No products added!
ISO 27001 Information Security Management Systems – ISMS Foundation
ISO/IEC 27001 (ISMS) foundation course enables participants to learn about the best practices for implementing and managing an Information Security Management System (ISMS) as specified in ISO/IEC 27001:2013, as well as the best practices for implementing the information security controls of the eleven domains of the ISO 27002. This training also helps to understand how ISO/IEC 27001 and ISO 27002 relate with ISO 27003 (Guidelines for the implementation of an ISMS), ISO 27004 (Measurement of information security) and ISO 27005 (Risk Management in Information Security)
ISO/IEC 27001 Learning Objectives
Course Content: Module 1: Introduction to ISO 27001 & ISMS
Module 3: HR Security & Awareness
Module 4: Asset Management
Module 5: Access Control & Cryptography
Module 6: Physical & Environmental Security
Module 7: Operations & Communications Security
Module 8: Information Security Incident Management
Module 9: Supplier Security & Compliance
Module 10: Business Continuity & ISMS Certification
ISO/IEC 27001 Learning Objectives
- To acquire the expertise to perform an ISO/IEC 27001 internal audit following ISO 19011 guidelines
- To acquire the expertise to perform an ISO/IEC 27001 certification audit following ISO 19011 guidelines and the specifications of ISO 17021 and ISO 27006
- To acquire the necessary expertise to manage an ISMS audit team
- To understand the operation of an ISO/IEC 27001 conformant information security management system
- To understand the relationship between an Information Security Management System, including risk management, controls and compliance with the requirements of different stakeholders of the organization
- To improve the ability to analyze the internal and external environment of an organization, its risk assessment
Controls in ISO 27001
These are 114 controls in ISO 27001, organized in Annex-A of the document. These controls are classified into 14 control areas, as follows: Information Security Policies- Organization for Information Security
- HR Security
- Asset Management
- Access Control
- Cryptography
- Physical & Environmental Security
- Operations Security
- Communications Security
- Systems Acquisitions, Development & Maintenance
- Supplier Relationships
- Information Security Incident Management
- Information Security Aspects of BCM
- Compliance
Course Content: Module 1: Introduction to ISO 27001 & ISMS
- Overview of Information Security Management Systems (ISMS)
- Purpose and benefits of ISO 27001
- Key principles of ISMS
- ISO 27001:2022 framework and clauses
Module 2: Information Security Governance & Risk Management
- Leadership and commitment in ISMS
- Risk assessment and risk treatment
- Information security objectives and policies
- Statement of Applicability (SoA)
Module 3: HR Security & Awareness
- Security in employee lifecycle (hiring, onboarding, termination)
- Roles and responsibilities in ISMS
- Security awareness, training, and education
- Insider threats and social engineering
Module 4: Asset Management
- Information asset identification and classification
- Ownership and accountability
- Acceptable use policies
- Handling and disposal of assets
Module 5: Access Control & Cryptography
- Identity and access management (IAM)
- Authentication and authorization mechanisms
- Password management and multi-factor authentication (MFA)
- Cryptographic controls and key management
Module 6: Physical & Environmental Security
- Securing office spaces, data centers, and workstations
- Protection against natural disasters and unauthorized access
- Security for remote and hybrid work environments
- Secure disposal of media and equipment
Module 7: Operations & Communications Security
- Secure system operations and monitoring
- Malware protection and patch management
- Secure communication channels (VPN, email security, encryption)
- Network security and perimeter defense
Module 8: Information Security Incident Management
- Incident response planning and procedures
- Incident detection, reporting, and escalation
- Forensic investigation basics
- Lessons learned and continuous improvement
Module 9: Supplier Security & Compliance
- Third-party security risk management
- Supplier assessment and contract requirements
- Legal and regulatory compliance (GDPR, HIPAA, etc.)
- Internal and external ISMS audits
Module 10: Business Continuity & ISMS Certification
- Business Continuity Management (BCM) and disaster recovery planning
- Backup strategies and redundancy
- Achieving and maintaining ISO 27001 certification
- Continuous improvement and ISMS maturity
Course Info
- ISO Certification
- 10
- 20 hours