ISO/IEC 27001:2022. Information Security Management Systems

Name: ISO/IEC 27001:2022. Information Security Management Systems
Rating: 4.3 (14 reviews)

Master the principles, structure, and real-world application of ISO 27001:2022 for risk, audit, compliance, and more

Created byMayfair Real Estate Institute

Last updated 5/2025

English

What you'll learn

Understand the core structure and purpose of ISO/IEC 27001:2022.
Identify the key components of an Information Security Management System (ISMS).
Interpret the ISO 27001:2022 clauses and Annex A controls in practical terms.
Learn how to assess and mitigate information security risks effectively.
Understand the certification process and how to prepare for an audit.
Apply ISO 27001 principles to real-world business and IT environments.

Course content

11 sections • 33 lectures • 2h 36m total length

What is ISO/IEC 27001?2:49
Purpose of the Standard and Global Relevance4:13
Protect information with ISO/IEC 27001 by embedding security into processes, people, and policies. Align security with business objectives and risk tolerance across industries worldwide.
Differences between ISO 27001:2013 and ISO 27001:20226:14
Who needs this certification?4:06
Compliance Management Basics

What Is the High-Level Structure (HLS)5:23
ISO/IEC 27001 Clauses 4 to 109:43
Define your organization's context, stakeholders, and risks; implement and monitor the information security management system. Drive continual improvement through leadership, performance evaluation, and corrective actions.
Annex A Updated Control Sets & Themes4:48
Explore the 2022 iso/iec 27001 annex a updates, including a four-theme structure, 93 controls, new cloud and threat intelligence emphasis, and guidance on risk treatment alignment in isms.
Understanding ISO/IEC 27001:2022 Structure

What Are Internal and External Issues6:51
Explore internal and external issues shaping ISO/IEC 27001:2022 information security management systems under clause 4.1. Identify how regulatory trends, geopolitics, market dynamics, and third-party risks influence controls, policies, and resources.
Understanding Needs and Expectations of Stakeholders (Clause 4.2)6:19
Defining the Scope of the ISMS (Clause 4.3)5:29

Resource Requirements & Awareness (Clauses 7.1 & 7.3)4:14
Communication and Documentation (Clauses 7.4 & 7.5)6:00
Communicate clear, timely information—information security policy, incident response, legal updates, and breach notifications—to inform and align staff and leadership; document and control policies, procedures, and records for accountability.
Operational Planning & Control of Processes (Clause 8.1)3:37

Requirements

No prior experience with ISO standards is required. This course is designed for beginners and professionals looking to build foundational knowledge in information security management.

Description

In today’s digital-first world, safeguarding information is not optional it’s essential. ISO/IEC 27001:2022 is the leading global standard for establishing, implementing, and continually improving an Information Security Management System (ISMS). This course offers a clear, accessible guide to understanding the new ISO 27001:2022 framework—without overwhelming technical jargon.

You’ll explore how the standard works, why it matters, and how it can be applied across industries to manage risk, strengthen compliance, and build resilience in the face of cyber threats.

This course breaks down each clause, walks you through the Annex A controls, and gives you practical insights into risk assessment, control selection, and audit preparation. Whether you're pursuing ISO 27001 certification, preparing for an audit, or building an internal ISMS for your organization, this course will help you feel confident and capable.

What’s included:

Complete breakdown of ISO/IEC 27001:2022 structure and updates
Real-world examples and scenarios
Risk and control mapping explained clearly
Downloadable templates and checklists
Guidance for audit readiness and implementation
Bonus: Quick-reference resources for each phase of the ISMS lifecycle
Additional insights on aligning ISO 27001 with other frameworks (e.g., NIST, SOC 2)

No prior ISO or cybersecurity experience is required just your curiosity and willingness to learn. This is your step-by-step foundation for mastering ISO 27001:2022.

Who this course is for:

This course is ideal for IT professionals, compliance officers, cybersecurity specialists, auditors, business owners, and anyone interested in understanding how to implement, manage, or audit an Information Security Management System based on ISO/IEC 27001:2022. It's also highly valuable for those preparing for ISO certification or seeking to align their organization with global security standards.

ISO/IEC 27001:2022. Information Security Management Systems

What you'll learn

Explore related topics

Course content

Introduction to ISO/IEC 270014 lectures • 17min

Understanding Information Security & Risk3 lectures • 20min

The ISO/IEC 27001:2022 Structure3 lectures • 20min

Context of the Organization (Clause 4)3 lectures • 19min

Leadership & Strategic Direction (Clause 5)3 lectures • 13min

Planning the ISMS (Clause 6)3 lectures • 13min

Support & Operational Readiness (Clause 7 & 8)3 lectures • 14min

Performance Evaluation (Clause 9)3 lectures • 12min

Improvement (Clause 10)2 lectures • 7min

Annex A Controls Deep Dive2 lectures • 7min

Requirements

Description

Who this course is for: