Iso/Iec 27001:2022. Information Security Management System

Learn how your company can protect its information with an ISMS that meets the requirements of ISO/IEC 27001

What you'll learn

Understand what is an ISMS and what are the requirements for an ISMS

Become familiar with ther requirements of ISO/IEC 27001:2022

Understand with the framework for information security management proposed by ISO/IEC 27001

Obtain the required knowledge to participate in ISMS audits and implementation projects

Understand the information security controls that should be addressed by an ISMS

Acquire the necessary knowledge to coordinate information security management activities in an organization

Requirements

No specific prior knowledge required.

Familiarity with management systems and/ or information security management is helpful.

Knowledge about information security principles and concepts is useful.

Description

ISO/IEC 27001 is one of the world's most popular standards and the certification to this standard is very sought after, as it demonstrates that an organization can be trusted with information because it has sufficient controls in place to protect it.Google, Apple, Adobe, Oracle and many other tech corporations, financial institutions, health services providers, insurance companies, education institutions, manufacturing and service companies, state institutions, large and small businesses around the world have implemented an ISMS according to ISO/IEC 27001 and have obtained a certification to demonstrate their capability to protect the confidentiality, integrity and availability of the information they process and store.This course explains the management system requirements of ISO/IEC 27001:2022 along with the information security controls in Annex A of this standard to help you understand how an information security management system can be implemented, what are the requirements that should be met and how compliance can be achieved.The course is structured into 6 sections:- the first section is an introduction to the concept of information security and to this standard, ISO/IEC 27001. Among other aspects the introductive part addresses the following subjects: what represents an ISMS (Information Security Management System), what is the purpose of ISO/IEC 27001 and what is the structure of this standard or what are other standards in the ISO/IEC 27000 family that can be of interest for an information security professional.- the second section of the course is about the management system requirements of ISO/IEC 27001:2022. The course follows the structure of the standard, covering all the requirements in each clause and sub-clause. The context of the organization, the scope of the ISMS, information security risk assessment and risk treatment, the information security objectives, the documentation of the ISMS, the internal audit of the ISMS, the management review, the information security policy or the management of nonconformities are among the subjects covered by this second section of the course.- the third, fourth, fifth and sixth sections are all about the information security controls from Annex A of ISO/IEC 27001:2022. There are 93 controls divided into 4 themes: Organizational controls (section 3 of the course), People controls (section 4), Physical controls (section 5) and Technological controls (section 6). The information security controls to be discussed cover, among others, subjects like incident management, supplier relationships, network security, business continuity and ICT readiness, equipment maintenance, storage media, the development of software and systems, the use of cryptography, authentication information, the screening of candidates for employment, the disciplinary process, change management, backup and redundancy, malware protection and technical vulnerability management, logging and monitoring, information security awareness and training, requirements for user end-point devices, capacity management, access privileges, protection against environmental threats, cabling security or secure coding.If you are interested in the certification to ISO/IEC 27001 for organizations and individuals, there is a video dedicated to this subject at the end of the course. After going through all the videos of this course you will have a good understanding of what are the requirements for an information security management system and how an organization can apply such a system and claim conformity to ISO/IEC 27001:2022.The information will be very useful to you if you:- work as a consultant helping organizations apply standards and implement management systems;- participate in audits (internal or external audits) in accordance with ISO/IEC 27001:2022;- work in a company that applies or intends to apply an information security management system;- have an interest in information security management in general;- are looking to build a career in information security.If none of the options above suits your profile you can use the information in my course for awareness on information security and you will have a good image of the requirements that many organizations around the world have decided to adopt.This course provides 7 hours of condensed information that you can revisit anytime you need and once you finish it you can prove your knowledge in the field of information security management with the certificate issued by Udemy.

Overview

Section 1: Introductive part

Lecture 1 Introduction

Lecture 2 What is information security?

Lecture 3 What is an information security management system (ISMS)?

