Course Overview

The ISO27001 is the most acknowledged and globally recognized standard for implementing an Information Security Management System (ISMS) within any organization. The value of information assets and the importance of thoroughly securing them against today’s ever increasing threats, highlight the significance of developing and implementing effective and holistic security management systems. The course highlights the importance of information security and provides the necessary tools and methodologies for students to master the concepts of ISMS implementation, in line with ISO27001.

  • 100% online course - Study anywhere, anytime – all you need is a reliable internet connection

  • NCSC Certified Training, University of Central Lancashire Accredited Training Courses

  • 1-2 months to complete

  • 20 Credits MSc Cybersecurity

  • Level: Intermediate

  • Trainer Online Support

  • Exam Code: CIL, Hours 3.0 - Type: Case Studies

    (Exam vouchers available only upon full payment)

ICSI|CIL Certified ISO 27001 Lead Implementer


Course curriculum

  • 1

    Course: ISO 27001 Implementation

    • 0.1 Course Aim

  • 2

    Exam Information

    • Exam Information

  • 3

    Module 1: Introduction to Cybersecurity and ISO 27001:2013

    • Introduction

    • 1.2 Information Security Realities

    • 1.3 Information Security Realities

    • 1.4 Information is The Most Important Asset

    • 1.5 The Cost of Cybercrime

    • 1.6 Demand for Cybersecurity Skills

    • 1.7 Introduction - Cyber Terms

    • 1.8 What is Cyber Security?

    • 1.9 Information and Information Security

    • 1.10 Overlapping Between Various Security Domains

    • 1.11 Cybercrime - What we usually expect

    • 1.12 The Changing Threat

    • 1.13 Threat Evolution

    • 1.14 CaaS - Cybercrime-as-a-Service

    • 1.15 Zero Day Prices

    • 1.16 Information Security - NOT just an IT problem

    • 1.17 We are the weakest link

      FREE PREVIEW
    • 1.18 Insiders and third parties..

    • 1.19 Sources of Incidents

    • 1. 20 Fact

    • 1.21 Security Governance

    • 1.22 Need for Cyber Security

      FREE PREVIEW
    • 1.23 Need for a Framework

    • 1.24 Information Security Frameworks

    • 1.25 Frameworks

    • 1.26 Benefits of Best Practices

    • 1.27 NIST Cybersecurity Framework Areas

    • 1.28 NIST Domains

    • 1.29 ISO/IEC 27001/2/XXXX

    • 1.30 History of ISO27K

    • 1.31 The ISO27K family

    • 1.32 ISO27001:2013

    • 1.33 Requirements of ISO 27001:2013

    • 1.34 ISO27002:2013

    • 1.35 Information Security Process Approach

    • 1.36 The PDCA Cycle / Deming Wheel

    • 1.37 Elements of an ISMS Program - Critical areas (ISO27001)

    • 1.38 ISO 27001:2013, Annex-A Domains

    • 1.39 Sample Controls

    • 1.40 Security Controls and Safeguards

    • 1.41 Control Types

    • 1.42 ISMS Program issues

    • 1.43 Implementing a Holistic Security Program

    • 1.44 Integration between ISO9001 and ISO27001

    • 1.45 Exercise 1

      FREE PREVIEW
    • 1.46 Exercise 1 - Answer

    • 1.47 Exercise 2

    • 1.48 Exercise 2 - Answer

  • 4

    Module 2: The ISO27K Family Definitions and Security Concepts

    • Introduction

    • The 27k family of standards - Where to Start

    • Security Concepts - C.I.A.

    • Security Concepts – C.I.A. Control Examples

    • Definitions - Security

    • Definitions - Incident Management

    • Definitions - General

    • Definitions - Risk Management

    • The Information Asset

    • Information Security

    • What is an ISMS?

    • ISMS Fundamental Principles

    • The Management Aspect of an ISMS

    • ISMS Adoption

    • Importance of ISMS

    • Advantages of Information Security

    • Governance and Policies

    • Security Governance

    • Security Governance Prerequisites

    • Policy

    • ISMS Policies

    • ISMS Document Pyramid

    • Example Email Policy

    • Cybersecurity context

    • Incident Management

    • SOC, SOT and CSIRT

    • Incident Management Policy and Procedures

    • Incident Response

    • Exercise 3

    • Exercise 3 - Answer

  • 5

    Module 3: ISO27001 Mandatory Requirements – Context, Scope and Leadership

    • Introduction

    • Elements of an ISMS Program - Critical Areas (ISO 27001)

    • ISMS Management/Mandatory Requirements

    • ISMS Management/Mandatory Requirements (cntd)

    • PDCA as applied by ISO27001:2013

    • Clause 4. Context of the organization (ISO27001)

