Information Security Manager in Aviation

This course gives participants an in-depth understanding of the fundamentals for information security management systems based on ISO 27001 standards and the aviation specific standard DIN/EN 16495 and German industry-specific Security Standard for Aviation (B3S).

Upon completion of the course participants will be able to:

• understand the challenges of information security and an information security management system based on ISO 27001 standards, EN 16495 and industry-specific security standard in aviation
• implement an ISMS specific for aviation organisations

Recap: Information Security Management based on the 2700x series:

• Legal and regulatory aviation specific requirements
• Protection of information, protection requirements (confidentiality, availability, integrity, etc.)
• Core elements of the ISO 27001 (PDCA cycle, management framework, Annex A Controls)
• Information Security Risk Management based on the 2700x series

DIN/EN 16495:

• General framework
• Aviation specific requirements

B3S - Industry-specific security standard in aviation:

• German IT-Sicherheitsgesetz
• Term “State-of-the-Art”

Best practice approach to implement an Information Security Management in aviation organizations:

• Definition of a scope
• Conducting a risk assessment
• Implement measures
• Auditing acc. BSIG §8a(3)

• Information Security Management for aviation organisations
• Information Security Risk Management for aviation organisations
• IT Security for aviation organisations
• IT Security Risk Management for aviation organisations
• Internal) Audits for aviation organisations
• Data Privacy for aviation organisations
• Compliance for aviation organisations