ISO/IEC 27002 Foundation & Implementation ISO 27001

Foundation training course provides information on the fundamental concepts of information security, cybersecurity and privacy based on ISO/IEC 27002.

• Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
• Discuss the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks.
• Interpret the ISO/IEC 27002 organizational, people, physical, and technological controls in the specific context of an organisation.

Day 1 : Information Security Management System – ISO 27001/2023 versus ISO 27002/2022 (Information technology — Security techniques — Code of practice for information security controls)

• Terminology: Management System, Process, Continuous Improvement, Incident etc.
• Presentation of ISO 27001 (Information Security Management System) and ISO 2700
• Context of organisation
  • Tools for the context analysis
  • Internal and external issue
• Leadership
  • Policy
  • Rules and responsibilities
  • Values
• Plan
  • Risk Assessment
  • Objectives and Action Plan
• Support
  • Infrastructure
  • Traning and Skills
  • Communication
  • Documented Information
• Operations
  • Operational Control
  • Interested parties (subcontractors and external parties)
  • Risk treatment
• Performance
  • Monitoring KPI’s
  • Regulatory conformity (GDPR and others)
  • Internal Audit
  • Management Review
• Continuous Improvement
  • Incidents, nonconformities and corrective actions

Day 2 : People, physical, and technological controls based on ISO 27002: 2022

•   Clause 5 Organizational (37 controls)
•   Clause 6 People (8 controls)
•   Clause 7 Physical (14 controls)
•   Clause 8 Technological (34 controls)
•   Appendix A – Using attributes

Atelier : Case Study Exercise

• Presentation by different groups