A practical approach to implementing an ISMS according to ISO 27001

The training on implementing and maintaining an Information Security Management System (ISMS) based on the requirements of the ISO 27001 standard is addressed to board members, management, information security management department staff, internal auditors, and all those interested in ISMS within the organization.

The training will be conducted in Polish.

It is possible to organize the training in English.

• Achieving the right training outcomes is possible by selecting the appropriate topics and methods tailored to the specific needs of participants and the issues addressed in the training. Below are the methods and techniques we use:
• LECTURE
• We provide knowledge to participants based on dedicated teaching materials, such as a multimedia presentation. This is the foundational part of the training, during which we introduce the topic, discuss key concepts, and describe roles, processes, procedures, etc.
• PRACTICAL EXAMPLES
• As practitioners, we base the training program on real-life events presented to address specific issues. We help participants independently come to conclusions or solutions. Our training is highly focused on practical experience and skill development.
• DISCUSSION
• Participants express their opinions and exchange experiences. A well-structured discussion topic, by clashing at least two arguments, typically generates strong emotional involvement. Discussion helps in developing a joint solution or preparing arguments regarding a specific issue.
• BRAINSTORMING
• In a short time, we generate many ideas and solutions for specific problems and situations. We engage participants, encouraging them to think and develop their creativity.
• EXERCISES
• Practical tasks related to the training subject, such as creating a process, conducting a case study, etc. These effectively complement the lecture and practical examples.
• TESTS
• We assess the participant’s knowledge and skills level. We identify competency gaps and appropriately plan the educational process to enhance the participant’s abilities. Depending on the training type, this may involve various tools such as knowledge tests and performance evaluations.
• SIMULATIONS
• These provide an excellent sample of reality, where participants actively engage and experience the consequences of their actions.
• SUMMARY
• After completing each topic, we summarize the discussed material. This activity, carried out by the trainer, allows for a review of the most important aspects related to the topic and gives participants the opportunity to verify their understanding.

Jacek Knopik/Iwona Kapela/Marcin Kowalczyk

Marcin Kowalczyk
Graduate of the Faculty of Computer Science and Electronic Economy at the Poznań University of Economics. Certified ITIL Expert. During his long-term cooperation with PBSG, he provided consulting, analytical, and training services in the implementation, improvement, and optimization of IT service management systems based on the most popular international standards. Expert in IT service management, information security, business continuity, and risk management in the field of information security.
He holds the role of project manager and lead consultant in system management projects and implementation of specialized IT tools supporting IT processes and information security. Throughout his career, he successfully completed over 150 implementation projects and conducted more than 100 training sessions. Speaker at numerous conferences dedicated to IT service management, information security, and Governance topics.

Iwona Kapela
Graduate of Management and Marketing at the Warsaw School of Economics, Social Psychology at the SWPS University of Social Sciences and Humanities, and postgraduate studies in “Information Security” at the National Defence University. Since 1991, she has been associated with the telecommunications services market. She has experience in revenue protection, detection of telecommunication fraud, as well as resolving information security incidents. While working with telecommunications companies, she gained knowledge in crisis management and business continuity in relation to ISO 22301, including critical infrastructure protection, closely collaborating with IT and NT technological areas, physical protection, and fire safety. She aims to use her professional experience to focus on practical implementation of information security measures, which protect corporate secrets and ensure business continuity. She holds the ISO 27001 Internal Auditor certificate (Credential ID 641/ISMS/17 BSI) and the CBCP – Certificate of Completion in Business Continuity Planning (DRI).

Jacek Knopik
Graduate of Documentation Management at Adam Mickiewicz University in Poznań. Management representative and internal auditor for information security, quality, environmental, and occupational health and safety management systems. Expert in risk management in the fields of information security, GDPR, quality management, business continuity, and management control. Consultant, implementer, trainer, and software tester for risk management tools. He has over 5 years of experience in local government administration in the fields of documentation management, process management, management control, and the implementation of teleinformation systems.
He executes projects in management systems and the implementation of supporting IT tools both in the private and public sectors.