ISO/IEC 27001. Information Security Management System.

4.3
3 668 комментариев
Payment
Обучение платное
Certificate
Сертификация бесплатная
Duration
5 часов курса
О курсе

ISO/IEC 27001 is one of the world's most popular standards and this ISO certification is very sought after, as it demonstrates a company can be trusted with information because it has sufficient controls in place to protect it.

Google, Apple, Adobe, Oracle and many other tech giants, financial institutions, health services providers, insurance companies, education institutions, manufacturing and service companies, large and small business around the world have decided to implement this standard and to get this certification as a proof of their capability to protect the confidentiality, integrity and availability of the information they process.

My course explains the requirements of ISO/IEC 27001 along with the controls in Annex A of this standard to help you understand how an information security management system can be implemented, what are the requirements of this standard and what are the solutions to ensure conformity.

My course is structured into 2 parts:

- the first one is about the management system requirements of ISO/IEC 27001. Context of the organization, leadership, information security policy and objectives, information security risk assessment and treatment, competence and awareness, documented information, operational planning and control, internal audit, management review, nonconformity and corrective action along with all the other requirements of the standard are discussed.

- the second part of the course is all about the controls from Annex A of ISO/IEC 27001 - there are 114 information security controls and all are addressed in the lessons. The topics cover aspects like: Information security policies, organization of information security, mobile devices and teleworking, security of human resources, asset management, classification of information, media handling, access control, user responsibilities, system and application access control, cryptography, physical and environmental security, equipment security, operations security, protection from malware, backup, logging and monitoring, control of operational software, technical vulnerability management, communications security, network security management, information transfer, system acquisition, development and maintenance, security in development and support, supplier relationships, incident management, information security as part of business continuity management, redundancies and compliance.

After going through all the lessons of this course you will have a solid knowledge of what is required for an information security management system, how can an organization implement such a system and get certified to ISO/IEC 27001.

With the information here you can:

- work as a consultant for the implementation of this system in different companies;

- participate in audits (internal or external) on ISO/IEC 27001;

- work in a company that implemented an information security management system or

- if you are manager or owner of a business you will know what is the international standard for information security and start implementing it in your company.

If none of the options above suits your profile you can use the information in my course for awareness on information security and get to know what are the security requirements that so many organizations around the world have decided to adopt.

From my course you will get condensed information that you can re-visit anytime you need and after going through this course Udemy offers the possibility to download a certificate for successful completion so you can demonstrate your competence in the information security field.

Программа
Introduction to information security and ISO/IEC 27001
Learn general aspects about information security concept and the standards related to ISO/IEC 27001
Introduction
Why the need for information security? The standards ISO/IEC 27001 and ISO/IEC 27001 and structure of the course.
Information security concept
Learn about the CIA tirad (Confidentiality - Integrity - Availability) and and what are: riks management, vulnerability and threats.
ISO 27k family
About the other standards that are part of the ISO/IEC 27000 family and address specific aspects of information security.
Context of the organization
Learn about the external and internal issues part of the context, the needs and expectations of interested parties and the scope of the information security management system
Context of the organization
Internal and external issues that affect the information security management system, the needs and expectations of interested parties.
Scope of the ISMS
How to define the scope (activities and locations) where the ISMS is implemented.
Leadership
Learn about the involvement and commitment of top management for the information security management system. Information security policy, defining roles and responsibilities.
Leadership and commitment
Learn about the requirements for active involvement of the top management for the information security management system.
Information security policy
The information security policy sets the general direction of the company with regards to information security. But there are a few requirements about this policy.
Organizational roles, responsibilities and authorities
Top management defines roles, responsibilties and authorities to staff as part as its commitment for information security.
Planning
Learn about the information security risk assessment, risk treatment plan and information security objectives
Требования
  • No specific prior knowledge required.
  • Familiarity with management systems is helpful.
  • Knowledge about information security principles and concepts is useful.
Что Вы изучите?
  • Understand the requirements of ISO/IEC 27001 and the information security controls
  • Participate in information security audits
  • Understand information security principles and concepts
  • Have a solid knowledge of the requirements for information security controls required by ISO/IEC 27001
  • Understand what is required for an organization to obtain ISO/IEC 27001 certification
  • Participate in the implementation of an Information Security Management Systems
  • Understand information security controls and guidelines for their implementation according to ISO/IEC 27002
Лекторы
Cristian Vlad Lupa
Cristian Vlad Lupa
Auditor, Consultant & Trainer

Cristian is an experienced auditor, consultant and trainer who has been working in conformity evaluation for more than 15 years,

Passionate about standards and how their use can help organizations improve, Cristian has been involved in more than 500 audits in different European countries as well as numerous consulting projects on different standards.

A certified auditor and risk assessor, Cristian is today the managing director of RIGCERT - accredited certification body operating in Europe.

Платформа
Udemy
Курсы Udemy подойдут для профессионального развития. Платформа устроена таким образом, что эксперты сами запускают курсы. Все материалы передаются в пожизненный доступ. На этой платформе можно найти курс, без преувеличений, на любую тему – начиная от тьюториала по какой-то камере и заканчивая теоретическим курсом по управлению финансовыми рисками. Язык и формат обучения устанавливается преподавателем, поэтому стоит внимательно изучить информацию о курсе перед покупкой.
Рейтинг
4.3
1 496
1 652
543
69
28