ISO 27001 Cybersecurity manager. Guidelines.
- 4 hours on-demand video
- 49 downloadable resources
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.Try Udemy for Business
- Principles and concepts in cybersecurity
- Threats and vulnerabilities
- Risks and controls
- Best practices for a succesful cybersecurity program
- How ISO/IEC 27001 requirements apply to cybersecurity
- Common attacks, how they work and how they can be prevented
- Familiarity with information security concepts
- A general understanding of IT
The purpose of this course is to provide cybersecurity guidelines for the application of ISO 27001 (the popular standard for information security management systems).
After going through the lessons you will have a good understanding of the concepts, principles and requirements for an organization to design a cybersecurity system.
You will understand what are the typical security threats for different activities and processes and the recommended controls that an organization can implement in order to respond and protect itself.
The structure of the course includes:
- introductory aspects including definitions for the Cyberspace and Cybersecurity.
- the concepts of Confidentiality, Integrity, Authentication and Non-Repudiation as critical elements for any security system;
- information classification - schemes, levels and labeling aspects
- Threats, vulnerability, risk assessment (quantiative and qualitative methods) and the options for an organization to treat security risks.
- Internal organization requirements including support from top management and segregation of duties;
- aspect on mobile devices - like BYOD (Bring Your Own Device) and COPE (Company Owned Personally Enabled)
- human resources security - from screening to employment, the contractual requirements and disciplinary process plus the termination and change of employment
- requirements for the use of removable media
- access controls and authentication aspects plus how to manage privileges so they won't generate security breaches
- cryptography - including basic elements and definitions, digital signature and the public key infrastructure
- a short description of most popular cryptograhpic attacks (brute force, rainbow tables or birthday attacks) and recommended controls
- controls that refer to physical security and equipment
- malware aspects (viruses, logic bombs, worms, trojans, spyware, adware and a detailed presentation of ransomware)
- denial of service attacks
- social engineering and phishing
- password management aspects including common password attacks and controls
- backup aspects
- requirements for the change management process in an organization so that security is not affected
- network security aspects - principles and controls + wireless attacks and how to prevent them
- requirements for email security
- security in development processes
- supplier relationships and risks associated to suppliers' access to information assets of the organization
- capacity management
- managing cybersecurity incidents - from detection to closure and root cause analysis
- business continuity aspects and how an organization should prepare for and respond to crisis situations
- compliance requirements that any organization must repsect.
The course uses easy to follow explanations and examples with a few case studies along the way (about the Barings bank collapse, the Target security breach or Edward Snowden) to illustrate the concepts described.
At the end of the course there is a quiz - with questions from the subject matter.
Get the information you need to design, coordinate and improve a cybersecurity system or audit organizations as per ISO 27001.
- Cybersecurity managers
- Information security officers
- ISO/IEC 27001 auditors and consultants
- Security professionals
- Professionals tasked with implementing or administrating a management system as per ISO 27001
- Security practitioners interested in the ISO 27001 framework
- People looking for a career in cyber security
- IT professionals looking to enhance their knowledge
What is cybercrime and what are the costs of cybercrime to the global economy. What is the purpose of cybersecurity - protecting the confidentiality, integrity and availability of information. The three directions of cybersecurity: prevention, detection and response. Return of investment for cybersecurity. About Software as a Service, Platform as a Service and Infrastructure as a Service. About ISO 27001 and ISO 27017. Is there a difference between information security and cybersecurity?
The three elements of the C-I-A triad - Confidentiality, Integrity, Availability and their definitions. Plus another important concept - Non-repudiation.
Ingredients of risk - probability and impact. Quantitative and qualitative methods for risk assessment - details, examples and advantages for each category.
Brief history of cryptography. Concepts like the cipher and the algorithm. The Kerckhoffs principle. General aspects about symmetric and asymmetric cryptography.
Security legal compliance. Privacy and the GDPR most relevant requirements. Compliance with other requirements.