ISO/IEC 27001. Information Security Management System.
4.2 (43 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
234 students enrolled
Wishlisted Wishlist

Please confirm that you want to add ISO/IEC 27001. Information Security Management System. to your Wishlist.

Add to Wishlist

ISO/IEC 27001. Information Security Management System.

Learn how your company can protect its information and get certified to ISO/IEC 27001
4.2 (43 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
234 students enrolled
Last updated 3/2017
English
Current price: $30 Original price: $85 Discount: 65% off
30-Day Money-Back Guarantee
Includes:
  • 5 hours on-demand video
  • 56 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Understand the requirements of ISO/IEC 27001 and the information security controls
  • Participate in information security audits
  • Understand information security principles and concepts
  • Have a solid knowledge of the requirements for information security controls required by ISO/IE0C 27001
  • Understand what is required for an organization to obtain ISO/IEC 27001 certification
  • Participate in the implementation of an Information Security Management Systems
  • Understand information security controls and guidelines for their implementation according to ISO/IEC 27002
View Curriculum
Requirements
  • No specific prior knowledge required.
  • Familiarity with management systems is helpful.
  • Knowledge about information security principles and concepts is useful.
Description

ISO/IEC 27001 is one of the world's most popular standards and this ISO certification is very sought after, as it demonstrates a company can be trusted with information because it has sufficient controls in place to protect it.

Google, Apple, Adobe, Oracle and many other tech giants, financial institutions, health services providers, insurance companies, education institutions, manufacturing and service companies, large and small business around the world have decided to implement this standard and to get this certification as a proof of their capability to protect the confidentiality, integrity and availability of the information they process.

My course explains the requirements of ISO/IEC 27001 along with the controls in Annex A of this standard to help you understand how an information security management system can be implemented, what are the requirements of this standard and what are the solutions to ensure conformity.

My course is structured into 2 parts:

- the first one is about the management system requirements of ISO/IEC 27001. Context of the organization, leadership, information security policy and objectives, information security risk assessment and treatment, competence and awareness, documented information, operational planning and control, internal audit, management review, nonconformity and corrective action along with all the other requirements of the standard are discussed.

- the second part of the course is all about the controls from Annex A of ISO/IEC 27001 - there are 114 information security controls and all are addressed in the lessons. The topics cover aspects like: Information security policies, organization of information security, mobile devices and teleworking, security of human resources, asset management, classification of information, media handling, access control, user responsibilities, system and application access control, cryptography, physical and environmental security, equipment security, operations security, protection from malware, backup, logging and monitoring, control of operational software, technical vulnerability management, communications security, network security management, information transfer, system acquisition, development and maintenance, security in development and support, supplier relationships, incident management, information security as part of business continuity management, redundancies and compliance.

After going through all the lessons of this course you will have a solid knowledge of what is required for an information security management system, how can an organization implement such a system and get certified to ISO/IEC 27001.

With the information here you can:

- work as a consultant for the implementation of this system in different companies;

- participate in audits (internal or external) on ISO/IEC 27001;

- work in a company that implemented an information security management system or

- if you are manager or owner of a business you will know what is the international standard for information security and start implementing it in your company.

If none of the options above suits your profile you can use the information in my course for awareness on information security and get to know what are the security requirements that so many organizations around the world have decided to adopt.

From my course you will get condensed information that you can re-visit anytime you need and after going through this course Udemy offers the possibility to download a certificate for successful completion so you can demonstrate your competence in the information security field.

Who is the target audience?
  • Information security managers
  • Information security consultants and auditors
  • Information security officers
  • Information security risk specialists
  • Managers and business owners
  • People involved in the implementation and administration of information security management systems according to ISO/IEC 27001
Curriculum For This Course
57 Lectures
04:51:20
+
Introduction to information security and ISO/IEC 27001
3 Lectures 10:00

Why the need for information security? The standards ISO/IEC 27001 and ISO/IEC 27001 and structure of the course.

Preview 03:48

Learn about the CIA tirad (Confidentiality - Integrity - Availability) and and what are: riks management, vulnerability and threats.

Information security concept
03:14

About the other standards that are part of the ISO/IEC 27000 family and address specific aspects of information security.

ISO 27k family
02:58
+
Context of the organization
2 Lectures 07:38

Internal and external issues that affect the information security management system, the needs and expectations of interested parties.

Context of the organization
05:24

How to define the scope (activities and locations) where the ISMS is implemented.

Scope of the ISMS
02:14
+
Leadership
3 Lectures 09:32

Learn about the requirements for active involvement of the top management for the information security management system.

Leadership and commitment
04:13

The information security policy sets the general direction of the company with regards to information security. But there are a few requirements about this policy.

Information security policy
03:00

Top management defines roles, responsibilties and authorities to staff as part as its commitment for information security.

Organizational roles, responsibilities and authorities
02:19
+
Planning
3 Lectures 18:53

About defining a methodology for risk assessment, evaluate threats and vulnerabilities to information assets, calculate risks and estimate risk levels and designate information security risk owners.

Information security risk assessment
07:34

About defining controls to treat risks, elaborating a statement of applicability and a risk treatment plan and calculating residual risk.

Information security risk treatment
07:38

About setting information security objective and monitoring their achievement.

Information security objectives
03:41
+
Support
3 Lectures 11:19

About determining the need for competence, ensuring that people are competent and taking actions for people to acquire required competence. Implementing an awareness program for information security.

Competence and awareness
04:48

About ensuring that there are adequate communication channels for both internal and external communications related to information security.

Communication
01:40

Documents required by ISO/IEC 27001 for the information security management system and how to protect the documented information.

Documented information
04:51
+
Operation
1 Lecture 02:41

The organization shall plan, implement and control the processes needed to meet information security requirements and implement the actions decided following the risk assessment.

Operational planning and control
02:41
+
Performance evaluation
3 Lectures 10:33

About what the organization should measure and monitor and the requirement to analyse and evaluate the data collected.

Monitoring, measuring, analysis and evaluation
02:29

The requirements for auditing internally the information security management system. Audit programme, audit plans, checklists, reports, requirements for the internal audit team.

Internal audit
05:02

About the planned meetings to review the effectiveness and suitablity of the information security management system. Input and output elements to the management review.

Management review
03:02
+
Improvement
1 Lecture 03:04

The process to manage nonconformities - correcting the nonconformities and dealing with consequences, review to identify root cause, implementation of corrective actions and evaluate their effectiveness.

Nonconformity and corrective action
03:04
+
Introduction to the second part of the course
1 Lecture 02:27

The Annex A of ISO/IEC 27001, the security categories and the 114 security controls with the guidelines provided by ISO/IEC 27002

Preview 02:27
+
Information security policies
1 Lecture 05:11

Information security policies - top level policy and lower level information security policies as required by ISO/IEC 27001.

Management direction for information security
05:11
13 More Sections
About the Instructor
Mr. Cristian Vlad Lupa
4.4 Average rating
169 Reviews
594 Students
4 Courses
Auditor, Consultant & Trainer

Management systems auditor, consultant and trainer with over 15 years experience in working with most popular standards like ISO 9001, ISO 14001, OHSAS 18001, ISO/IEC 27001, ISO 50001, ISO 39001 or ISO 22301. Certified health and safety risk assessor and auditor.

I have performed over 500 audits for different management systems in 12 countries, participation in implementation and provided training on all major international standards.

... and I like this saying "people who take the time and initiative to pursue knowledge on their own are the only ones who earn a real education in this world" that I found in an article of Thomas Oppong