    • Starting the ISMS Project

    • Organization External & Internal issues

    • Interested Party Requirements

    • Identification of Information Assets

    • Preliminary Scope Definition

    • Boundaries and Applicability of the ISMS

    • ISMS Scope

    • ISMS Effort vs Value

    • ISMS Scope Examples

    • ISMS Scope Examples (cntd)

    • ISO27001:2013 - Cause 5, Leadership

    • ISMS Objectives

    • Policy

    • Organizational roles, responsibilities and authorities

    • Security Governance Aspects

    • Roles and Responsibilities - Example

    • Steering Committee

    • Information Security Officer

    • Organizational Structure Models

    • Exercise 4

    • Exercise 4 - Answers

  • 6

    Module 4: Security Planning and Risk Management

    • Introduction

    • Risk Management

    • Why Risk Management - What is the Risk;

    • Security Threats & Challenges

    • Risk definitions!

    • Risk Management Elements

    • Risk Management Definitions

    • ISO27001–Risk Management in ISO27001 Planning Requirements

    • ISO27001 - 6.1 Actions to Address Risks and Opportunities

    • ISO27001 - 6.1.2 Information Security Risk Assessment

    • ISO27001 - 6.1.2 Information Security Risk Assessment (cntd)

    • Risk Management Process according to ISO 31000 and ISO27005

    • Risk Management Frameworks

    • Quantitative Risk Assessment

    • Risk Management-Assets

    • Asset Categories

    • Threat Agents

    • ISO27005 - Threats

    • ISO27005 - Threats (cntd)

    • Cybersecurity Threats

    • Vulnerabilities

    • ISO27005 - Threats vs Vulnerabilities

    • Business Impact Analysis

    • ISO27005 - Impact / Consequence

    • Business Impact Analysis – C.I.A.

    • Risk Matrix Example

    • Impact - What do the numbers mean?

    • Sample Risk Assessment

    • Case Study

    • Risk Analysis

    • Risk Evaluation

    • Risk Treatment - Customer Data Disclosure

    • Risk Treatment - Billing System Errors

    • Risk Treatment - Web Site Unavailability

    • Risk Analysis - Treatment

    • Risk Treatment Options

    • Review Exercise

    • The PDCA Approach in Risk Management

    • ISO27001 – S.O.A and Risk Treatment Plan

    • Statement of Applicability (S.O.A)

    • Statement of Applicability (S.O.A)

    • Risk Treatment Plan

    • Risk Treatment Plan (cntd)

    • Risk Treatment Plan - example

    • Information security objectives and planning to achieve them

    • Exercise 5

    • Exercise 5 - Answer

    • Exercise 6

    • Exercise 6 - Answer

  • 7

    Module 5: ISO27001 Mandatory Requirements Support, Operation, Monitoring and Improvement

    • Introduction

    • Clause 7 Support

    • Competence

    • Awareness

    • Communication

    • Documented Information

    • Documented Information (cntd)

    • ISMS Documents

    • ISMS Mandatory Documents include:

    • Clause 8 Operation

    • Operational Planning and Control

    • Operation risk Assessment and Treatment

    • Clause 9 Performance Evaluation

    • Monitoring, Measurement, Analysis and Evaluation

    • Internal Audit

    • Internal Audit Prerequisites / Assumptions

    • Internal Audit Program

    • Internal Audit Steps

    • Roles and Responsibilities

    • Audit Main Considerations

    • Audit Meetings

    • ISO27001 Internal Audit Plan

    • ISO27001 Auditors Plan / Checklist

    • Audit Findings and Evidence

    • Non-conformities and Observations

    • Internal vs External Audit

    • Audit Risk

    • Management Review

    • Management Review Input

    • Clause 10 Improvement

    • Nonconformity and corrective action

    • Non Conformity Report / Action Plan

    • Continual Improvement

    • Continuous Monitoring and Technical Security Audits

    • Types of Security Audits

    • Threat Intelligence

    • Exercise 7

    • Exercise 7 - Answer

    • Exercise 8

    • Exercise 8 - Answer

  • 8

    Module 6: ISO27001 Annex-A Controls

    • Introduction

    • Annex A

    • Critical Areas (ISO27001)

    • Security Control Classification - revisited

    • Template

    • A.5 Information Security Policies

    • A.6 Organization of Information Security

    • A.6 Organization of Information Security (cntd)

    • A.7 Human Resource Security

    • A.7 Human Resource Security (cntd)

    • A.7 Human Resource Security (cntd)

    • A.8 Asset Management

    • A.8 Asset Management (cntd)

    • A.8 Asset Management (cntd)

    • A.9 Access Control

    • A.9 Access Control (cntd)

    • A.9 Access Control (cntd)

    • A.9 Access Control (cntd)

    • A.10 Cryptography

    • A.11 Physical and Environmental Security

    • A.11 Physical and Environmental Security (cntd)

    • A.11 Physical and Environmental Security (cntd)

    • A.11 Physical and Environmental Security (cntd)

    • A.12 Operations Security

    • A.12 Operations Security (cntd)

