This three day intensive course enables the participants to develop the necessary expertise to support an organization in implementing corporate governance of Information Technology as specified in ISO/IEC 38500. Participants will also gain a thorough understanding of best practices used to implement guidance for Corporate Governance of IT from all areas of ISO 38500. ISO/ IEC 38500 applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization.

In this three-day intensive course participants develop the competence to master a model for implementing risk management processes throughout their organization using the ISO 31000:2009 standard as a reference framework. Based on practical exercises and case studies, participants acquire the necessary knowledge and skills to perform an optimal risk assessment and manage risks in time by being familiar with their life cycle. During this training, we will present the ISO 31000 general risk management standard, the process model it recommends, and how companies may use the standard, and its companion risk assessment tools document ISO 31010

In this five-day intensive course participants develop the competence to master a model for implementing an incident  management process throughout their organization using the ISO 27035 standard as a reference framework. Based on  practical exercises, participants acquire the necessary knowledge and skills to manage information security incidents in  time by being familiar with their life cycle. During this training, we will present the ISO 27035 information security incident  management standard, a process model for designing and developing an organizational incident management process,  and how companies may use the standard. This training is also fully compatible with ISO 27035 which supports ISO  27001 by providing guidance for incident management. The course material has also taken into consideration leading industry standards, such as NIST SP 800-61.

This five-day intensive course enables the participants to understand specific principles and concepts proposed by ISO/IEC 27034 for AS and understand how they can be implemented, step by step, to help organizations to develop, acquire, implement, use, and maintain trustworthy applications, according to their specific business context, at an acceptable cost. More specifically, the ISO/IEC 27034 framework proposes components and processes to provide verifiable evidences that an application have reached and maintained a targeted level of trust as specified by the organization.

The responsibility of a Certified ISO/IEC 27034 Application Security Lead Implementer is to assist organizations to put in place required 27034 framework elements and guide the organization to integrate Application Security Controls (ASC) seamlessly throughout the life cycle of their applications. AS applies not only to the software of an application but also to its other components and contributing factors that impact its security, such as its technological context, its regulatory  context, its business context, its specifications, the sensitivity of its data, and the processes and actors supporting its entire life cycle. This framework applies to all sizes and all types of organizations (e.g. not only to commercial enterprises, government agencies and non-profit organizations that are using applications, but also to large, medium and small
vendors that develop software, application and business services) exposed to security risks on information associated  with their applications.

This three-day intensive course enables the participants to develop the necessary expertise to support an organization in implementing, maintaining and managing an ongoing Information and Communications Technology Disaster Recovery plan according to ISO 24762:2008. Participants will also gain a thorough understanding of best practices described by this International Standard.

This five-day intensive course enables participants to develop the necessary expertise to support an organization in implementing and managing a Privacy Framework based on ISO 29100, the Generally Accepted Privacy principles and guidance from international information commissioners. Participants will gain a thorough understanding of how to design, build and lead organizations privacy programs covering business processes, ICT systems and services, through the use of best practices. The training provides a privacy framework which specifies a common privacy terminology, defines the actors and their roles in processing personally identifiable information (PII), describes privacy safeguarding considerations and provides references to known privacy principles for information technology. Based on this knowledge delegates will have the skills to build privacy frameworks that allow their organisation to maintain compliance to the many privacy directives and laws worldwide.