ISO 27001:2022 Lead Implementer
Curriculum
Course Introduction
Available in
days
days
after you enroll
Chapter 1: Information Security Fundamentals
Available in
days
days
after you enroll
Chapter 2: ISO/IEC 27001:2022
Available in
days
days
after you enroll
- Chapter 2 Overview
- Management Systems (9:37)
- Information Security Management Systems (5:59)
- International Standards (3:44)
- ISO 27000 Family of Standards (5:58)
- Navigating the ISO 27000 Family of Standards (5:18)
- Resource: Mind Map Collection
- ISO/IEC 27001 Overview (3:32)
- Table of Contents (4:44)
- Review Questions: ISO/IEC 27001
- Chapter 2 Summary
Chapter 3: Implementation Project
Available in
days
days
after you enroll
Step 1: Management Support
Available in
days
days
after you enroll
Step 2: Initiate the ISMS
Available in
days
days
after you enroll
- Step 2 Overview (4:36)
- Clause 5.3: Organizational Roles, Responsibilities and Authorities (5:37)
- Process Landscape (2:15)
- Information Security Governance Process (3:30)
- Records Control Process (2:35)
- Clause 7.1: Resources (3:31)
- Resource Management Process (2:54)
- Clause 7.4: Communication (2:40)
- Communication Process (1:59)
- ISMS Change Management Process (3:09)
- Customer Relationship Management Process (3:01)
- Step 2 Summary
Step 3: Determine Scope
Available in
days
days
after you enroll
- Step 3 Overview (3:04)
- Requirements Management Process (2:43)
- Clause 4.1: Understanding the organization and its context (5:23)
- Clause 4.2: Understanding the needs and expectations of interested parties (6:10)
- Control A.5.31: Legal, statutory, regulatory and contractual requirements (5:12)
- Clause 4.3: Determining the scope of the ISMS (6:07)
- Resource: ISMS Scope Template
- Clause 4.4: Information Security Management System (1:29)
- Review Questions: Context of the Organization
- Case Study: Determining the ISMS Scope for MCAS Engineering Group
- Step 3 Summary
Step 4: Define Information Security Policy
Available in
days
days
after you enroll
- Step 4 Overview (2:56)
- Clause 6.2: Information Security Objectives (8:44)
- Clause 5.2: Policy (6:54)
- Security Policy Management Process (3:12)
- Resource: Information Security Policy Template
- Case Study: Determine Information Security Objectives for MCAS
- Review Questions: Information Security Policy
- Step 4 Summary
Step 5: Competence Assurance
Available in
days
days
after you enroll
Step 6: Inventory of Assets
Available in
days
days
after you enroll
- Step 6 Overview (3:24)
- Control A.5.9: Inventory of information and other associated assets (8:08)
- Control A.5.12: Classification of information (4:59)
- Resource: Information Classification Policy Template
- Control A.5.13: Labelling of information (3:59)
- Review Questions: Asset Management
- Step 6 Summary
Step 7: Risk Management Methodology
Available in
days
days
after you enroll
- Step 7 Overview (3:27)
- Risk Management Fundamentals (5:22)
- Information Security Risk Management (5:08)
- Review Questions: Risk Management Fundaments
- Risk Management Process and ISO/IEC 27005 (3:57)
- Clause 6.1: Actions to address risks and opportunities (2:03)
- Clause 6.1.2: Information Security Risk Assessment (8:39)
- Risk Assessment Process (2:48)
- Clause 6.1.3: Information Security Risk Treatment (7:19)
- Risk Treatment Process (3:48)
- Resource: Risk Management Procedures
- Control Implementation Process (1:34)
- Review Questions: Risk Management Methodology
- Step 7 Summary
Step 8: Information Security Risk Assessment
Available in
days
days
after you enroll
Step 9: Information Security Risk Treatment
Available in
days
days
after you enroll
Annex A: Management of the ISMS
Available in
days
days
after you enroll
- A.5.1 Policies for information security (2:48)
- A.5.2 Information security roles and responsibilities (1:35)
- A.5.3 Segregation of duties (1:20)
- A.5.4 Management responsibilities (1:38)
- A.5.5 Contact with authorities (1:21)
- A.5.6 Contact with special interest groups (1:29)
- A.5.7 Threat intelligence (2:17)
- A.5.8 Information security in project management (2:09)
Annex A: Asset Management
Available in
days
days
after you enroll
Annex A: Access Rights Management
