The Computer Society of Kenya

Since 1986


Register for Virtual Information Security Management System implementation-Based on ISO/IEC 27001 :2013

Date: 23rd- 25th  September 2020 



q MSc. IT -UON, BSc. IT– JKUAT, Dip. Telkom Eng. –ICTP/ITU-Italy,

q Ph.D. Student JKUAT – Big data and Smart Cities


q ISO 27001:2013 Lead Implementor and Internal Auditor

q Lead Info Sec and IT Governance Consultant – Tact- Tech Solutions

q ISO Standards Committee Member – IT Security Techniques –KEBS

q Member CSK/Chairman ISACA Kenya Education Committee

q Over 10 years’ experience: Cyber Security and IT Governance

  1. 1.Course
    1. i)Introduce participants to the concept of Information Security management and Information Security Standards
    2. ii)Participants to understand requirements of ISO/IEC 27001 standard and how to implement them in their organizations
    3. iii)Participants to be able to develop the ISO/IEC 27001 Risk Assessment Process
    4. iv)Introduce participants to the selection/creation of Control Objectives & Controls
    5. v)To provide the participants with steps to certification
    6. 2.Target Groups
      1. i)Senior and Middle level Members
      2. ii)ICT professionals
      3. iii)Records management professionals
      4. iv)Security professionals
      5. v)Chief information officers
      6. vi)Information Scientists
      7. vii)Fraud detection and prevention workers
      8. viii)Information security consultants


  1. 3.Course duration

Three Days

  1. 4.Course content and structure
    1. 1.Information & Information Security
    2. 2.ISO/IEC 2700 Standards Family
    3. 3.Context of the organization
    4. 4.Leadership
    5. 5.Defining the Risk Assessment Approach
    6. 6.Identification & Valuation Assets
    7. 7.Determination of Risks
    8. 8.Information Security Risk Treatment
    9. 9.Preparing Statement of Applicability
    10. 10.Implement & operate of ISMS
    11. 11.Performance evaluation
    12. 12.Improvement
    13. 13.ISMS Certification

Reference Control Objectives and Controls.

Information security policies

  • Management direction for information security

Organization of information security

  • Internal organization
  • Mobile devices and teleworking

Human resource security

  • Prior to employment
  • During Employment
  • Termination and change of employment

Asset management

  • Responsibility of assets
  • Information classification
  • Media handling

Access control

  • Business requirements of access control
  • User access management

User responsibilities

  • System and application access control


  • Cryptographic controls

Physical and environmental security

  • Secure areas
  • Equipment
  • Operation security
  • Operational procedures and responsibilities

Protection from malware

  • Backup
  • Logging and monitoring
  • Control of operation software
  • Technical vulnerability management
  • Information systems audit considerations

Communications security

  • Network security management
  • Information transfer

System acquisition, development and maintenance

  • Security requirements of information systems
  • Security in development and support process
  • Test data

Supplier relationships

  • Information security in supplier relationships
  • Supplier service delivery management
  • Information security incident management
  • Management of information security incidents and improvements

Information security aspects of business continuity management

  • Information security continuity
  • Redundancies


  • Compliance with legal and contractual requirements
  • Information security reviews

Facilitation fee Ksh.10,000/= pp inclusive of Participation certificate and 60CPD points for CSK Members. Payment can be made via Mpesa to KCB Paybill No. 522522 Account No. 1108233287.

Register Below:-

Share this page
Computer Society of Kenya is proud to be affiliate member of: