organization and/or its supplier,
To be able to look as an auditor while doing his own work

Gaining the competence to improve the Information Security Management System

• Personnel who know the ISO / IEC 27001: 2013 standard,
• Managers who organize the audit processes,
• Persons given the responsibility to inspect an Information Security Management System,
• Existing auditors who wish to update their knowledge.

• Requirements of ISO / IEC 27001: 2013 Standard,
• Information Security Risk Management,
• Information Security Policy,
• ISMS procedures,
• ISMS documentation structure,
• Organizational Security, Asset Management, Human Resources Security,
• Physical and Environmental Security, Communication, Network and System security,
• Access Security, Information Systems Purchasing, Development and Maintenance
• Information Security Incident Management, Business Continuity Management,
• Examination training,
• Audit planning,
• Preparing an examination question list,
• Audit application principles,
• Audit reporting and follow-up,
• Auditor examination and evaluation,

The purpose of the training is to provide the participants with information about the establishment, implementation, maintenance and audit of the ISO / IEC 27001: 2013 Information Security Management System. This CPD certified ISO 27001:2013 Information Security Management Systems Lead Auditor Course provides basic training for potential ISMS Lead Auditors with the knowledge and skills to prepare, conduct, report and follow up 1st, 2nd and 3rd party ISMS audits.

• Those who want to manage Information Security Management System (ISMS) audits (2nd party or 3rd party) according to ISO / IEC 27001: 2013,
• Those who want to have information about effective examination practices,
• Current information security auditors who want to expand their audit skills,
• Those who want to provide consultancy on ISO / IEC 27001: 2013 ISMS Audits,
• Information security and quality management process owners.

• Terms and terminology used in § information security management and audits
• Information security management importance, purpose and objectives, scope
• Information security – the relationship between management and processes
• Information assets and protection
• Business continuity
• Communication on information security
• Confidentiality, integrity and accessibility
• Security threats
• Controls to be applied according to risk analysis and results
• ISO / IEC 27001: 2013 requirements
• Interpreting the previous study,
• The role of an auditor in the context of ISO 19011,
• Examination types,
• Laws and other requirements,
• Accreditation and certification,
• Benefits of accreditation,
• Those who have a role in audits and their responsibilities
• Auditor characteristics,
• Examination process,
• Audit scope and audit objectives,
• Selection of auditors and creating an audit team,
• Stage 1 and 2 examinations,
• Audit planning,
• Preparing a list of questions,
• Opening and Closing meeting,
• Conducting an audit interview,
• Determining nonconformity,
• Examination review,
• Recording and reporting nonconformity,
• Audit reporting,
• Follow-up audits and corrective actions
• Exam information and course review
• Exam

With the increasing threats of internal and external information security, organizations are increasingly recognizing the importance of applying their best controls to protect their information assets. By implementing and maintaining appropriate controls, organizations become less sensitive to information security breaches and financial and reputational damage they cause.

ISO/IEC 27002: 2013 is an international standard that provides guidelines for best Information Security management practices. These management practices will help your organizations to have confidence in their inter-organizational activities and implement a suitable set of control practices, including policies, processes, organizational structures, and software and hardware functions.

• Management System Auditors, Consultants and Trainers,
• Information Technology employees,
• Parties responsible for operating the ISO/IEC 27001: 2013 Information Security Management System standard to an organization,
• Personnel responsible for the implementation and management of the ISO/IEC 27001: 2013 information security management system,
• Information security consultants,
• Employees in IT departments,
• Employees in the field of computer technologies, management information systems, software systems and software development technologies.

• Implementation of Information Security controls by adhering to the ISO / IEC 27002: 2013 framework and principles,
• The relationship between the elements of Information Security controls such as responsibility, strategy, acquisition, performance, compliance and human behaviour,
• Gaining the necessary skills to support an organization in the implementation and management of Information Security audits based on ISO / IEC 27002: 2013,
• Performing periodic risk assessment in an organization,
• Developing the ability of organizations to help them improve their Information Security stance,
• Ability to design and implement cost optimization strategies

This standard establishes widely accepted control objectives, controls and guidelines for the implementation of measures to protect personally identifiable information (PII) in line with the privacy principles in ISO/IEC 29100 for the Cloud computing environment.

The protection of PII from both internal and external threats is a major concern for every organization, irrespective of size or market sector. Furthermore, if that PII information is held in the Cloud, information security risks can increase and the requirement to have effective and specific cloud security controls in place is critical.

This course is aimed at both cloud service providers and customers who are engaging with a cloud service provider.

The purpose of ISO/IEC 27018, when used in conjunction with the information security objectives and controls in ISO/IEC 27002, is to create a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a PII processor. The Standard does not replace applicable legislation and regulations, (e.g. EU GDPR, KVKK and HIPAA), but provides a common compliance framework for public cloud service providers, in particular those that operate in a multinational market.

• Personnel responsible for the implementation and management of the ISO/IEC 27001: 2013 information security management system,
• Information security consultants,
• Employees in IT departments,
• Employees in the field of computer technologies, management information systems, software systems and software development technologies

• Cloud and PII specific concepts
• What is the cloud and how does it relate to PII?
• Cloud deployment models
• ISO / IEC 27018: 2019 – Cloud industry-specific issues
• Standards and definitions
• Structure of the standard
• ISO / IEC 27001: 2013 framework
• ISO / IEC 27001: 2013 and controls
• Control categories
• Typical application approach
• Application framework
• Application of ISO / IEC 27018: 2019
• Duties and Responsibilities
• ISO / IEC 27002 controls with industry-specific guidance

The ISO/IEC 27701 standard was published in August 2019 and is the first international standard to deal with privacy information management. The standard will help organizations to establish, maintain and continuously develop a Privacy Information Management System (PIMS) by improving the existing ISMS based on the ISO/IEC 27001 requirements and the guidance of ISO/IEC 27002.

