ISO/IEC 27002 -Information Security SECURITY CONTROLS Course
About the course
ISO/IEC 27002 is an international standard that provides guidelines for selecting and implementing information security controls and for implementing information security standards and practices. It is applicable to organizations of all industries or sizes. ISO/IEC 27002 can be used to develop information security management guidelines tailored to the specific context of an organization.
Originally published in 2005 and then updated in 2013, ISO/IEC 27002 was again revised and published in 2022. This new version provides a list of information security controls generally practiced in the information security industry, along with guidelines for their implementation. ISO/IEC 27002 provides four categories of information security controls: organizational (clause 5), people (clause 6), physical (clause 7), and technological (clause 8).
The course is divided into three (3) certification levels.
ISO 27002 Foundation
ISO 27002 Manager
ISO 27002 Lead Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002
ISO/IEC 27002 - Foundation
Learning Objectives
Learning Objectives
Learning Objectives
- Understand the implementation of Information Security Controls in accordance with ISO/IEC 27002
- Acknowledge the correlation between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks.
- Understand the approaches, methods, and techniques used for the implementation of Information Security Controls.
- Prerequisites: None
Who should attend?
Learning Objectives
Learning Objectives
- Individuals interested in Information Security Management and Information Security Controls.
- Individuals seeking to gain knowledge about the main processes of an Information Security Management System and Information Security Controls.
- Individuals interested to pursue a career in Information Security Management.
Course Agenda
Learning Objectives
Course Agenda
- Day 1: Introduction to ISO/IEC 27002 and Information Security Management System.
- Day 2: ISO/IEC 27002 Controls and Certificate Exam.
- CPD Certification (Credits)=14
- Exam Duration: 1 Hour
- Retake Exam: Yes
Exam
Learning Objectives
Course Agenda
- Domain 1: Fundamental principles and concepts of Information Security Management
- Domain 2: Information Security Controls based on ISO/IEC 27002
ISO/IEC - 27002- Manager
Learning Objectives
Learning Objectives
Learning Objectives
- Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002
- Discuss the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks
- Support an organization in effectively determining, implementing, and managing information security controls based on ISO/IEC 27002
Who should attend?
Learning Objectives
Learning Objectives
- Managers involved in the implementation of an information security management system (ISMS) based on ISO/IEC 27001.
- IT professionals and consultants seeking to enhance their knowledge in information security.
- Members of an ISMS implementation or information security team
- Individuals responsible for information security in an organization.
Course Agenda
Learning Objectives
Course Agenda
- Day 1: Introduction to ISO/IEC 27002.
Day 2: Information assets, people controls, physical controls, and operational security controls.
Day 3: Information security incident management and monitoring of information security controls and certification exam. - Training Days= 3
- CPD Certification (Credits)=21
- Exam Duration= 2 Hours
- Retake Exam: Yes
Exam
Learning Objectives
Course Agenda
- Domain 1: Fundamental principles and concepts of information security, cybersecurity, and privacy
- Domain 2: Information security controls based on ISO/IEC 27002
ISO/IEC 27002 - Lead Manager
Learning Objectives
Learning Objectives
Learning Objectives
- Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002.
- Acknowledge the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks.
- Interpret the ISO/IEC 27002 information security controls in the specific context of an organization
- Support an organiz
- Explain the fundamental concepts of information security, cybersecurity, and privacy based on ISO/IEC 27002.
- Acknowledge the relationship between ISO/IEC 27001, ISO/IEC 27002, and other standards and regulatory frameworks.
- Interpret the ISO/IEC 27002 information security controls in the specific context of an organization
- Support an organization in effectively determining, implementing, and managing information security controls based on ISO/IEC 27002.
- Explain the approaches and techniques used for the implementation and effective management of information security controls.
Who should attend?
Learning Objectives
Learning Objectives
- Managers or consultants seeking to enhance their knowledge regarding the implementation of information security controls in an ISMS based on ISO/IEC 27001.
- Individuals responsible for maintaining information security, compliance, risk, or governance in an organization.
- IT professionals or consultants seeking to enhance their knowledge in i
- Managers or consultants seeking to enhance their knowledge regarding the implementation of information security controls in an ISMS based on ISO/IEC 27001.
- Individuals responsible for maintaining information security, compliance, risk, or governance in an organization.
- IT professionals or consultants seeking to enhance their knowledge in information security.
- Members of an ISMS implementation or information security team.
Course Agenda
Learning Objectives
Course Agenda
- Day 1: Introduction to ISO/IEC 27002
Day 2: Information security roles and responsibilities, people controls, and physical controls
Day 3: Information security assets, access controls, and protection of information systems and networks
Day 4: Information security incident management and testing and monitoring of information security contr
- Day 1: Introduction to ISO/IEC 27002
Day 2: Information security roles and responsibilities, people controls, and physical controls
Day 3: Information security assets, access controls, and protection of information systems and networks
Day 4: Information security incident management and testing and monitoring of information security controls based on ISO/IEC 27002
Day 5: Certification exam - Training Days= 5
- CPD Certification (Credits)=31
- Exam Duration= 3 Hours
- Retake Exam: Yes
Exam
Learning Objectives
Course Agenda
- Domain 1: Fundamental principles and concepts of information security, cybersecurity, and privacy
- Domain 2: Information security management system (ISMS) and initiation of ISO/IEC 27002 information security controls implementation
- Domain 3: Implementation and management of organizational and people controls based on ISO/IEC 27002
- Domain 4:
- Domain 1: Fundamental principles and concepts of information security, cybersecurity, and privacy
- Domain 2: Information security management system (ISMS) and initiation of ISO/IEC 27002 information security controls implementation
- Domain 3: Implementation and management of organizational and people controls based on ISO/IEC 27002
- Domain 4: Implementation and management of physical and technological controls based on ISO/IEC 27002
- Domain 5: Performance measurement, testing, and monitoring of ISO/IEC 27002 information security controls
