G 24 IZOGOOD 27001 - Decrypt the information security standard ISO 27001 while having fun - Online game
Online game IZOGOODŽ 27001 - Decrypt, understand and assimilate the requirements of your ISO 27001 information security management system while having fun
$78.82
Ex. VAT
|
|
|
|
See the online course T 24v22 ISO 27001 Readiness See the online course T 44v22 ISO 27001 Internal audit See the online training package T 84v22 ISO 27001 |
WHY NOT ENRICH YOUR KNOWLEDGE OF THE ISO 27001 STANDARD WHILE HAVING FUN?
THE GAME
- anyone who wants to discover the ISO 27001 standard
- anyone who wants to improve their knowledge of the ISO 27001 standard
- threats or opportunities by the 50 RISK cards
- requirements of the standard by the 50 MCT (multiple choice test) cards
- good or bad practices by the 50 PRACTICE cards
- case examples by the 50 CASE cards
- the assimilation of knowledge related to the ISO 27001 standard
- a more homogeneous understanding of:
- content
- specificities and
- requirements of the ISO 27001 standard
- verification of achievements
- playful learning of the standard
- better prepare for certification or follow-up audit
CONDITIONS
Read more
Anyone involved in introducing, implementing, maintaining, consulting, training and improving an information security management system based on ISO 27001:
- leader of the ISO 27001 certification project
- director
- information security manager
- quality manager
- metrology manager
- maintenance manager
- project manager
- quality technician
- IS technician
- quality assistant
- quality operator
- quality manager
- internal auditor
- worker
- operator
- technician
- consultant
- trainer
- adviser
- student
GAMER’S BOOKLET
Table of contents
1. Rules of the game
2. Glossary
3. Cards
1. RULES OF THE GAME
- RISK - threat or opportunity - silver
- MCT - multiple choice test - green
- PRACTICE - good or bad practice - orange
- CASE – situation, challenge and solutions - blue
- step 1: The back of the card showing the card type, number (from 1 to 50) and the number of stars (from one to three) in blue, white and red , ,
- step 2: The card type, its number, the question (e.g., "Is the following statement more of a threat or an opportunity?"), the statement (e.g., "The scope of the ISMS describes the main company's activities") and the star(s)
- step 3: The answers (one or more correct answers are possible) with a green emoji (for all correct answers) and a red emoji (for a wrong answer)
- step 4: The paragraph from the standard and a comment for the correct answer or incorrect answer
- What is the clause and sub-clause (paragraph) of the standard related to the question?
- Can you provide an example from your department related to this question?
- number of stars earned
- date and time each time you played
- time spent
- identify whether a risk is more of a threat or an opportunity
- enhance their knowledge of the standard's requirements through multiple choice tests (MCTs)
- guess whether a statement is a good or a bad practice
- study each proposed case's situation, challenge, and to find the right solution (one or more correct solutions are possible)
- decrypt the clauses and paragraphs of the standard and to assimilate the requirements
The beginning of wisdom is the definition of terms. Socrates
Some specific quality terms:
Audit: a systematic and independent survey to determine whether activities and results comply with pre-established measures and are capable of achieving the objectives
Audit evidence: demonstrably true data related to audit criteria
Concession (after production): written authorization to deliver a nonconforming product
Conformity: fulfillment of a specified requirement
Continual improvement: permanent process allowing the improvement of the global performance of the company
Corrective action: action to eliminate the causes of nonconformity or any other undesirable event and to prevent their recurrence
Customer: anyone who receives a product
Customer satisfaction: top priority objective of every quality management system related to the satisfaction of customer requirements
Document: any support allowing the treatment of information
Effectiveness: capacity to realize planned activities with minimum effort
Efficiency: financial relationship between achieved results and used resources
External provider (supplier): an entity that provides a product
Indicator: value of a parameter, associated with an objective, allowing the objective measure of its effectiveness
Inspection: the actions of measuring, testing and examining a process, product or material to establish whether requirements are met
Management review: a periodic survey carried out by top management of the management system for its continual improvement
Management system: set of processes allowing objectives to be achieved
Nonconformity: non-fulfillment of a specified requirement
Organization (company): a structure that satisfies a need
Performance: measurable and expected results of the management system
PEST: Political, Economic, Sociological, Technological. Analysis to identify the influence of external factors
Process: activities which transform inputs into outputs
Process approach: management by the processes to better satisfy customers, improve the effectiveness of all processes and increase the global efficiency
Product (or service): every result of a process or activity
Quality: aptitude to fulfill requirements
Quality management: activities allowing the control of a company with regard to quality
Quality objective: quality related, measurable goal that must be achieved
Requirement: explicit or implicit need or expectation
Review: a survey of a file, product, process so as to verify if pre-set objectives are achieved
Risk: probability of occurrence of a threat or an opportunity
Stakeholder: person, group or company affected by the impacts of an organization
SWOT: Strengths, Weaknesses, Opportunities, Threats. Tool for structuring a risk analysis
Top management: group or persons in charge of the company’s control at the highest level
Traceability: the aptitude to memorize or restore all or part of a trace of executed functions
Validation: notice that the application of any process, product or material allows expected results to be achieved
Verification: the periodic inspection survey of compliance of a process, product or material
Remark 1: the use of ISO 27000 definitions is recommended. The most important thing is to determine a common and unequivocal vocabulary for everyone in the company.
Remark 2: a document can be presented as documented information ithat must be maintained (procedure ) or retained (record ).
3. CARDS
Examples of the first 3 cards
RISKS
Recurring question: Is the following statement more of a threat or an opportunity?
RISK 01 Most important is that the organization's strategy has been established in the past
Threat |
§ 4.1 |
Every three years on average, it is necessary to check the adequacy of the strategy to the context of the organization, the expectations and the requirements of stakeholders
RISK 02 The context of the organization is something that can be taken into consideration (even if the boss forgot to say it)
Threat |
§ 4.1 |
This is a requirement of the standard and it is unavoidable. This is part of the first work to be done since the validation of the organization's strategy depends on it
RISK 03 Trying to anticipate the evolution of customer expectations is a waste of time (if the boss said so)
Threat |
§ 4.2 |
|