    • A.12 Operations Security (cntd)

    • A.12 Operations Security (cntd)

    • A.12 Operations Security (cntd)

    • A.12 Operations Security (cntd)

    • A.12 Operations Security (cntd)

    • A.13 Communications Security

    • A.13 Communications Security (cntd)

    • A.14 System Acquisition, Development and Maintenance

    • A.14 System Acquisition, Development and Maintenance (cntd)

    • A.14 System Acquisition, Development and Maintenance (cntd)

    • A.14 System Acquisition, Development and Maintenance (cntd)

    • A.15 Supplier Relationships

    • A.15 Supplier Relationships (cntd)

    • A.16 Information Security Incident Management

    • A.16 Information Security Incident Management (cntd)

    • A.17 Information Security Aspects of Business Continuity Management

    • A.17 Information Security Aspects of Business Continuity Management (cntd)

    • A.18 Compliance

    • A.18 Compliance (cntd)

    • A.18 Compliance (cntd)

    • Exercise 9

    • Exercise 9 - Answer

  • 9

    Module 7: ISO 27001 Certification and Beyond

    • Introduction

    • Security Standards

    • The ISO Organization

    • ISO Standards

    • ISO 27001 Certification

    • ISO 27001 Certified Organizations

    • Overall Project Management and Certifications

    • ISMS Implementation Process

    • Before Certification – Review Steps

    • Certification Process

    • Best Practices are not a Panacea

    • But ..Don’t get Crazy

    • Data Protection, Privacy and Related Legal Terms

    • Difference Between Data Owner/Controller and Data Custodian/Processor

    • Data Privacy - OECD

    • UK Data Protection

    • Protection of Personal Data in Europe

    • The General Data Protection Regulation

    • The General Data Protection Regulation (cntd)

    • The General Data Protection Regulation (cntd)

    • The General Data Protection Regulation (cntd)

    • EU-US Privacy Shield

    • Cloud Security Responsibilities

    • Exercise 10

    • Exercise 10 - Answer

  • 10

    Module 8: ISMS Training and Awareness

    • Introduction

    • Social Engineering

    • Social Engineering (cntd)

    • Phishing, Spoofing, Pharming

    • Email Phishing

    • Social Engineering in Social Media

    • Social Engineering in Social Media (cntd)

    • The Facts!

    • Internet Access Policy / Social Media

    • Social Media Malware

    • CESG Password Guidance

    • Cybersecurity Realities

    • twacked

    • Social Engineering Assessments

    • Just 5 Basic Principles

    • Exercise 11

    • Exercise 11 - Answer

  • 11

    Module 9: Cybersecurity

    • Introduction

    • Cyber Terms - Revisited

    • What is a Cyber Attack?

    • ISO 27032 – Cyber Security

    • Cybersecurity Program Basic Building Blocks

    • Basic Building Blocks

    • ISO 27032 – Incident Management Detect, Investigate, Respond

    • Manage the Insider Threat

    • More on IT and Network Security

    • Common Cybersecurity Vulnerabilities - OWASP

    • SAMPLE Denial-of-Service (DoS) ATTACKS

    • Definitions

    • DoS - Basic Amplification, "Smurf“ Attacks

    • Basic DDoS Attacks

    • Defence in depth – Onion Security

    • Lines of Defence

    • Security Systems and Devices

    • Identity Management

    • Access Management

    • Firewalls

    • Patching

    • Security Restrictions

    • Wireless Networks

    • SOFTWARE DEVELOPMENT

    • Secure Software Development Lifecycle

    • Design Flaws

    • MALWARE

    • Ransomware

    • Cybercrime Techniques

    • Evasive Attack Logic

    • Black Hole / Cyber Threat Monitoring

    • Mobile Security

    • Passive Intercept GSM A5/1

    • GSM Active Attacks, MiTM a.k.a. “IMSI catcher” aka Stingray

    • Lets not forget about mobile handsets

    • Safety Tips

    • Conclusions and Critical Success Factors

    • Where the Money is – To Prevent and Protect

    • To Detect and Respond

    • Personal Hygiene

    • Where are you today?

    • Critical Success Factors

    • Conclusions

    • You can get a lot of help online

    • Exercise 12

    • Exercise 12 - Answer

    • Exercise 13

    • Exercise 13 - Answer

  • 12

    Module 9: Case Study

    • 9.1 Case Study – CyberTrek Services

    • 9.2 Case Study - Questions

    • Case Study - Answers

  • 13

    Exam Registration

    • How to register for the exam

Pricing options

What is included in this course

  • High-quality videos with in-depth content

  • Modular structure – student-directed path

  • Knowledge Checks at end of each module and the course

  • Case Studies with answer files

  • Instructor email support

  • 1 exam voucher - Online Exam Proctoring

  • Digital Certificate of Completion

  • Pass your Exam and share your Accredible Badge on LinkedIn