What is Information Security?

ISO 27001 is an International Standard for 'Information Security' that specifies requirements for establishing an organization-wide Information Security Management System for the protection of IT infrastructure and the organization's valuable and critical information including financial, technical, proprietary, or customer information.

Why is Information Security important?

Based upon a formal Security Risk Management program, facilitates the organizations to identify, assess, measure, and monitor the security risks and accordingly establishes Information Security policies, and procedures and sets international best practices that reduce the probability of internal and external attacks on Information Assets and/or limit the damage caused by an inadvertent or malicious incident.

COURSE OUTLINE

PART 1 COURSE DESCRIPTION | FEBRUARY 19, 2024

Module 1: Information Security Management System Concepts – Information Security, Cybersecurity and privacy protection.

• Information, data, and asset
• Information Security, Cybersecurity, and Privacy Protection Concept
• Information security Properties: Confidentiality, integrity and availability
• Impact of vulnerabilities and threats
• Information security risks
• Security objectives and controls
• Control environment

Module 2: ISO Standards and regulatory framework

• The ISO
• The ISO Principles
• Management system standards
• Integrated management systems
• Information security standards
• ISO 27000 family
• ISO 27001 advantages
• ISO 27002:2022 Implementation Updates
• Legal and regulatory conformity

PART 2 COURSE DESCRIPTION | FEBRUARY 20, 2024

Module 3: Information Security, Cybersecurity and Privacy Protection

• Information Security Management System (ISMS) Transition
• The Plan–Do–Check–Act (PDCA) Framework
• Implementation (ISMS including new changes)
• Transition of the ISO 27001 Standard

Module 4: ISMS Implementation

• Context of Organization
• Leader
• Planning
• Support
• Operation
• Performance Evaluation
• Improvement

Module 5: ISMS Implementation

• Organization Controls – 37 controls
• People Controls – 8 Controls
• Physical Controls – 14 Controls
• Technological Controls – 34 Controls

93 Information Security Controls

• New Controls – 11
• Merged Controls – 24 (57 merged into 24)
• Deleted Controls -3

11 New Controls

1. Threat Intelligence
2. Information Security of Cloud Services
3. ICT Readiness for Business Continuity
4. Physical Security Monitoring
5. Configuration Management
6. Information deletion
7. Data Masking
8. Data Leakage Protection
9. Monitoring Activities
10. Web Filtering
11. Secure Coding

Module 6: Certification Process

• Certification Process
• Transition Requirements
• Certification schema
• Accreditation authority, Certification bodies

METHODOLOGY

Participants will learn through lectures, case studies, group exercises, and discussions (workshops).

OBJECTIVES

The course will discuss:

• Understanding of the Information Security concepts
• Structure of the ISO 27001 Information Security Management System (ISMS) standard
• Detailed clause-by-clause overview of ISO 27001 ISMS standard
• Overview of Risk Assessment for Information Security
• Overview of 114 controls of Annexure A of ISO 27001 ISMS standard
• Key organizational issues and considerations for implementation
• Benefits of ISO 27001 ISMS
• ISO 27001 Certification Process

TARGET AUDIENCE

Professionals in charge of ensuring Cyber Security in your organization.

OTHER INFORMATION

The mode of training if virtual is through ZOOM, recording sessions is not allowed.