Category: INFORMATION SECURITY MANAGEMENT

What is ISO 27799?

ISO 27799 provides guidelines for organizational information security standards and Information Security Management practices which include but are not limited to the selection, implementation and management of controls by taking into consideration the organization’s Information Security risk environments. This standard provides guidelines to support the implementation of information security controls in healthcare organizations based on ISO/IEC 27002.

By following the guidelines of this international standard, healthcare organizations will be able to maintain a level of security that is suitable to their conditions and will help to ensure the availability, integrity and confidentiality of their personal health information. Basically, ISO 27799 serves as a tool to protect personal health information.

Why is Information Security Management in Healthcare important for you?

ISO 27799 training is essential as it will provide you with the fundamental guidelines to protect personal health information. This training will enable you to acquire the necessary knowledge to ensure healthcare organizations that their personal information is protected according to an internationally recognized standard. The benefits of this standard are valid to all healthcare institutions regardless of their size, type, or complexity. Healthcare organizations have a technological infrastructure, as well as information systems and information assets that are very sensitive and prone to vulnerabilities. That being said, the ISO 27799 standard will help these organizations to securely manage the personal information that they process.

Benefits of ISO 27799 Information Security Management in Healthcare

QAQC ISO 27799 Certificate will prove that you have:

• Understood the implementation of Information Security Controls in healthcare organizations by adhering to the framework and principles of ISO 27799.
• Understood the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance and human behavior.
• Gained the necessary skills to support a healthcare organization in implementing and managing the ongoing Information Security controls based on ISO 27799.
• Increased the ability to perform periodic risk assessment in a healthcare organization.
• Increased the ability to help healthcare organizations to play an active and important role in the protection of personal health data of their patients.
• Gained the necessary knowledge to improve Information Security in healthcare organizations.

How do I get started with ISO 27799 Training?

Interested in expanding your knowledge and advancing your skills on Health Informatics? QAQC experts are here to ease the certification process and help you obtain QAQC Certified ISO 27799 credentials.

Contact us to start with the first step

QAQC Certified ISO 27799 training courses available

Learn more about the Information Security in the healthcare industry by attending the QAQC ISO 27799 training courses.

*The latest version of ISO 27799 training course is currently under development and will be available upon final release of the standard.

What are Risk Assessment Methods?

Understanding how to effectively assess risk may be a challenge for many industries. The risk assessment methods: OCTAVE, EBIOS, and MEHARI, will provide you with the sufficient knowledge on how to successfully identify and assess risk in your organization.

OCTAVE – Operationally Critical Threat, Asset, and Vulnerability Evaluation were developed by the Computer Emergency Response Team (CERT), and it was funded by the US Department of Defense. This risk assessment tool is used to help prepare organizations for security strategic assessments and planning for their information.

EBIOS – Expression des Besoins et Identification des Objectifs de Sécurité, was developed by the French Central Information Systems Security Division. The goal of this risk assessment tool is to assess and treat risks with an IS, which would result in assisting the management decision-making, and guide stakeholders to find a mutual set of discussions.

MEHARI – Methode Harmonisee d’Analyse de Risques, was developed by CLUSIF, a non-profit Information Security organization. The goal of this risk assessment tool is to mostly to provide guidelines for ISO/IEC 27005 Implementation and analyze scenario-based risks landscapes for short-long term security management.

Why are Risk Assessment Methods essential for you?

Our risk assessment methods training courses including the OCTAVE, EBIOS, and MEHARI methods, will provide you with the sufficient knowledge on how to successfully identify and assess risk in your organization. Risk Assessment Methods play a key role when it comes to protecting the business and its valuable assets. These methods will provide you with crucial guidelines on focusing on the risks that are more dangerous and that can have a huge financial and reputational damage for our business.

