ISO/IEC 27001:2022. Information Security Management System

ISO/IEC 27001:2022. Information Security Management System, available at $79.99, has an average rating of 4.54, with 89 lectures, 1 quizzes, based on 13986 reviews, and has 47826 subscribers.

You will learn about Understand what is an ISMS and what are the requirements for an ISMS Become familiar with ther requirements of ISO/IEC 27001:2022 Understand with the framework for information security management proposed by ISO/IEC 27001 Obtain the required knowledge to participate in ISMS audits and implementation projects Understand the information security controls that should be addressed by an ISMS Acquire the necessary knowledge to coordinate information security management activities in an organization This course is ideal for individuals who are Information security managers or Information security consultants and auditors or Information security officers or Information security risk specialists or Managers and business owners or People involved in the implementation and administration of information security management systems according to ISO/IEC 27001 or Information security management enthusiasts It is particularly useful for Information security managers or Information security consultants and auditors or Information security officers or Information security risk specialists or Managers and business owners or People involved in the implementation and administration of information security management systems according to ISO/IEC 27001 or Information security management enthusiasts.

Enroll now: ISO/IEC 27001:2022. Information Security Management System

Summary

Title: ISO/IEC 27001:2022. Information Security Management System

Price: $79.99

Average Rating: 4.54

Number of Lectures: 89

Number of Quizzes: 1

Number of Published Lectures: 89

Number of Published Quizzes: 1

Number of Curriculum Items: 90

Number of Published Curriculum Objects: 90

Original Price: $74.99

Quality Status: approved

Status: Live

What You Will Learn

Understand what is an ISMS and what are the requirements for an ISMS
Become familiar with ther requirements of ISO/IEC 27001:2022
Understand with the framework for information security management proposed by ISO/IEC 27001
Obtain the required knowledge to participate in ISMS audits and implementation projects
Understand the information security controls that should be addressed by an ISMS
Acquire the necessary knowledge to coordinate information security management activities in an organization

Who Should Attend

Information security managers
Information security consultants and auditors
Information security officers
Information security risk specialists
Managers and business owners
People involved in the implementation and administration of information security management systems according to ISO/IEC 27001
Information security management enthusiasts

Target Audiences

Information security managers
Information security consultants and auditors
Information security officers
Information security risk specialists
Managers and business owners
People involved in the implementation and administration of information security management systems according to ISO/IEC 27001
Information security management enthusiasts

What is ISO/IEC 27001 and why it matters?

ISO/IEC 27001 is the world’s most popular standard for information security management, and certification to this standard is highly sought after. It demonstrates an organization’s ability to safeguard information with robust controls, ensuring trust and reliability.

Global leaders like Google, Apple, Adobe, Oracle, and countless other tech corporations, financial institutions, healthcare providers, insurance companies, educational institutions, manufacturers, service companies, government agencies, and businesses of all sizes have implemented and certified Information Security Management Systems (ISMS) according to ISO/IEC 27001. This showcases their commitment to protecting the confidentiality, integrity, and availability of the information they handle.

Course Overview

My course delves into the management system requirements of ISO/IEC 27001:2022, along with the information security controls from the standard’s annex (Annex A). This comprehensive guide will help you understand how to implement an ISMS, meet the necessary requirements and achieve compliance.

The course is structured into 6 sections:

– the first section is an introduction to the concept of information security and to this standard, ISO/IEC 27001. Among other aspects the introductive part addresses the following subjects: what represents an ISMS (Information Security Management System), what is the purpose of ISO/IEC 27001 and what is the structure of this standard or what are other standards in the ISO/IEC 27000 family that can be of interest for an information security professional.

– the second section of the course is about the management system requirements of ISO/IEC 27001:2022. The course follows the structure of the standard, covering all the requirements in each clause and sub-clause. The context of the organization, the scope of the ISMS, information security risk assessment and risk treatment, the information security objectives, the documentation of the ISMS, the internal audit of the ISMS, the management review, the information security policy or the management of nonconformities are among the subjects covered by this second section of the course.

– the third, fourth, fifth and sixth sections are all about the information security controls from Annex A of ISO/IEC 27001:2022. There are 93 controls divided into 4 themes: Organizational controls (section 3 of the course), People controls (section 4), Physical controls (section 5) and Technological controls (section 6). The information security controls to be discussed cover, among others, subjects like incident management, supplier relationships, network security, business continuity and ICT readiness, equipment maintenance, storage media, the development of software and systems, the use of cryptography, authentication information, the screening of candidates for employment, the disciplinary process, change management, backup and redundancy, malware protection and technical vulnerability management, logging and monitoring, information security awareness and training, requirements for user end-point devices, capacity management, access privileges, protection against environmental threats, cabling security or secure coding.

If you are interested in the certification to ISO/IEC 27001 for organizations and individuals, there is a video dedicated to this subject at the end of the course.

After going through all the videos of this course you will have a good understanding of what are the requirements for an information security management system and how an organization can apply such a system and claim conformity to ISO/IEC 27001:2022.

The information will be very useful to you if you:

– work as a consultant helping organizations apply standards and implement management systems;

– participate in audits (internal or external audits) in accordance with ISO/IEC 27001:2022;

– work in a company that applies or intends to apply an information security management system;

– have an interest in information security management in general;

– are looking to build a career in information security.

If none of the options above suits your profile you can use the information in my course for awareness on information security and you will have a good image of the requirements that many organizations around the world have decided to adopt.

