134
How to Book One to One Trainer Online Meeting
Course Objectives
What is ISO/IEC?
What is ISO/IEC 27001:2013?
How the Standard is Structured
The ISO/IEC 27000 Family of Standards
Key ISO/IEC 27000 Standards Relationships
Qualification vs. Certification
Drivers for Certification
The Benefits of Certification
Quiz
Information Security Management Systems
Information Security Risks
What is an ISMS?
Successful Implementation
What is Information?
Information Technology
Information Security
Confidentiality
Integrity
Availability
Leadership ‘Top Management’
General Management Activities
Management System
Process Approach
Part of the Organisation’s Strategy
ISMS Design Considerations
Why an ISMS is Important
Assets
Protecting Information Assets
Developing an ISMS
Identifying Requirements
ISMS Effectiveness
ISMS Critical Success Factors
Benefits of the ISMS Family of Standards
Key ISO/IEC 27000 Family Standard Publications for ISMS
ISO/IEC 27000 Family Standard Publications
ISO/IEC 27001:2013 Compatibility
Quiz
Two main parts of the standard
ISO/IEC 27001:2013 Clauses 0 to 3 (Introduction, Scope, Normative references, Terms and definitions)
ISO/IEC 27001:2013 - Clause 4. Context of the organization
ISO/IEC 27001:2013 - Clause 5. Leadership
ISO/IEC 27001:2013 - Clause 6.Planning – Address Risks and Opportunities
ISO/IEC 27001:2013 - Clause 7. Support
ISO/IEC 27001:2013 - Clause 8. Operation
ISO/IEC 27001:2013 - Clause 9. Performance Evaluation
ISO/IEC 27001:2013 - Clause 10. Improvement
Control Objectives and Controls – Annex A
Quiz
Overview of ISO/IEC 27005:2011
ISO/IEC 27005:2011 Document Structure
Systematic Approach
Risk Management Definitions
Risk Management – ISO/IEC 27005
Establishing Context
Risk Management Approach
Risk Assessment
Example Risk Assessment Approach
Risk Identification
Risk Analysis
Example Quantitative Risk Analysis
Risk Evaluation
Risk Treatment - Part A
Risk Treatment - Part B
Risk Modification
Risk Treatment
Risk Treatment – Gap Analysis Example
Risk Acceptance
Risk Communication and Consultation
Risk Monitoring and Review
Quiz
Annex A Controls
The 14 Security Control Objectives
Selecting and implementing controls
Statement of Applicability (SoA)
Control Objectives and Controls (A.5)
Approach for Policy Development
Development of Policy
Policy Structure and Publication
Information Security Policies
Typical Information Security Policies
Control Objectives and Controls (A.6)
Control Objectives and Controls (A.7)
Control Objectives and Controls (A.8)
Information Classification
Control Objectives and Controls (A.9)
User Access Management
Control Objectives and Controls (A.10)
Cryptography
Control Objectives and Controls (A.11)
Control Objectives and Controls (A.12)
Control Objectives and Controls (A.13)
Control Objectives and Controls (A.14)
Control Objectives and Controls (A.15)
Control Objectives and Controls (A.16)
Security Incident Management
Control Objectives and Controls (A.17)
Control Objectives and Controls (A.18)
Mandatory Documents Under ISO/IEC 27001
Common Non-Mandatory Documents from Annex A
Other Common Non-Mandatory Documents
Quiz
The purpose of ISO/IEC 27003:2010
Organisation for Establishing the ISMS
ISO/IEC 27003:2010 Clause Structure
ISO/IEC 27003:2010 Clause 5
ISO/IEC 27003:2010 Clause 6
ISO/IEC 27003:2010 Clause 7
ISO/IEC 27003:2010 Clause 8
ISO/IEC 27003:2010 Clause 9
Organisation - Roles and Responsibilities
Quiz
The purpose of ISO/IEC 27007:2011
Management of an Audit Programme (ISO 19011:2011)
Audits
Internal Audits
Internal Auditors
Principles of Audit
Auditor Personal Behaviour
Audit Method
Audit Criteria
Audit Outcomes
Audit Evidence
Certification Preparation
Certification Process
Conduct of a Certification Body
Quiz
Overview
Structure of the new Annex A - ISO/IEC 27001:2022
Annex A Five Types of Attributes
Quiz
Exam Information
CIL Course Evaluation