Head-turning developments in information and communication technologies have brought up information protection and information protection issues. The first standard work on this subject was started in 1990 in accordance with the demands of some industrial organizations in the UK. In 1995 BS7799 standard was published. The International Standards Committee (ISO) then published the ISO 2000 standard in 17799 and the ISO 2005 standard in 27001. The Turkish Standards Institute (2006) published the ISO / IEC 27001 Information Security Management System standard.

Information security means that the information is accurate, explainable, denial and reliable. The purpose here is to preserve the privacy, integrity and availability of information.

Due to the width of the subject, the ISO 27000 standard family then expanded to:

  • ISO 27001 Information Technologies - Security Techniques - Information Security Management System - Requirements
  • ISO 27002 Information Technologies - Security Techniques - Information Security Management System - Application codes
  • ISO 27003 Information Technologies - Security Techniques - Information Security Management System - Adaptation, implementation guide
  • ISO 27004 Information Technologies - Security Techniques - Information Security Management System - Scales, reports standard
  • ISO 27005 Information Technologies - Security Techniques - Information Security Management System - Risk management standard
  • ISO 27006 Information Technologies - Security Techniques - Information Security Management System - Conditions for auditing and certification

Companies that establish and manage ISO 27001 standards can prove their status against third parties after securing their information assets in accordance with confidentiality, integrity and accessibility criteria and documenting this system if they wish.

Information Security Management System subject, TURCERT certification bodyis also a matter of importance and also provides consultancy and training services as well as certification studies. The TURCERT certification body Information Security Management System can be grouped as follows:

  • TS ISO / IEC 27001 Information Security Management System Basic Training
  • Information Security Management System Documentation Training
  • Information Security Management System Internal Audit Training
  • TS ISO / IEC 15504 Software Process Evaluation Training

TS ISO / IEC 27001 Information Security Management System Basic TrainingTo explain the basic concepts of information security, to interpret the basic principles of Risk Analysis and Information Security Management System standard and to contribute to the establishment of an effective Information Security Management System. This training program covers concepts of information and information security, terms, risk analysis, interpretation of 27001 standard clauses, security controls and measures to be taken, critical success factors, documentation, certification process and so on.

Information Security Management System Documentation TrainingInformation Security Policy and Information Security Objectives, which should be prepared together with the system organization, Information Security Manual, process documents required by the standard, applicability declaration, risk table, are given to show how to prepare all documents required by the firm to ensure the implementation and control of the processes. This training program covers Information Security Management System document structure, Information Security Handbook, processes, applicability declaration, risk table application instructions, forms, charts and so on.

After establishing the Company's Information Security Management System, it must be checked whether its activities are carried out in accordance with the requirements of this standard. Internal auditors undertake this audit. Information Security Management System Internal Audit TrainingThese are provided for the purpose of training these internal investigators. This training program covers the interpretation of ISO 27001 standard items as internal auditors, types of audits, benefits, audit, preparation of questionnaires, report writing at the end of audits, responsibilities of internal auditors and so on.

TS ISO / IEC 15504 Software Process Evaluation TrainingTo improve the software processes in accordance with the standard of software processes improvement and qualification determination, to determine the skill level of each process and to determine the level of maturity in the institutional sense. With this training, the participants are informed about the process dimension, qualification dimension, process calculation, process evaluation and similar subjects and sample works are carried out. This training program encompasses the introduction of the standard for the improvement of software processes and the qualification standard, the history of SPICE, process dimension, qualification dimension, process calculation, process evaluation and so on.