ISO 27000 Series Information Security Management - Foundation to Implementation

About Course

This is a comprehensive Courseware on ISO 27000 Series Information Security Management, structured & designed to equip individuals and organizations with the essential knowledge and skills needed to navigate the complex landscape of information security. This courseware begins with a solid foundation, introducing participants to the core principles and concepts of ISO/IEC-27000:2018, the international standard for Information Security Management Systems (ISMS). As the course progresses, it guides learners through the step-by-step process of planning, implementing and maintaining an effective ISMS, ensuring the protection of sensitive information assets.

One of the key strengths of this courseware is its practicality. It provides actionable insights and real-world examples that empower participants to apply their new-found knowledge directly to their organizations. By the end of the course, learners will be well-equipped to assess information security risks, develop security policies and procedures, conduct security audits and establish a culture of information security excellence. In an era where data breaches and cyber threats are increasingly prevalent, completing this courseware is a crucial step towards safeguarding information assets and maintaining the trust of customers and stakeholders.

Course Content

ISO | Introduction

Overview
A brief history behind the formation of ISO
Name and Abbreviations
ISO Name & Logo
Organizational Structure of ISO
Membership
Financial Functioning of ISO

ISO | Benefits & Drawbacks

ISO | Certification

ISO | Conformity Assessment

ISO | Standards

ISO/IEC 27000 and related Standards – Information Security Management

Overview
ISO/IEC 27000 family of Standards
ISO/IEC 27000:2018 – Information technology – Security techniques – Information security management systems – Overview and vocabulary
ISO/IEC 27001:2013 – Information security management systems – Requirements
What is ISO 27001 | A brief summary of the Standard
ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls
ISO/IEC 27003:2017 – Information technology – Security techniques – Information security management systems – Guidance
ISO/IEC 27004:2016 – Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation
ISO/IEC 27005:2018 – Information technology – Security techniques – Information security risk management
ISO/IEC 27006:2015 – Information technology – Security techniques – Requirements for bodies providing audit and certification of information security management systems
ISO/IEC 27007:2020 – Information security, cybersecurity and privacy protection – Guidelines for information security management systems auditing
ISO/IEC 27010:2015 – Information technology – Security techniques – Information security management for inter-sector and inter-organizational communications
ISO/IEC 27011:2016 – Information technology – Security techniques – Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations
ISO/IEC 27013:2021 – Information security, cybersecurity and privacy protection – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
ISO/IEC 27014:2020 – Information security, cybersecurity and privacy protection – Governance of information security
ISO/IEC TR 27015:2012 – Information technology – Security techniques – Information security management guidelines for financial services
ISO/IEC 27017:2015 – Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services
ISO/IEC 27018:2019 – Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

About Course

What Will You Learn?

Course Content

ISO | Introduction

Overview

A brief history behind the formation of ISO

Name and Abbreviations

ISO Name & Logo

Organizational Structure of ISO

Membership

Financial Functioning of ISO

ISO | Benefits & Drawbacks

Benefits for Business

Benefits for Society

Benefits for Government

Drawbacks of ISO

ISO | Certification

Overview

ISO Certification Process

Accreditation

Labeling for ISO Certification

ISO | Conformity Assessment

Overview

Conformity Assessment Committee (CASCO)

CASCO’s Vision

ISO | Standards

Overview

Technical Standards

Management Standards

Industry-Specific Standards

National Standards

International Standards

Company Standards

Six Sigma (6σ)

Popular Standards developed by ISO

ISO/IEC 27000 and related Standards – Information Security Management

Overview

ISO/IEC 27000 family of Standards

ISO/IEC 27000:2018 – Information technology – Security techniques – Information security management systems – Overview and vocabulary

ISO/IEC 27001:2013 – Information security management systems – Requirements

What is ISO 27001 | A brief summary of the Standard

ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls

ISO/IEC 27003:2017 – Information technology – Security techniques – Information security management systems – Guidance

ISO/IEC 27004:2016 – Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation

ISO/IEC 27005:2018 – Information technology – Security techniques – Information security risk management

ISO/IEC 27006:2015 – Information technology – Security techniques – Requirements for bodies providing audit and certification of information security management systems

ISO/IEC 27007:2020 – Information security, cybersecurity and privacy protection – Guidelines for information security management systems auditing

ISO/IEC 27010:2015 – Information technology – Security techniques – Information security management for inter-sector and inter-organizational communications

ISO/IEC 27011:2016 – Information technology – Security techniques – Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations

ISO/IEC 27013:2021 – Information security, cybersecurity and privacy protection – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

ISO/IEC 27014:2020 – Information security, cybersecurity and privacy protection – Governance of information security

ISO/IEC TR 27015:2012 – Information technology – Security techniques – Information security management guidelines for financial services

ISO/IEC 27017:2015 – Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services

ISO/IEC 27018:2019 – Information technology – Security techniques – Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

ISO | Case Studies

AdvanceTrack

Alternative

Capgemini-Global

Costain

Expotential

Novacroft

Stantec

Telesoft_Technology

ISO | Contribution for the Sustainable Development Goals (SDGs)

Overview

Sustainable Development Goals

Capacity Building Programmes at ISO

The United Nations’ 17 Sustainable Development Goals (SDGs)

Building Sustainable Businesses with ISO Standards

Other References

References for Text