ISO 27001:2013 - Information Security Management Systems

Name: ISO 27001:2013 - Information Security Management Systems
Rating: 3.5 (6 reviews)

Information security managers seeking ISO 27001 certification for their organization need to know the requirements and practical activities needed to align their systems with that standard. This ISO 27001:2013 - Information Security Management Systems course shows you how to design, implement, and maintain an ISO 27001-compliant system.

Time

7 hours 52 minutes

Difficulty

Intermediate

CEU/CPE

3.5

NEED TO TRAIN YOUR TEAM? LEARN MORE

Join over 3 million cybersecurity professionals advancing their career

Required fields are marked with an *

View all SSO options

Already have an account? Sign In »

Course Content

Module 1: Overview of an ISMS

What is ISO 27001

FREE

16m

The ISO 27001:2013 Standard Part 1

FREE

11m

The ISO 27001:2013 Standard Part 2

FREE

13m

The ISO 27001:2013 Standard Part 3

FREE

The Plan, Do, Check, Act Cycle

FREE

Important Terms and Concepts

FREE

10m

Statement of Applicability

Module 2: Clause 4: Context of the Organization

2.1Understanding the Organization and its Context

2.2Understanding the Needs and Expectations of Interested Parties

2.3Determining the Scope of the ISMS

Module 3: Clause 5: Leadership

3.1Leadership, Commitment and its Role in the ISMS

3.2Information Security Policy and the ISMS Manual

3.3Organizational Roles and Responsibilities

10m

Module 4: Clause 6: Planning

4.1Intro to Information Security Risk Management

4.2Identification of Assets

4.3Identification of Threats

4.4Identification of Existing Controls

4.5Identification of Vulnerabilities

4.6Identification of Consequences

4.7Risk Analysis

4.8Risk Evaluation

4.9Using SimpleRisk to Track and Manage Your Risks

11m

4.10Actions to Address Risks and Opportunities Part 1

4.11Actions to Address Risks and Opportunities Part 2

4.12Actions to Address Risks and Opportunities Part 3

4.13Information Security Objectives and Planning to Achieve Them Part 1

4.14Information Security Objectives and Planning to Achieve Them Part 2

Module 5: Clause 7: Support

5.1Resources Required for Maintaining an ISMS

5.2Competence

5.3Awareness with Regards to the ISMS

5.4Communication Requirements of an ISMS

5.5Maintaining Documented Information for the ISMS

Module 6: Clause 8: Operation

6.1Operational Planning and Control

6.2Information Security Risk Assessment

6.3Information Security Risk Treatment

Module 7: Clause 9: Performance Evaluation

7.1Monitoring, Measurement, Analysis and Evaluation

7.2Internal Audits Specifically for Your ISMS

7.3Management Review

Module 8: Clause 10: Improvement

8.1Non-Comformity and Corrective Action

8.2Handling a Nonconformity and Corrective Actions

8.3Continual Improvement

Module 9: An Overview of the ISO 27001 Certification Process for Organizations

9.1When are you Ready for the Certification?

9.2High-Level Overview of the Certification Process

9.3Mandatory Documentation (Recap)

9.4What to Prepare for the Audits

Module 10: Putting It All Together With a Plan

10.1Define Objectives

10.2What Results are you Expecting?

10.3Risks to the Success of your ISMS

Module 11: Annex A: Control Objectives and Controls

11.1A5 Information Security Policies

11.2A6 Organization of Information Security

11.3A7 Human Resource Security

11.4A8 Asset Management

10m

11.5A9 Access Control

11.6A10 Cryptography

11.7A11 Physical and Environmental Security

11.8A12 Operations Security

12m

11.9A13 Communications Security

11.10A14 System Acquisition, Development and Maintenance

11m

11.11A15 Supplier Relationships

11.12A16 Information Security Incident Management

11.13A17 Information Security Aspects of Business Continuity Management

11.14A18 Compliance

Course Description

The purpose of this course is to provide students with knowledge, insight and understanding of the requirements and practical activities associated with designing, implementing and maintaining an information security management system, aligned to the ISO 27001 Standard. This course will assist those seeking to better understand the standard and how to implement an ISMS practically within an organisation and to prepare for the ISO 27001:2013 certification for the organisation.

This course covers multiple information security terms and concepts, including documentation design, information security risk management principles and guidelines, and understanding the environment in which the organization operates, and the information security needs and expectations associated with that.

Target Audience

This course is for IT Managers and Compliance Professionals.

Prerequisites

Students will need an understanding of their environment and assets that are in the scope of ISO27001. Students must have the ability to take notes and create spreadsheets for data entry. An inquisitive mindset knowing the road to certification is a process that can at times be challenging, but overall rewarding. This course is for an intermediate to advanced audience who already have an understanding of cyber security governance and are looking to implement and get certified in ISO27001.

Course Goals

By the end of this course, students should be able to:

Have a detailed understanding of the ISMS clauses and what they entail.
Demonstrate knowledge of an information security risk management process.
Demonstrate knowledge of the required documentation to support an ISMS.
Demonstrate knowledge of how to monitor, measure and evaluate the performance of an ISMS through various processes.
Demonstrate knowledge of nonconformities and the continual improvement cycle.
Better understanding of governance in the cyber security landscape

Instructed By

Judy Winn

CISO at NFA Solutions

Instructor

Provider

Certificate of Completion

Complete this entire course to earn a ISO 27001:2013 - Information Security Management Systems Certificate of Completion

Domains

Governance, Risk, and Compliance

Topics

Legal and Privacy Issues