Benefits of Risk Assessment Methods

Being certified against Risk Assessment Methods helps you:

• To learn the concepts, methods, and practices allowing an effective risk management based on ISO 27005
• To put into practice the requirements of ISO 27001 on information security risk management
• To develop the skills needed to perform a risk assessment with the OCTAVE, EBIOS, and MEHARI techniques
• To obtain the ability to effectively guide organizations on the best practices in information security risk management
• To obtain the ability to effectively implement and manage an continuing information security risk management process

What is ISO/IEC 27005?

ISO/IEC 27005 provides guidelines for the establishment of a systematic approach to Information Security risk management which is necessary to identify organizational needs regarding information security requirements and to create an effective information security management system. Moreover, this international standard supports ISO/IEC 27001 concepts and is designed to assist an efficient implementation of information security based on a risk management approach.

Why is ISO/IEC 27005 essential for you?

Benefits of ISO/IEC 27005 Information Security Risk Management

• Gained the necessary skills to support an effective implementation of an information security risk management process in an organization.
• Acquired the expertise to responsibly manage an information security risk management process and ensure conformity with legal and regulatory requirements.
• The ability to manage an information security and risk management team.
• The ability to support an organization to align their ISMS objectives with ISRM process objectives.

What is ISO/IEC 27002?

ISO/IEC 27002 is an international standard that gives guidelines for the best Information Security management practices. These management practices will help your organizations to build confidence in their inter-organizational activities and implement a suitable set of controls, including policies, processes, organizational structures and software and hardware functions. This standard is a generic document used as a reference for selecting controls within the process of Information Security Management System implementation. ISO/IEC 27002 is intended to be used by all types of organizations, including public and private sectors, commercial and non-profit and any other organization which faces information security risks.

Why is ISO/IEC 27002 important for you?

ISO/IEC 27002 training is essential as it will provide you with the fundamental guidelines that will help you initiate, implement, maintain and improve Information Security Management in an organization. The controls that are listed in the standard are projected to help you identify and address the specific requirements in a formal risk assessment approach. ISO/IEC 27002 training will enable you to obtain the necessary knowledge to assure organizations that valuable information assets are protected with an international recognized standard. The benefits stated above, are valid to organizations to all levels of maturely security, and not only to large organizations.

Benefits of ISO/IEC 27002

PECB ISO/IEC 27002 Certificate will prove that you have:

• Understood the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002.
• Understood the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance and human behavior.
• Gained the necessary skills to support an organization in implementing and managing ongoing Information Security controls based on ISO/IEC 27002.
• The ability to perform periodic risk assessment in an organization.
• The ability to help organizations improve the Information Security posture.
• The ability to draft and implement cost optimization strategies.

What is ISO/IEC 27001?

ISO/IEC 27001 provides requirements for organizations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organization.

Why is Information Security important for you?

ISO/IEC 27001 assists you to understand the practical approaches that are involved in the implementation of an Information Security Management System that preserves the confidentiality, integrity, and availability of information by applying a risk management process. Therefore, implementation of an information security management system that complies with all requirements of ISO/IEC 27001 enables your organizations to assess and treat information security risks that they face.

Certified ISO/IEC 27001 individuals will prove that they possess the necessary expertise to support organizations implement information security policies and procedures tailored to the organization’s needs and promote continual improvement of the management system and organizations operations.

Moreover, you will be able to demonstrate that you have the necessary skills to support the process of integrating the information security management system into the organization’s processes and ensure that the intended outcomes are achieved.

Benefits of ISO/IEC 27001 Information Security Management

PECB ISO/IEC 27001 Certificate will prove that you have:

• Obtained the necessary expertise to support an organization to implement an Information Security Management System that complies with ISO/IEC 27001.
• Understood the Information Security Management System implementation process.
• Provide continual prevention and assessments of threats within your organization.
• Higher chances of being distinguished or hired in an Information Security career.
• Understood the risk management process, controls, and compliance obligations.
• Acquired the necessary expertise to manage a team to implement an ISMS.
• The ability to support organizations in the continual improvement process of their Information Security Management System.
• Gained the necessary skills to audit organization’s Information Security Management System.