Description of the COBIT 5 based Information Security Management Course

Corporate governance, cloud computing, outsourcing, mobile computing and privacy legislation all require that effective information security be implemented and administered. A COBIT 5 based information security management system (ISMS) will ensure that the information security strategy and its implementation are aligned with business needs and strategic objectives, an integrated approached to information security is adopted and capability is built in a sustainable manner.

This seminar will help participants understand how the COBIT 5 framework is used as a foundation to information security management in line with ISO 27001 and other sources of best practices.


Participants will learn how to implement an information security management system and on completion of this seminar they will be able to:

  • Demonstrate an understanding of the COBT 5 and ISO 27001 specifications for Information Security Management
  • Communicate the requirements for compliance with COBIT 5 and ISO 27001
  • Plan, design and implement an information security management system
  • Use COBIT 5 processes as a foundation for information security management
  • Build capability in information security across the organisation
  • Assess the extent to which an organization adheres to the ISO 27001 specification and COBIT 5 for Information Security.


Participants will learn through discussion and practical examples about:

  • Overview of the ISO/IEC 27001 specification
  • Overview of COBIT 5 for Information Security
  • The scope and purpose of an information security management system
  • Defining an ISMS policy and framework for setting objectives, regulatory compliance and risk management
  • Understanding an organization’s information security requirements
  • Developing and implementing an information security management system
  • Recognising current capability in information security
  • Adopting a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's ISMS
  • Using the "Plan-Do-Check-Act" (PDCA) model to structure and manage all ISMS processes
  • Implementing and operating controls to manage an organization's information security risks in the context of the organization’s overall business risks
  • Monitor and review the performance and effectiveness of the ISMS
  • Continual improvement based on objective measurement.