The most trusted source for computer security training, certification and research.

select a course
Global Information Assurance Certification

SANS never fails to provide top level training that is worth every penny.
-Tyler Hudak, Yellow Roadway Tech

MANAGEMENT 411

SANS 27000 Implementation & Management

6 CPE Credits per day

The International Standards Organization (ISO) has recently revised what has become the de facto document for creating and maintaining a secure enterprise, today known as the ISO/IEC 27000 standard.

The strength of this document is derived from the meticulous attention to detail provided by the many contributing authors and organizations as well as the applicability of the standard to the realities of doing business today. The standard seeks to offer best practice guidance regarding all manner of security issues and can assist any organization that chooses to adopt it to develop a truly security minded corporate culture. Using our tested method for developing and applying controls using the ISO 27000 standard, you will learn to implement the guidance contained in ISO-27000 with step-by-step pragmatic examples to move quickly into compliance with the specification.

This track is designed for information security officers or other management professionals who are looking for a how-to guide for implementing ISO-27000 effectively and quickly. While the standard is very well written, anyone who has actually tried to shift to an ISO-27000 structured security organization knows that there can be some significant hurdles to overcome. This track will give you the information you need to go back to your organization with a plan of action to get the job done! This course has proven especially valuable for organizations whose 27000 implementation is currently "stuck in the mud" or is simply taking longer than management would like.

I have attended several of SANS rivals and SANS blew them away!
-Alton Thompson, US Marines

Author Statement

Anyone who has ever tried to implement ISO-27000 in their organization recognizes that it is an outstanding security standard, but that the initial creation of the Information Security Management System (ISMS) to build and maintain compliance can be a long and painful process. What we tried to do with this track is to take real world examples of what works and why it works to teach students how to apply the same methodologies within their own organizations. We also give the students a risk driven methodology to assist in deciding which controls to implement and how to implement them effectively. The end result is that after taking this track you will fully understand all aspects of the ISO 27000 family of standards and be in a position to create a world class ISMS with maximum efficiency and minimum effort!
- David Hoelzer

Training Events By Course