Available in
days
days
after you enroll
Annex A: Supplier Management
Available in
days
days
after you enroll
- Supplier Management Process (2:40)
- A.5.19 Information security in supplier relationships (2:10)
- A.5.20 Addressing information security within supplier agreements (1:51)
- A.5.21 Managing information security in the information and communication technology (ICT) supply chain (1:05)
- A.5.22 Monitoring, review and change management of supplier services (1:23)
- A.5.23 Information security for use of cloud services (1:50)
Annex A: Information Security Incident Management
Available in
days
days
after you enroll
- Information Security Incident Management Process (3:02)
- A.5.24 Information security incident management planning and preparation (1:34)
- A.5.25 Assessment and decision on information security events (0:51)
- A.5.26 Response to information security incidents (1:21)
- A.5.27 Learning from information security incidents (1:08)
- A.5.28 Collection of evidence (1:09)
- A.5.29 Information security during disruption (0:49)
- A.5.30 ICT readiness for business continuity (1:53)
Annex A: Compliance
Available in
days
days
after you enroll
- A.5.31 Legal, statutory, regulatory and contractual requirements (1:27)
- A.5.32 Intellectual property rights (1:25)
- A.5.33 Protection of records (1:55)
- A.5.34 Privacy and protection of personal identifiable information (PII) (1:00)
- A.5.35 Independent review of information security (1:09)
- A.5.36 Compliance with policies, rules and standards for information security (1:06)
- A.5.37 Documented operating procedures (0:52)
Annex A: 6. People Controls
Available in
days
days
after you enroll
- A.6.1 Screening (3:45)
- A.6.2 Terms and conditions of employment (3:48)
- A.6.3 Information security awareness, education and training (3:06)
- A.6.4 Disciplinary process (3:18)
- A.6.5 Responsibilities after termination or change of employment (3:27)
- A.6.6 Confidentiality or non-disclosure agreements (3:18)
- A.6.7 Remote working (2:46)
- A.6.8 Information security event reporting (2:34)
Annex A: 7. Physical Controls
Available in
days
days
after you enroll
- A.7.1 Physical security perimeters (3:41)
- A.7.2 Physical entry (3:50)
- A.7.3 Securing offices, rooms and facilities (3:06)
- A.7.4 Physical security monitoring (3:31)
- A.7.5 Protecting against physical and environmental threats (2:57)
- A.7.6 Working in secure areas (2:56)
- A.7.7 Clear desk and clear screen (3:26)
- A.7.8 Equipment siting and protection (2:43)
- A.7.9 Security of assets off-premises (4:20)
- A.7.10 Storage media (4:32)
- A.7.11 Supporting utilities (3:23)
- A.7.12 Cabling security (3:08)
- A.7.13 Equipment maintenance (3:16)
- A.7.14 Secure disposal or re-use of equipment (2:31)
Annex A: Access Security
Available in
days
days
after you enroll
Annex A: Operational Security
Available in
days
days
after you enroll
Annex A: Data Security
Available in
days
days
after you enroll
Annex A: System Security
Available in
days
days
after you enroll
Annex A: Network Security
Available in
days
days
after you enroll
Annex A: Development Security
Available in
days
days
after you enroll
- A.8.25 Secure development life cycle (1:38)
- A.8.26 Application security requirements (1:59)
- A.8.27 Secure system architecture and engineering principles (3:07)
- A.8.28 Secure coding (2:59)
- A.8.29 Security testing in development and acceptance (1:47)
- A.8.30 Outsourced development (1:53)
- A.8.31 Separation of development, test and production environments (2:06)
- A.8.32 Change management (1:42)
- A.8.33 Test information (1:19)
- A.8.34 Protection of information systems during audit testing (1:24)
Step 10: Performance Evaluation
Available in
days
days
after you enroll
- Step 10 Overview (3:28)
- What is Compliance? (1:30)
- Clause 9.1: Monitoring, Measurement, Analysis and Evaluation (4:09)
- Performance Evaluation Process (2:12)
- Clause 9.2: Internal Audit (5:24)
- Internal Audit Process (3:43)
- Clause 9.3: Management Review (3:19)
- Management Review Process
- Review Questions: Performance Evaluation
Step 11: Improvement
Available in
days
days
after you enroll
Step 12: Certification Audit
Available in
days
days
after you enroll