ISO 27001 – 2013 Information Security Management System – ISMS

In this course, we look at the ISO 27001:2013 standard, regarding Information Security Management System. It is a beginner course, which provides an introduction to the standard, with explanations of all the various clauses and appropriate control measures to stay compliant, together with examples on how the standard may apply to a business. It is a good basic course to start with and build your understanding of the ISO 27001:2013 standard!

This standard is a guideline for quality business practices, part of an organisation’s Quality Management System (QMS). Specifically, it focuses on information security – be it in the form of physical, or virtual information assets. As such, it is applicable to all businesses in this day and age, where activities are increasingly digitalised.

With a proper system in place, companies are able to embrace digital transformation confidently, thereby staying current and competitive internationally.

Still, to know how to properly set up and keep this system in place, one needs to have a proper understanding of the standard, with its clauses. If you are looking to achieve this, here is a course that can help you.

—

Course Outline:

Section 1 > Introduction, history and general concepts of ISO 27001:2013

Section 2 > Clause-by-clause guidance for ISO 27001:2013

• Section 2-1 > Clause 1 to 3 + Clause 4: Context of the organisation
• Section 2-2 > Clause 5: Leadership
• Section 2-3 > Clause 6: Planning for the Food Safety Management System
• Section 2-4 > Clause 7: Support
• Section 2-5 > Clause 8: Operations
• Section 2-6 > Clause 9: Performance Evaluation
• Section 2-7 > Clause 10: Improvement

Section 2a > Clause-by-clause guidance for ISO 27001:2013 Annex A

• Section 2-8 > Annex A.5 Information security policies
• Section 2-9 > Annex A.6 Organisation of information security
• Section 2-10 > Annex A.7 Human resource security
• Section 2-11 > Annex A.8 Asset management
• Section 2-12 > Annex A.9 Access control
• Section 2-13 > Annex A.10 Cryptography
• Section 2-14 > Annex A.11 Physical and environmental security
• Section 2-15 > Annex A.12 Operations security
• Section 2-16 > Annex A.13 Communications security
• Section 2-17 > Annex A.14 System acquisition, development and maintenance
• Section 2-18 > Annex A.15 Supplier relationships
• Section 2-19 > Annex A.16 Information security incident management
• Section 2-20 > Annex A.17 Information security aspects of business continuity management
• Section 2-21 > Annex A.18 Compliance

Sections 3 > Preparation of Documentation

Section 4 > Implementation

Section 5 > Verification of your implementation