This course provides 7 hours of condensed information that you can revisit anytime you need and once you finish it you can prove your knowledge in the field of information security management with the certificate issued by Udemy.

*The course is updated to account for the 2024 Amendment to ISO/IEC 27001:2022 about climate change.

Course Curriculum

Chapter 1: Introductive part

Lecture 1: Introduction

Lecture 2: What is information security?

Lecture 3: What is an information security management system (ISMS)?

Lecture 4: The ISO/IEC 27000 series of standards

Lecture 5: About ISO/IEC 27001

Chapter 2: Management system requirements of ISO/IEC 27001:2022

Lecture 1: Understanding the organization and its context

Lecture 2: Understanding the needs and expectations of interested parties

Lecture 3: Determining the scope of the ISMS

Lecture 4: Information security management system

Lecture 5: Information security and climate change

Lecture 6: Leadership and commitment

Lecture 7: Policy

Lecture 8: Organizational roles, responsibilities and authorities

Lecture 9: Actions to address risks and opportunities

Lecture 10: Information security risk assessment (part 1)

Lecture 11: Information security risk assessment (part 2)

Lecture 12: Information security risk treatment (part 1)

Lecture 13: Information security risk treatment (part 2)

Lecture 14: Information security objectives and planning to achieve them

Lecture 15: Planning of changes

Lecture 16: Resources

Lecture 17: Competence

Lecture 18: Awareness

Lecture 19: Communication

Lecture 20: Documented information

Lecture 21: Control of documented information

Lecture 22: Operational planning and control

Lecture 23: Information security risk assessment and treatment

Lecture 24: Monitoring, measurement, analysis and evaluation

Lecture 25: Internal audit

Lecture 26: Management review

Lecture 27: Continual improvement

Lecture 28: Nonconformity and corrective action

Chapter 3: Organizational controls

Lecture 1: Information security controls

Lecture 2: Policies. Roles and responsibilities. Segregation of duties

Lecture 3: Contact with authorities and special interest groups

Lecture 4: Threat intelligence. Information security in project management

Lecture 5: Inventory and acceptable use of information and assets. Return of assets.

Lecture 6: Information classification and labelling

Lecture 7: Information transfer

Lecture 8: Access control

Lecture 9: Identity management. Authentication management. Access rights.

Lecture 10: Information security in supplier relationships and agreements

Lecture 11: Information security in the ICT supply chain

Lecture 12: Monitoring, review and change management of supplier services

Lecture 13: Information security for the use of cloud services

Lecture 14: Information security incident management

Lecture 15: Learning from incidents and collecting evidence

Lecture 16: Information security during disruption and ICT readiness for business continuity

Lecture 17: Legal, statutory, regulatory and contractual requirements

Lecture 18: Intellectual property. Protection of records. Privacy and protection of PII

Lecture 19: Independent review. Compliance with policies, rules and standards

Lecture 20: Documented operating procedures

Chapter 4: People controls

Lecture 1: Screening. Terms and conditions of employment.

Lecture 2: Awareness, training and education. Disciplinary process

Lecture 3: Termination or change of employment

Lecture 4: Remote working

Lecture 5: Information security event reporting

Chapter 5: Physical controls

Lecture 1: Security perimeters. Physical entry. Securing offices, rooms and facilities

Lecture 2: Physical security monitoring. Physical and environmental threats

Lecture 3: Work in secure areas. Clear desk and clear screen

Lecture 4: Equipment siting and protection. Assets off-premises

Lecture 5: Storage media

Lecture 6: Supporting utilities. Cabling security

Lecture 7: Equipment maintenance, disposal or re-use

Chapter 6: Technological controls

Lecture 1: User end point devices

Lecture 2: Privileged access rights. Information access restriction. Access to source code

Lecture 3: Secure authentication

Lecture 4: Capacity management

Lecture 5: Protection against malware. Technical vulnerability management

Lecture 6: Configuration management. Information deletion

Lecture 7: Data masking and data leakage prevention

Lecture 8: Backup and redundancy of information processing facilities

Lecture 9: Logging

Lecture 10: Monitoring activities and clock synchronization

Lecture 11: Privileged utility programs. Software installation on operational systems

Lecture 12: Networks security

Lecture 13: Security of network services and segregation of networks

Lecture 14: Web filtering

Lecture 15: Use of cryptography

Lecture 16: Secure development life cycle. Application security requirements

Lecture 17: Secure system architecture and engineering principles

Lecture 18: Secure coding. Security testing in development and acceptance

Lecture 19: Outsourced development

Lecture 20: Separation of development, test and production environments

Lecture 21: Change management

Lecture 22: Test information and the protection of systems during audit testing

Lecture 23: The certification to ISO/IEC 27001

Lecture 24: Thank you and good bye!

Instructors

Cristian Vlad Lupa, rigcert.education
I teach about standards, compliance and auditing

Rating Distribution

1 stars: 78 votes
2 stars: 187 votes
3 stars: 1528 votes
4 stars: 5659 votes
5 stars: 6534 votes

Frequently Asked Questions

How long do I have access to the course materials?

You can view and review the lecture materials indefinitely, like an on-demand channel.

Can I take my courses with me wherever I go?

Definitely! If you have an internet connection, courses on Udemy are available on any device at any time. If you don’t have an internet connection, some instructors also let their students download course lectures. That’s up to the instructor though, so make sure you get on their good side!

Menu