ISO27001 Certification Guide

What is an information security management system?

Information security management is a bundle of processes that companies implement in order to manage the way the select and deploy information security measures. There might be a number of smart security measures everybody should implement, like malware protection or patch management, but not all your applications and systems are alike. In order to understand what you might want to do and what you absolutely have to do, you should think about having a managed and systematic approach to information security: an information security management system (ISMS).

What is the ISO27001:2013 standard?

The ISO 27001:2013 standard is one of several standards within the 27000 family of standards aimed at describing information security management systems. These standards cover the different aspects of information security management systems, e.g. risk management, auditing, governance, cyber security and so on. The reason the ISO 27001:2013 is mentioned most often in conversation and is used as synonym for information security management systems is, that certifications are based on the ISO 27001:2013, since it is the document containing the requirements rather than the implementation.

That is a huge difference and an important fact to understand, if you are interested in establishing an information security management system according to the standards. The requirements in the ISO 27001:2013 need to be addressed, if you want to gain a certification. But you do not need to implement all best practice measures detailed in the other standards. Consider them guidance first and foremost. That doesn't mean that auditors will not look into these documents in order to assess the quality of your activities. They might even ask you why you did not implement a certain measure. But they cannot tell you what the best measure based on your individual needs is.

What do I need to be aware of when looking at certifications?

When you assess a service provider, you therefor have to keep the following questions in mind:

• What is the certification for? Certifications are issued for specific processes, like 'deployment of applications', 'management of customer environments' and so on. Maybe the certification isn't even for the service you want to purchase.
• How does the certified body deal with risks? The assessment of possible measures is most likely not based on your risks, but rather on the servicers assumption what they might be. They also might have identified a certain risk and have accepted it in writing, which would be compliant with the ISO standard. Are you sure, your needs are being met?

While of course there is a lot of money to be made with certifications and while there might be good reasons to gain certification, certification isn't necessarily the right thing to do for everybody. I strongly suggest that everybody looks at the certification as an investment. Think of the initial costs needed to be prepared for the certification. Think about the additional cost you need to gain the certification. Think about the ongoing costs you need to uphold the certification. Looking into international standards for security management is still a good idea, even if you do not want to be certified in the near future.

Are you interested in gaining insights into ISO27001:2013 certifications and requirements? I have been working as an auditor and a consultant for many years now and feel, that there is not a lot of information freely available on the internet. I try to change that.

Agile Training Courses and Certifications

What does your job involve? Is it centered on project management or do you mainly work on software development?

If you said a 'yes' in any one of the above questions, then you have every reason to consider going for Agile Certification. Becoming an Agile certified practitioner puts you among the top most levels in the IT field. Cruising your way up the career ladder can feel almost like you are on a fast spaceship when you hold a certification in Agile.

It is not only professionals in the IT field who may benefit from having some training on Agile methodologies. Today, Agile programs have been tailored to suit practically everyone involved in business operations of some kind be it marketing or simply product management. For instance, the Certified Scrum Product Owner (CSPO) is a certification that is not necessarily focused on IT professionals alone.

Improving team performance and general productivity can be easily attainable by professionals who have gone for Agile training. Here are some more details to answer any questions you may have about Agile.

1. What is Agile?

Agile refers to training of unique approaches and methodologies towards effective software development and project management. Agile methods are based on creating collaborative, cross-fuctional and self-organized teams or workgroups. Agile tactics are designed to lead to greater team performance and advanced efficiency. These methodologies are focused on producing better results than those expected when using conventional techniques. More importantly, training in Agile helps organizations to most speedily respond to the changing needs of their customers, reduce business risks, mitigate uncertainty often caused by varying market forces and raise business ROI by dwelling more on customer value.

2. What are the main types of Agile Methodologies?

The methodologies taught in Agile courses vary to a great extent. Each methodology explains a different way of handling software development and general project management. When undergoing training in Agile, you will find that what one training course focuses on may be completely different from what another emphasizes. This is due to the different methodologies and approaches of Agile. There are mainly six Agile methodologies namely Scrum, DSDM, XP, Lean, TDD and Kanban. Agile certifications will always vary depending on the methodology one chooses to go for.

3. What is the Difference between ScrumMaster and PMI-ACP Certifications?

ScrumMaster will mainly test your knowledge of Scrum, which is so far the most popular framework of Agile. However, for professionals who are looking to diversify their skills and prove that they have extensive Agile knowledge and skills to prospective employers, PMI-ACP certification is the best. The good thing with PMI tests is that they test a person's knowledge on most of the other methodologies other than Scrum. So expect to be tested on Lean, Kanban, DSDM and XP among the others. PMI-ACP tests will also require you to have attained a specific number of hours (usually 2000) handling real projects. Therefore, unlike ScrumMaster, it's not only your knowledge that is tested through passing the exam but your Agile skills as well; which is why its mandatory you attain the given project experience hours.

4. What is taught in an Agile course?

Teaching of Agile methodologies is increasingly becoming important in the IT field due to the essential knowledge imparted and the crucial skills taught. One of the vital things teams are taught is how to quickly adapt to changes in the market and what to do in order to influence rapid customer adaptability. Teams are further taught effective ways to mitigate risks during the early product life-cycle stages. Also, Agile methodologies teach teams how to incorporate their customers into the software or product development process, encouraging customer feedback and constructive criticism. Eventually, teams learn how to discover the requirements and needs of their customers through the feedback system they are trained to use in every product development work.

5. What are the Eligibility Requirements for Agile PMI Certification?

To be considered eligible for the Agile PMI-ACP certification, one has to fulfill the following requirements.

• Pass an examination testing knowledge of Agile fundamentals.
• Have general project experience through working for at least 2000 hours on project teams in the last 5 years.
• Have Agile project experience by working for at least 1500 hours on Agile project teams in the last 3 years.
• Must have completed up to 21 training hours in Agile practices.

6. How to Pass Agile Exams?

Finding a good Agile exam prep book is the best way to pass your exams. As you are searching for the best Agile exam prep book, keep in mind that just going for any Q&A book is ill-advised. There is nothing wrong with knowing the type of questions you are likely to face in an Agile exam. Nonetheless, simply looking at the questions and cramming the answers will not be of any help to you in the long run. Look for a prep book that provides clear explanations of Agile ideas and concepts on top of just listing possible exam questions.

7. Which Agile course/certification is best for Me?

This is a very common question by people who are willing to learn Agile. First thing you want to do is understand the type of training that you really need. For example, do you want to learn a particular thing or are you more interested in getting an overview of Agile methodologies? Another question that could help you figure out what type of training in Agile benefits your organization is asking yourself who is supposed to receive the training in the first place? Is it major decisions makers in your company or the teams effecting operations? When you clearly have answers to these questions and pass them on to qualified Agile trainers, a good trainer will help you understand the best Agile course and training for your organization.

Logitrain is an Australian IT Institution offering many agile training courses. Logitrain is providing agile essentials and agile essentials + foundation training course.