The exponential increase in the collection of personal information and the increase in data processing has led to privacy concerns. Therefore, implementing a Privacy Information Management System (PIMS) in line with ISO/IEC 27701 requirements and guidance will enable organizations to assess, treat and mitigate risks associated with the collection, maintenance and processing of personal information.

This standard is important for the person and organization responsible for Personally Identifiable Information (PII) because it provides requirements for the management and processing of data and protection of privacy. It enriches an already implemented ISMS to properly address privacy concerns by helping organizations understand the practical approaches involved in implementing effective management of PII.

ISO/IEC 27701 is designed to identify requirements and provide guidance for the establishment, implementation, maintenance and continual improvement of a PIMS as an extension of ISO / IEC 27001 and ISO / IEC 27002 for privacy management in the context of your organization. A PIMS framework will help you run and maintain processes for your organization while providing confidence to your stakeholders.

This one-day course will help you understand the principles of ISO/IEC 27701 and the changes needed to expand your ISMS. It will help you understand how the ISO/IEC 27701 requirements provide the foundations for an effective PIMS and provide guidance on how to PII controllers and/or PII processors.

You will learn about ISO/IEC 27701 common terms and definitions, as well as basic concepts and requirements.

• PII controllers and PII processors,
• Anyone interested in the planning, implementation and maintenance of ISO/IEC 27701 PIMS.

• ISO/IEC 27701 terms and alternative terms,
• Background and intended result of ISO/IEC 27701,
• Special requirements in ISO/IEC 27701,
• Basic concepts and structure of ISO/IEC 27701,
• Understanding how to improve your PII process
• Determining the PIMS activity of an organization by application,
• PIMS specific requirements for ISO 27002,
• Security in supplier contracts,
• Contracts with Personal Data Processors,
• Data subject access request (SAR) flow chart,
• Privacy Impact Assessment (PIA),
• Understanding how the standard matches the privacy framework and principles of other ISO / IEC standards (such as 29100, 27018 and 29151) and the EU General Data Protection Regulation (GDPR),

ISO/IEC 27701: 2019 sets requirements and provides guidance for the implementation of a privacy information management system (PIMS) in the context of your organization, in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management.

By attending our two-day course, you will understand how to apply ISO/IEC 27701: 2019 principles and the changes needed to expand your ISMS. It will help you understand how the requirements of the standard provide the foundations for an effective PIMS and provide guidance for personally identifiable information (PII) controllers and/or PII processing processors.

You will learn how to apply the core concepts and requirements as well as the common terms and definitions of ISO/IEC 27701: 2019.

• Managers and consultants participating in privacy and data management,
• Responsible persons for Personally Identifiable Information (PII) in organizations,
• Persons responsible for ensuring compliance with data privacy policies and legal requirements, § PIMS team members

• Basic requirements and guidance of ISO/IEC 27701 from § both the PII controller and the processor application perspective,
• Identifying the benefits of an ISO/IEC 27701 PIMS implementation organization,
• Performing a gap analysis of compliance with ISO/IEC 27701 requirements,
• Implementing the basic requirements and guidance of  ISO/IEC 27701,
• General project management process and connection with PDCA,

ISO/IEC 27701: 2019 is designed to help organizations better understand, manage and reduce their risks around personal information. ISO/IEC 27701: 2019 is designed to identify requirements and provide guidance for the creation, implementation, maintenance and continual improvement of a PIMS in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management in the context of your organization.

By participating in this one-day training, you will understand why measuring and analyzing framework implementation is so important and what areas internal audit should focus on to ensure its effectiveness.

This training will provide enough knowledge in auditing your implementation of ISO/IEC 27701: 2019 to enable you and your organization to understand, detect, correct and monitor the effectiveness of the framework. There will be a series of practical exercises and class discussions to improve your internal audit skills.

• Managers and consultants participating in privacy and data management,
• Responsible persons for Personally Identifiable Information (PII) in organizations,
• Persons responsible for ensuring compliance with data privacy policies and legal requirements, § PIMS team members

• Conducting audit activities
• Creation of audit findings,
• Actions addressing risks and opportunities,
• Awareness – PIMS and privacy,
• Risk assessment and treatment,
• What is the PIMS auditor looking for?
• Requirements and laws,
• Examination training,
• Audit planning,
• Preparing an examination question list,
• Inspection application principles,
• Audit reporting and follow-up,
• Auditor examination and evaluation

White hat hacker training is an advanced level of information security training. Unlike theoretical security training, it has been prepared with the philosophy of “Security cannot be provided without knowing the attack methods” by exemplifying the methods of malicious attackers. Unlike malicious attackers; Individuals with white hat hacker skills aim to simulate the attacks that organizations may experience in advance and use their knowledge and competencies in beneficial matters. In this training, attack techniques and methods used by attackers are examined. The aim of the White Hat Hacker Training is to enable the participants to specialize in Information Security and to train experts (Pentesters) who can make Security Tests.