ISO/IEC 27001 is one of the world’s most popular standards and the certification to this standard is very sought after, as it demonstrates that an organization can be trusted with information because it has sufficient controls in place to protect it.
Google, Apple, Adobe, Oracle and many other tech corporations, financial institutions, health services providers, insurance companies, education institutions, manufacturing and service companies, state institutions, large and small businesses around the world have implemented an ISMS according to ISO/IEC 27001 and have obtained a certification to demonstrate their capability to protect the confidentiality, integrity and availability of the information they process and store.
This course explains the management system requirements of ISO/IEC 27001:2022 along with the information security controls in Annex A of this standard to help you understand how an information security management system can be implemented, what are the requirements that should be met and how compliance can be achieved.
The course is structured into 6 sections:
– the first section is an introduction to the concept of information security and to this standard, ISO/IEC 27001. Among other aspects the introductive part addresses the following subjects: what represents an ISMS (Information Security Management System), what is the purpose of ISO/IEC 27001 and what is the structure of this standard or what are other standards in the ISO/IEC 27000 family that can be of interest for an information security professional.
– the second section of the course is about the management system requirements of ISO/IEC 27001:2022. The course follows the structure of the standard, covering all the requirements in each clause and sub-clause. The context of the organization, the scope of the ISMS, information security risk assessment and risk treatment, the information security objectives, the documentation of the ISMS, the internal audit of the ISMS, the management review, the information security policy or the management of nonconformities are among the subjects covered by this second section of the course.
– the third, fourth, fifth and sixth sections are all about the information security controls from Annex A of ISO/IEC 27001:2022. There are 93 controls divided into 4 themes: Organizational controls (section 3 of the course), People controls (section 4), Physical controls (section 5) and Technological controls (section 6). The information security controls to be discussed cover, among others, subjects like incident management, supplier relationships, network security, business continuity and ICT readiness, equipment maintenance, storage media, the development of software and systems, the use of cryptography, authentication information, the screening of candidates for employment, the disciplinary process, change management, backup and redundancy, malware protection and technical vulnerability management, logging and monitoring, information security awareness and training, requirements for user end-point devices, capacity management, access privileges, protection against environmental threats, cabling security or secure coding.
Free Download Link-
Note: Comment below if you find the download link dead.