Auditing Iso 27001:2022 – Technical Controls

Step-by-step auditing of ISO 27001:2022 Annex A technical controls for endpoints, data, networks, and secure development

What you'll learn

Audit ISO 27001:2022 Annex A technical controls step-by-step.

Evaluate policies, evidence, and configurations against ISO requirements.

Identify security gaps and create risk-based remediation plans.

Prepare audit reports and executive briefings for certification readiness.

Requirements

Basic knowledge of information security or IT systems is helpful.

Familiarity with ISO 27001) is useful.

No specialized tools needed; templates and checklists are provided.

Description

Unlock the skills to confidently audit ISO/IEC 27001:2022 technical controls.This course provides a complete, step-by-step guide to auditing the 34 Annex A Clause 8 technical controls of ISO/IEC 27001:2022. Covering areas from endpoint security and privileged access to cryptography, network security, and secure software development, it equips you with practical tools, checklists, and methodologies to evaluate compliance and identify risks. This course contains the use of artificial intelligence.Modern organizations face threats ranging from malware infections to misconfigured cloud systems and insecure application development. As an auditor or security professional, your role is not only to confirm compliance but also to highlight risks, evaluate evidence, and recommend improvements. This course bridges the gap between theory and practice, ensuring you can perform robust audits in real-world environments.You’ll learn how to:Audit user endpoints, privileged access rights, and secure authentication.Evaluate controls for capacity, malware, vulnerability, and configuration management.Assess data lifecycle security, including secure deletion, masking, backups, and redundancy.Review logging, monitoring, and privileged utilities to ensure accountability.Verify network and cryptographic security through segregation, filtering, and encryption.Audit secure development practices, including SDLC, coding standards, outsourced development, and change management.Each module includes practical audit checklists, real-world scenarios, and step-by-step examples using a model company (InfoSure Ltd.). You’ll also complete assignments designed to simulate real audits, culminating in a capstone project that integrates all 34 controls into one comprehensive audit exercise.By the end of this course, you will be able to:Apply structured audit methodologies to technical controls.Collect and evaluate evidence such as policies, logs, system configs, and test results.Identify risks, gaps, and partial compliance in information security systems.Deliver actionable remediation roadmaps and management briefings.Whether you are an auditor, CISO, ISMS manager, compliance professional, or IT administrator, this course provides the knowledge and tools to audit technical controls with confidence and prepare organizations for ISO 27001 certification success.

Overview

Section 1: Introduction

Lecture 1 Introduction

Lecture 2 Introducing the Model Company - InfoSure Ltd

Section 2: Identity and Access Management

Lecture 3 Identity and Access Management

Lecture 4 Control 8.1 – User Endpoint Devices

Lecture 5 Control 8.2 – Privileged Access Rights

Lecture 6 Control 8.3 – Information Access Restriction

Lecture 7 Control 8.4 – Access to Source Code

Lecture 8 Control 8.5 – Secure Authentication

Section 3: Capacity, Malware, and Vulnerability Management

Lecture 9 Capacity, Malware, and Vulnerability Management

Lecture 10 Control 8.6 – Capacity Management

Lecture 11 Control 8.7 – Protection Against Malware

Lecture 12 Control 8.8 – Management of Technical Vulnerabilities

Lecture 13 Control 8.9 – Configuration Management

Section 4: Data Lifecycle Security

Lecture 14 Data Lifecycle Security

Lecture 15 Control 8.10 – Information Deletion

Lecture 16 Control 8.11 – Data Masking

Lecture 17 Control 8.12 – Data Leakage Prevention

Lecture 18 Control 8.13 – Information Backup

Lecture 19 Control 8.14 – Redundancy of Information Processing Facilities

Section 5: Logging, Monitoring, and Utilities

Lecture 20 Logging, Monitoring, and Utilities

Lecture 21 Control 8.15 – Logging

Lecture 22 Control 8.16 – Monitoring Activities

Lecture 23 Control 8.17 – Clock Synchronisation

Lecture 24 Control 8.18 – Use of Privileged Utility Programs

Lecture 25 Control 8.19 – Installation of Software on Operational Systems

Section 6: Network and Cryptographic Security

Lecture 26 Network and Cryptographic Security

Lecture 27 Control 8.20 – Network Security

Lecture 28 Control 8.21: Security of Network Services

Lecture 29 8.22 – Segregation of Networks

Lecture 30 Control 8.23: Web Filtering

Lecture 31 Control 8.24: Use of Cryptography

Section 7: Secure Development Practices

Lecture 32 Secure Development Practices

Lecture 33 Control 8.25 – Secure Development Life Cycle

Lecture 34 Control 8.26 – Application Security Requirements

Lecture 35 Control 8.27 – Secure Systems Architecture and Engineering Principles

Lecture 36 Control 8.28 – Secure Coding

Lecture 37 Control 8.29 – Security Testing in Development and Acceptance

Lecture 38 Control 8.30 – Outsourced Development

Lecture 39 Control 8.31 – Separation of Development, Test and Production Environments

Lecture 40 Control 8.32 – Change Management

Lecture 41 Control 8.33 – Test Information

Section 8: Audit-Specific Technology Protections

Lecture 42 Control 8.34 – Protection of Information Systems During Audit Testing

Section 9: Conclusion

Lecture 43 Conclusion

Information security auditors and IT compliance professionals.,CISOs, ISMS managers, and risk or governance specialists.,IT managers, cloud security professionals, and system administrators.,Consultants preparing organizations for ISO 27001 certification audits.