ISO27001:2022 Information and Cyber Security Implementation

Course Overview

Implementing an ISO27001: 2013 information security management system is considered best practice for protecting your critical and sensitive data and information. Achieving certification to this standard will ensure GDPR compliance, increase stakeholder trust and support your business continuity plan.

This course introduces you to the key concepts and principles of ISO27001: 2013. You will learn how to interpret the standard’s requirements in relation to your operations and conduct a gap analysis of your existing systems. We will guide you through the steps to plan, document and monitor an ISMS that will achieve consistent improvements in your information security and compliance with legislation.

Benefits

Upon completion of this course, learners will have developed a comprehensive understanding of, and the ability to effectively apply, security principles as outlined in ISO/IEC 27001:2022. They will be able to design, execute and implement ISO27001 security management systems and identify any gaps or deficiencies in an organization’s cyber security practices.

• Identify the key benefits of implementing an effective ISMS.
• Develop a plan and determine the resources required for implementation.
• Use proven tools and techniques to support implementation.
• Implement a system that is responsive to the constantly evolving threats to information security, legislative changes and stakeholder requirements.

Course Content

This two-day course will provide learners with essential knowledge on information and cyber security implementation in accordance with the ISO/IEC 27001:2022 standard. Topics covered include an overview of the ISO standards, security management systems, risk analysis, and the development and implementation of an Information Security Management System (ISMS). Learners will gain a comprehensive understanding of the requirements of the ISO standard and the knowledge to design, implement and audit an effective ISMS.

Day 1:
- Introduction to ISO27001 and the Annex SL
- Security Management System (SMS)
- Risk Analysis and Risk Treatment
- Asset Management and Security Classification
- Access Control and User Administration
- Information Security Incident Management
- Security Monitoring and Continuous Improvement

Day 2:

- Requirements of an ISMS
- Documentation and Controls
- Building an ISMS
- Certification and Compliance
- Auditing an ISMS
- Developing an ISMS Maintenance Plan
- Review and Final Test

Aimed at

This course is applicable to cyber security professionals, system administrators, risk, compliance managers and executives. It is beneficial for anyone involved in the design, implementation or management of ISO27001 information security management systems. It is also beneficial for individuals or organizations considering implementing ISO27001.