National Accreditation Bureau organized a training program on “Information Security Management System based on ISO/IEC 27005, ISO/IEC 27007, and ISO/IEC TS 27008”

The training program focused on three key standards in information security management, specifically: ISO/IEC 27005, which provides guidance on managing information security risk, performing information security risk management activities, specifically information security risk assessment and treatment; ISO/IEC 27007, which provides guidelines for information security management system auditing (ISMS); and ISO/IEC TS 27008, which provides guidance on reviewing and assessing the implementation and operation of information security controls.

The course was systematically designed in alignment with the requirements of each standard and included theory and case study. This approach enabled participants to gain in-depth knowledge and have the opportunity to exchange experiences and best practices, thereby improving the effectiveness of accreditation in the field of information security.

This training program also played a vital role in strengthening the team of qualified assessors capable of evaluating conformity assessment bodies operating in the information technology sector, especially in the context of growing emphasis on information protection and security.

The training course on ISO/IEC 27005, ISO/IEC 27007, and ISO/IEC TS 27008 standards demonstrates the National Accreditation Bureau’s commitment to continuously improving human resource capability, while promoting a more professional, efficient, and internationally aligned accreditation system in the field of information security.