About Course
Course Duration: 2 Days – 8 Hours/day
This 1.5-day course has been developed to cover all requirements of the ISO/IEC 27001:2022 standard and its Annex A controls; with the possibility to be combined with (Lead) Auditor training. The course includes definitions from ISO/IEC 27000:2018 (Information Security Management Systems – Overview and Vocabulary), Guidance from ISO/IEC 27003:2017 (Information Security Management System Implementation and Guidance). Group exercises and case studies will be used to develop the required skills.
Course Outline
Day One
- Fundamentals of Information Security Management Systems (ISMS)
- A process approach to Information Security
- What is an Information Security Management System (ISMS)?
- The purpose of ISO/IEC 27001 ISMS described.
- ISO/IEC 27001:2022 Requirements Descriptions
- ISO/IEC 27001:2022 Clauses
- Annex A
- Risk-based Thinking
- ISMS Risks
- ISMS Risk Assessment
- ISMS Risk Treatment
- Group Exercise 1: Risk Identification Discussion
- ISO/IEC 27001 Clause 4 – Context of the Organization
- ISO/IEC 27001 Clause 5 – Leadership
- Group Exercise 2: Audit Scenarios
- ISO/IEC 27001 Clause 6 – Planning
Day 2
- ISO/IEC 27001 Clause 7 – Support
- ISO/IEC 27001 Clause 8 – Operation
- A look at and understanding of Annex A Controls
- Group Exercise 3: Audit Scenarios
- ISO/IEC 27001 Clause 9 – Performance Evaluation
- ISO/IEC 27001 Clause 10 – Improvement
- Group Exercise 4: Audit Scenarios
- Understanding ISMS Final Exam
