SGS Academy Hong Kong - Practical Workshop in Information Security Control – based on ISO/IEC 27002:2013

Practical Workshop in Information Security Control – based on ISO/IEC 27002:2013

My Offerings


Today, businesses rely on information technology to communicate, generate, handle and store huge amount of information. Information security is gaining importance and is pervasive among the users of Information Technology. Information security is relevant to all types of organisations in all industries and government bodies.

This course is designed to help office managers or security implementers of organizations who need to write their organizations’ information security policies.  In order to make information security easy to understand, the course content is example and case sharing based instead of lecture oriented. All controls to be introduced in the workshop are based on ISO/IEC 27002:2013, which is a popular, internationally recognised standard for information security


The following topics will be covered in the workshop:

1.Information security policies 
2.Organisation of information security 
3.Human resources security 
4.Asset management 
5.Access control 
7.Physical and environmental security 
8.Operations security
9.Communications security 
10.System acquisition, development and maintenance 
11.Supplier relationships 
12.Information security incident management 
13.Information security aspects of business continuity management 

The course contains an abundance of practical good practices and examples to facilitate your implementation in your organisation.

CERTIFICATION (Attendance: 100%):
Delegates who successfully completed the course will be issued a certificate by SGS Hong Kong Limited.

Venue: T.S.T. / Wan Chai / Sheung Wan Training Centre / TBC 
Medium: Cantonese supplemented with English material

*Early Bird Price will be offered to participant whose enrolment is made one month prior to the course or online booking


Why this course and not ISO 27001?

ISO 27001 defines the information security management system requirements.  The more technical security controls are covered in the Annex with only the control objectives (intentions), i.e. the implementation details are not included.  This is because ISO 27001 is a certifiable standard – it needs to remain generic.  ISO 27002, on the other hand, is an advisory document of good practice for implementing ISO 27001.  To prepare for ISO 27001 certification, both trainings are recommended.  To implement information security controls in an organisation, ISO 27002 is the essential one.


Practical security strategies for protection and control of IT systems, documents and data will be outlined in this workshop. The course contains sufficient examples and practical sharing that the audience is able to apply them right away in their organziations Practices acquired are applicable to organisations of all sizes and all security maturity levels.



Mr. Chris Yau (Senior Manager, Products and Services Development, SGS Hong Kong Limited)

He is an EuroCloud-Star Auditor, Certified CSA STAR Auditor, RABQSA registered ISO/IEC 27001 Lead Auditor, Certified Information Security Auditor (CISA) and Certified Information Security Manager (CISM) with over 15 years of security-related audit and teaching experience including information security in both manufacturing and IT sectors, cargo and freight security. He is also a lead auditor in ISO 9001, ISO 14001, ISO 28000, and ISO 20000. 

Ms. Rani Lui (IT Product Manager, HK and Macao area)

She is an EuroCloud-Star Auditor, Certified CSA STAR Auditor, a ISO/IEC 27001, ISO 20000-1 and ISO 9001 Lead Auditor, a Certified Information Security Auditor (CISA) and a Certified Data Centre Professional (CDCP). She has been managing and auditing data centres since 2008

(SGS Hong Kong Ltd. reserves the right of final tutor arrangement)


IT managers, office managers, operational managers, and other security practitioners who need to have an understanding of practical information security controls. 


None, but some basic knowledge of common IT policies would allow you to understand and appreciate the topics discussed.

View Details


2 days

System is currently experiencing issues and we are working on a solution. If you encounter an error, please come back shortly and try again.