TRAINING PROGRAMME



Certified Information Security Management System Auditor (CISMSA)

This course explores the objectives of ISMS Audit and explains the roles and responsibilities of an Auditor to ensure the effectiveness of controls; and improvement of the management system in ISO/IEC 27001:2013.

This course is designed to develop practical skills and knowledge to conduct audits and improve the implementation of information management system in accordance of ISO/IEC 27001:2013.

 

  1. Information Security practitioner
  2. Auditors of any discipline
  3. ISMS Developers and Management

Module 1: Introduction

  1. Audit Origins
  2. ISO/IEC 27001:2013 – 9.2: Internal Audit
Module 2: Control Objectives & Control

Group Activity 1: Control Objectives & Control
  1. Assignment
  2. In-group discussion
  3. Groups presentation
Module 3: Audit Cycle
  1. Plan
  2. Execute
  3. Report
  4. Follow-up
Module 4: Audit Cycle (Plan)
  1. ISMS Audit Programme
  2. ISMS Audit Parameters
  3. Resources
  4. Audit Plan
Group Activity 2: Audit Plan
  1. Assignment
  2. In-group discussion
  3. Groups presentations
Module 5: Audit Cycle: Execute
  1. Opening Meeting
  2. Conduct the Audit
  3. Audit Findings
  4. Closing Meetings
Group Activity 3 (a): Nonconformity Statement
  1. Assignment
  2. In-group discussions
  3. Groups presentations
  4. Closing Meetings
Group Activity 3 (b): Conduct the Audit Role-play
  1. Assignment
  2. In-groups discussions
  3. Groups presentations
Module 6: Audit Cycle: Follow-up
  1. Conducting Audit Follow-up
Module 7: ISMS Certification
  1. Certification Process
  2. Engagement with Certification Body
  3. Preparation for Certification Audit
    • 'To Do' Lists

En. Abd Rouf Bin Mohammed Sayuti
Head of Department, Corporate Audit, Governance & Integrity
CyberSecurity Malaysia

Abd Rouf is a profound internal auditor and trainer based in CyberSecurity Malaysia. He is CyberSecurity Malaysia’s head of Internal Audit Department – a position that he holds since 2007. As the internal audit chief, he is responsible for the provision of independent and objective assurance to CyberSecurity Malaysia’s Board of Directors and Management on effective internal control systems and risk management activities. Additionally, he is responsible for advisory services on quality assurance for certification and accreditation audits, as well as advisory and consultation for operational and fund audits.

Abd Rouf graduated from Western Michigan University, USA with degree of Bachelor of Business Administration (Finance), and Universiti Teknologi MARA with diploma in Business Studies. He holds the certificates of ISMS Lead Auditor (BS ISO/IEC 27001:2005), Quality Management Systems Auditor (ISO/IEC 9001:1994), and Chartered Member of the Institute of Internal Auditors Malaysia (CMIIA). Prior to joining CyberSecurity Malaysia in 2007, Abd Rouf held a variety of internal audit management and staff positions in Malaysia’s leading ICT Solutions Provider that is listed on the main board of the Bursa Malaysia. In CyberSecurity Malaysia, he has lead and conducted operational audits, as well as certification/accreditation audits namely MS ISO/IEC 27001 (ISMS), MS ISO/IEC 17025, MS ISO/IEC 27006, ISO/IEC 17021, ASCLD/LAB-International and Common Criteria Recognition Arrangement (CCRA) on annual basis for a wide variety of internal and external clients such as CyberSecurity Malaysia’s Security Management & Best Practices Department, Digital Forensics Lab, MySEF Lab, Information Security Certification Body (ISCB), and a renowned financial services organisation in Malaysia.

Abd Rouf’s extensive experience, skills and knowledge in internal audit has brought him to conduct many internal audit training programs for management and non-management staffs from Government entities to various business industries.

The CISMSA examination is certified by the Global ACE Certification. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that are necessary for an Information Security Awareness Manager. Candidates will be tested via a combination of either continual assessment (CA), multiple choice (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating member countries. Candidates who have successfully passed the CISMSA examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Certification.

Click here to register for certified examination

 

  • 3 - 5 August 2021
  • 26 - 28 October 2021

Training Fee: MYR3,780.00
Exam Fee: MYR1,255.80

(subject to 6% SST)

Please click here to register


Contact us to request for a quotation

18 CPD Point

Please submit the Certificate of Completion to Global ACE Certification at www.globalace.org