IT Governance (ITG), the one-stop shop for information security expertise, is launching a series of information security management system (ISMS) training courses for companies already compliant with the ISO27001 standard but needing to keep evolving their defences.

Alan Calder, Chief Executive of ITG, says: ‘Gaining ISO27001 certification is one thing, but what next? ISO27001 is a security management standard that rightly expects you to continually reassess your business, risk and compliance environment in line with ‘real world’ developments.

There is a lot of guidance on how to achieve ISO27001 certification, but very little guidance on the next steps. These courses fill that gap.

‘There is never a time for complacency in information security. The revolutionary wonders of ‘Web 2.0’ can rapidly turn into

‘Threat 2.0’. Any technological advance brings new security risks, as hackers immediately start finding ways to burrow in and exploit vulnerabilities. You need to be prepared.

‘These two-day classroom training courses address the constant threat posed by cyberattacks, providing expert guidance from overarching strategies to practical steps. The need to keep ISMS strategies under constant review has never been greater. The speed and degree of change in the modern business, compliance and security worlds is unprecedented, from new standards and threats to new technologies such as Google+ and Android phones. You can be sure cybercriminals will constantly be probing your defences. How do you monitor, measure and improve the effectiveness of your controls? By regularly attending these courses, you will be able to continue implementing best practice information security management, and demonstrating that fact to external auditors, despite the changing environment.’

‘The courses are designed for individuals whose role requires them to have a broad understanding of current trends in information security, and to be aware of new and emerging regulation and technical standards and evolving best practice in reviewing and improving an ISMS. The scope of training, therefore, makes the courses relevant to everyone from an information security manager or an IT auditor to a board director or chief information officer.

‘No two of the quarterly courses will be the same, as we will take into account new laws and regulations, threats and vulnerabilities, technologies, standards and certification requirements. Each course will therefore evolve from its predecessor. We want to take ISO27001 training to the next level and the best way to achieve this goal is to ensure training is up-to-date and comprehensive. These courses are the first of their kind and will allow organisations to maintain the best levels of protection.’