ISO/IEC 27002:2022. Information security controls
What you'll learn
- Implement an effective information security programme
- Determine and apply appropriate security controls
- Achieve compliance with ISO/IEC 27001
- Understand information security best practices
- Manage information security risks
Requirements
- Familiarity with the ISO/IEC 27000 framework is useful, but not mandatory
- An understanding of information security management principles
Description
This course details the information security controls in ISO/IEC 27002:2022.
It is intended to provide an overview of the 93 controls required for an ISMS (Information Security Management System).
The structure of the course includes an introductory section with a presentation of the ISO/IEC 27000 family of international standards, the position and the purpose of ISO/IEC 27002. The introductory section provides definitions for concepts like information security, cybersecurity and privacy and explains what is an ISMS and what it should consist of.
The second section of the course details the 37 Organizational controls in ISO/IEC 27002 including: roles and responsibilities, duties segregation, threat intelligence, information security in project management, information classification and labelling, access control, information transfer, supplier relationships from an information security perspective, ICT continuity, privacy and protection of PII or documented operating procedures as part of an ISMS.
Section three is about security controls that refer to the individuals working for or on behalf of the organization (People controls). It covers aspects like screening, terms and conditions of employment, training and awareness, disciplinary process or remote working.
The next section includes controls that address physical security (Physical controls) including: secure areas, entry controls, clear desk and clear screen, storage media, supporting utilities or the secure re-use and disposal of equipment.
Section number four covers Technological controls that refer to aspects like: the use of endpoint devices, data masking, information deletion, backup, cryptography, logging, networks security, secure development, secure coding, the protection of test information, web filtering, secure authentication, access to source code or the use of privileged utility programs.
The final section of the course provides information on the certification to ISO/IEC 27001 and ISO/IEC 27002 for both organizations and individuals.
Who this course is for:
- Information security managers
- ISMS auditors and consultants
- Information security management practitioners and enthusiasts
- Cybersecurity and privacy practitioners
- Those interested in the ISO 27k framework
Instructor
- 4.5 Instructor Rating
- 86,566 Reviews
- 189,896 Students
- 28 Courses
Who am I?
I’ve been working in the field of standards, auditing, and certification since the early 2000s. Over the years, I’ve contributed to hundreds of projects across various industries and disciplines. Today, I work with RIGCERT, an accredited certification body based in Europe.
What do I do?
I translate the knowledge and best practices from international standards into clear, practical language to help individuals and organizations improve.
What are my interests?
My work spans multiple fields, including quality management, information security, artificial intelligence, risk management, business continuity, occupational health and safety, environmental management, social responsibility, project management or food safety.
How do I teach?
Since launching my first course in 2016, I’ve focused on extracting the core ideas from complex standards and delivering them in a clear, concise format. For some topics, I collaborate with other experts to ensure each course provides maximum value.