The MHISP (Master Holistic Information Security Practitioner) certification is complementary to other existing, recognized certifications. In undertaking the MHISP training, the successful candidate will achieve not only certification and recognition, but documented and validated evidence through the HISPI of their successful HISP project.

The course consists of a 16 week program (4 months). One (1) week of heavy interactive in classroom training and three (3) weeks of hands on project work each month under real life conditions at a location chosen by the participant. The knowledge transferred will be based on the HISP best practice guidelines utilizing tools based on industry best practice and information security management systems such as the ISO/IEC ISO 27001:2013 specifications and ISO/IEC 27002:2013 Code of Practice . In class practical exercises provide students with the opportunity to gain skills to introduce and successfully implement a holistic ISMS into an organization. After each week of classroom instruction participants will return to their organizations with step by step knowledge of how to implement a holistic information security management system. Upon return to classroom the following month, the participants will present their work and results from the last 3 weeks of project work performed at their organizations. At the end of the course, attendees will be graded on several factors such as completeness and planning, project management, implementation, data and exercise results. This along with a final examination if successful will result in a MHISP designation.

  • Anyone interested in the implementation of an ISMS
  • Participants involved in developing, operating, and/or maintaining security and compliance systems.
  • Professionals interested or involved with introducing ISMS into an organization
  • CISO's CSO's IT Managers, Regulatory Managers
  • Consultants
  • Professionals involved with management systems
  • Participants designated by their organization to implement a ISMS

Due to the high level designation and required knowledge of this course, candidates must hold a HISP certification and have recently attended the HISP+ training. Additional certifications in information security are strongly recommended. Examples include but are not limited to CISSP, CISM, CISA, CGEIT, CRISC.

Upon successful completion of this course, students will be able to:

  • State a comprehensive definition of ISMS
  • Build an ISMS scope
  • Describe the benefits of ISMS to organizations in general
  • Describe the benefits of ISMS to the participant's organizations
  • Explain why their organization should have an ISMS
  • Identify who among top management in the participant's organization should be accountable for the ISMS
  • Identify who in the organization has specific responsibilities within the ISMS
  • Identify and sequence the elements of the HISP approach to an ISMS
  • Define a standard
  • Describe the benefits of standards to organizations in general, and their organization in particular
  • Identify benefits of ISMS standards
  • Distinguish between Part 1 and Part 2 of standards
  • Explain the importance of independent verification of standards
  • Identify and sequence the events or considerations that are required to understand an organization to put in place an effective ISMS
  • List stakeholders in the participant's organization
  • Identify the interests of stakeholders
  • Rank stakeholders and their interest in terms of importance to the organization
  • Identify the products, services and processes that are essential in meeting high priority stakeholder requirements
  • Identify threats to these products, services and processes
  • Identify typical incidents that may lead to threats being realized
  • Identify how the participant's organization may be impacted by risks identified
  • Articulate the case for putting an ISMS in place in the participant's organization
  • State the purpose of ISMS strategies
  • Distinguish between a ISMS strategy and a plan
  • List the organizational resources for which strategies may be required
  • Identify a range of possible ISMS strategies applied to a single product and/or service
  • Describe the components of an incident response structure
  • Predict the sequence of events in a typical incident
  • Identify the components of and build an Incident Management Plan
  • Identify the components of and build Business Continuity Plan
  • Identify the components of and build Business Impact Analysis
  • Explain the key aims of ISMS internal audits
  • State the benefits of ISMS internal audits
  • Distinguish between ISMS audits and continual improvement
  • Plan and successfully carry out an internal audit
  • Set up and state the main activities in maintaining and reviewing ISMS KPI's
  • Describe the characteristics of a positive ISMS culture
  • Describe the benefits of a positive ISMS culture
  • Compare participants' organizational culture with a positive ISMS culture
  • Explain how to cultivate and support a ISMS culture and know how to develop awareness of ISMS in their organization
  • Identify the skills required to support, sustain and improve the ISMS culture

For additional information regarding the HISP or MHSIP training programs please contact the HISPI

Holistic Information Security Practitioner
You can be notified of upcoming industry events that our HISPI members are participating in

2910 Evans Mill Road, Suite B367
Lithonia, Georgia 30038

Recent Security Discussion