Lecture 4 The ISO/IEC 27000 series of standards

Lecture 5 About ISO/IEC 27001

Section 2: Management system requirements of ISO/IEC 27001:2022

Lecture 6 Understanding the organization and its context

Lecture 7 Understanding the needs and expectations of interested parties

Lecture 8 Determining the scope of the ISMS

Lecture 9 Information security management system

Lecture 10 Leadership and commitment

Lecture 11 Policy

Lecture 12 Organizational roles, responsibilities and authorities

Lecture 13 Actions to address risks and opportunities

Lecture 14 Information security risk assessment (part 1)

Lecture 15 Information security risk assessment (part 2)

Lecture 16 Information security risk treatment (part 1)

Lecture 17 Information security risk treatment (part 2)

Lecture 18 Information security objectives and planning to achieve them

Lecture 19 Planning of changes

Lecture 20 Resources

Lecture 21 Competence

Lecture 22 Awareness

Lecture 23 Communication

Lecture 24 Documented information

Lecture 25 Control of documented information

Lecture 26 Operational planning and control

Lecture 27 Information security risk assessment and treatment

Lecture 28 Monitoring, measurement, analysis and evaluation

Lecture 29 Internal audit

Lecture 30 Management review

Lecture 31 Continual improvement

Lecture 32 Nonconformity and corrective action

Section 3: Organizational controls

Lecture 33 Information security controls

Lecture 34 Policies. Roles and responsibilities. Segregation of duties

Lecture 35 Contact with authorities and special interest groups

Lecture 36 Threat intelligence. Information security in project management

Lecture 37 Inventory and acceptable use of information and assets. Return of assets.

Lecture 38 Information classification and labelling

Lecture 39 Information transfer

Lecture 40 Access control

Lecture 41 Identity management. Authentication management. Access rights.

Lecture 42 Information security in supplier relationships and agreements

Lecture 43 Information security in the ICT supply chain

Lecture 44 Monitoring, review and change management of supplier services

Lecture 45 Information security for the use of cloud services

Lecture 46 Information security incident management

Lecture 47 Learning from incidents and collecting evidence

Lecture 48 Information security during disruption and ICT readiness for business continuity

Lecture 49 Legal, statutory, regulatory and contractual requirements

Lecture 50 Intellectual property. Protection of records. Privacy and protection of PII

Lecture 51 Independent review. Compliance with policies, rules and standards

Lecture 52 Documented operating procedures

Section 4: People controls

Lecture 53 Screening. Terms and conditions of employment.

Lecture 54 Awareness, training and education. Disciplinary process

Lecture 55 Termination or change of employment

Lecture 56 Remote working

Lecture 57 Information security event reporting

Section 5: Physical controls

Lecture 58 Security perimeters. Physical entry. Securing offices, rooms and facilities

Lecture 59 Physical security monitoring. Physical and environmental threats

Lecture 60 Work in secure areas. Clear desk and clear screen

Lecture 61 Equipment siting and protection. Assets off-premises

Lecture 62 Storage media

Lecture 63 Supporting utilities. Cabling security

Lecture 64 Equipment maintenance, disposal or re-use

Section 6: Technological controls

Lecture 65 User end point devices

Lecture 66 Privileged access rights. Information access restriction. Access to source code

Lecture 67 Secure authentication

Lecture 68 Capacity management

Lecture 69 Protection against malware. Technical vulnerability management

Lecture 70 Configuration management. Information deletion

Lecture 71 Data masking and data leakage prevention

Lecture 72 Backup and redundancy of information processing facilities

Lecture 73 Logging

Lecture 74 Monitoring activities and clock synchronization

Lecture 75 Privileged utility programs. Software installation on operational systems

Lecture 76 Networks security

Lecture 77 Security of network services and segregation of networks

Lecture 78 Web filtering

Lecture 79 Use of cryptography

Lecture 80 Secure development life cycle. Application security requirements

Lecture 81 Secure system architecture and engineering principles

Lecture 82 Secure coding. Security testing in development and acceptance

Lecture 83 Outsourced development

Lecture 84 Separation of development, test and production environments

Lecture 85 Change management

Lecture 86 Test information and the protection of systems during audit testing

Lecture 87 The certification to ISO/IEC 27001

Lecture 88 Thank you and good bye!

Information security managers,Information security consultants and auditors,Information security officers,Information security risk specialists,Managers and business owners,People involved in the implementation and administration of information security management systems according to ISO/IEC 27001,Information security management enthusiasts