How to Learn About ISO 27001 and BS 25999-2

Thursday, December 09, 2010

Dejan Kosutic


Educating yourself is certainly one of the best ways to facilitate your ISO 27001 and BS 25999-2 implementation. As there are more and more types of courses available, I'll try to explain their benefits and the differences between them.

The first is the list of in-person courses - these courses are still prevalent, but steadily losing share in favour of online courses (explained at the end of this article).

ISO 27001 or BS 25999-2 Lead Auditor Course

This is the most popular course for either ISO 27001 or BS 25999-2 - it lasts 5 days, and finishes with a written exam. The exam is quite difficult, so one could consider that this is the top course for those two standards.

If you do pass the exam, you can become an auditor for a certification body, but that is not its main benefit - it is the most useful for professionals implementing the standards because it gives an excellent overview of the standards and provides in-depth explanations of what the certification auditors will ask for at the certification audit. Therefore, it is useful for both auditors and implementers.

The target audience for this course are professionals with moderate or significant experience in information security, business continuity, auditing or IT. You should choose only accredited courses (e.g. by IRCA

ISO 27001 or BS 25999-2 Lead Implementer Course

This course is somewhat similar to, but not so popular as ISO 27001 or BS 25999-2 Lead Auditor Course. The difference is that it focuses on implementation techniques rather than auditing techniques - therefore, if the certification is not your concern, you may find this course more suitable.

Here the target audience is similar - professionals with moderate or significant experience in information security, business continuity or IT.

ISO 27001 or BS 25999-2 Internal Auditor Course

This course is a "light" version of ISO 27001 or BS 25999-2 Lead Auditor Course - it usually lasts 2 or 3 days, could be with or without an exam, and the content is a condensed version of Lead Auditor Course.

The main difference is that with this course you cannot pursue a career as an auditor in a certification body; however, if you want to get a systematic introduction to the world of ISO 27001 or BS 25999-2 or you plan to be an internal auditor in your company, this course is the right choice for you.

The target audience are professionals with little or moderate experience in information security, business continuity or IT.

ISO 27001 or BS 25999-2 Foundation Course / Introduction Course

These courses usually last for one or two days - their purpose is not to teach you about auditing or implementation techniques, but to give you an overview of the requirements and implementation issues.

If you don't have a lot of time to spare and you want to know what you company will be experiencing during implementation, do think about one of these courses.

The target audience are members of the management, or professionals with no experience in information security or business continuity.

Other information security / business continuity courses

You may have heard of Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) - although I consider these courses very useful for your information security or business continuity career, they are not directly relevant to ISO 27001 or BS 25999-2.

Therefore, you should attend CISA, CISM and/or CISSP after you complete courses directly related to the two standards.

Online courses

In addition to the above mentioned in-person courses, online courses (either in the form of e-learning or live webinars) are becoming increasingly popular, partly because of the lower costs - no travelling expenses, no lost time away from office.

There are more and more vendors on the Internet, offering more and more quality content (including our Information Security & Business Continuity Academy) - you can find courses lasting from 1 hour (e.g. free webinars) to a few weeks (e.g. e-learning courses).

The main benefit of online courses is that you can receive more relevant knowledge in a shorter period of time and for less money, although the question of real effectiveness of such courses still remains unanswered.

But, regardless of which form or type of course you take, be sure about one thing - the return on investment will show very quickly.

Cross posted from ISO 27001 & BS 25999 blog -


*   *   *

Win a Platinum ISO 27001 and BS 25999 Package

Infosec Island is pleased to announce a special prize drawing specifically aimed at our member companies. The drawing winner will receive a Platinum ISO 27001 & BS 25999 Documentation and Service Package from the Information Security & Business Continuity Academy.

The prize package includes:

  • Platinum Package from Information Security & Business Continuity Academy. For this purpose, 6 months subscription will be included, worth US$3,594.00
  • ISO 27001 & BS 25999 Premium Documentation Toolkit worth US$849.00
  • details on eligibility and prize package HERE

To qualify for a chance to win this industry leading compliance package, companies must have a completed profile registered at Infosec Island, as well as at least one employee with a completed member profile, including profile picture (instructions HERE).

The drawing selection will be made from all eligible Island members employed by registered companies with completed profiles. The prize will be awarded to the company, along with kudos and acknowledgment for the lucky staff member chosen in the drawing.

The more registered members with completed profiles a company has, the greater their chance of winning this valuable ISO package - so encourage your coworkers and employees to take two minutes to complete their brief profile at Infosec Island today, and register your Company profile before the December 31, 2010 cutoff.

Possibly Related Articles:
Compliance Training Security Audits ISO 27001 Business Continuity BS 25999-2
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.