close

close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

close

close

Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

ISO 27002 Training

Online Instructor-led (5 days)

Classroom (5 days)

Online Self-paced (40 hours)

ISO 27002 Lead Auditor Training Course Outline

Module 1: Introduction to ISO 27002

  • Scope
  • Terms and Definitions
  • Abbreviated Terms

Module 2: Information Security

  • What is Information Security?
  • CIA
  • Principles of Information Security
  • Need for Information Security
  • Threats
  • Active and Passive Attacks

Module 3: Cybersecurity

  • What is Cybersecurity?
  • Cybersecurity Domains
  • Dangerous Cybersecurity Myths
  • Common Cyber Threats
  • Key Cybersecurity Technologies and Best Practices
  • Zero Trust Security Strategy
  • Difference Between Cybersecurity and Information Security 
  • Roles and Responsibilities of Cybersecurity Professionals

Module 4: Information Security Management System (ISMS)

  • Introduction to ISMS
  • Need
  • What Does an ISMS Do?
  • Benefits

Module 5: Themes and Controls

  • Control Type
  • Information Security Properties
  • Cybersecurity Concepts
  • Operational Capabilities
  • Security Domains
  • Control Layout

Module 6: Organisational Controls

  • Policies for Information Security
  • Information Security Roles and Responsibilities
  • Segregation of Duties
  • Management Responsibilities
  • Contact with
    • Authorities
    • Special Interest Groups
  • Threat Intelligence
  • Information Security in Project Management
  • Inventory of Information and Other Associated Assets
  • Acceptable Use of Information and Other Associated Assets
  • Return of Assets
  • Classification of Information
  • Labelling of Information
  • Information Transfer
  • Access Control
  • Identity Management
  • Authentication Information
  • Access Rights
  • Information Security in Supplier Relationships
  • Addressing Information Security within Supplier Agreements
  • Managing Information Security in the ICT Supply Chain
  • Monitoring, Review, and Change Management of Supplier Services
  • Information Security for Use of Cloud Services
  • Information Security Incident Management Planning and Preparation
  • Assessment and Decision on Information Security Events
  • Response to Information Security Incidents
  • Learning from Information Security Incidents
  • Collection of Evidence
  • Information Security During Disruption
  • ICT Readiness for Business Continuity
  • Legal, Statutory, Regulatory, and Contractual Requirements
  • Intellectual Property Rights
  • Protection of Records
  • Privacy and Protection of PII
  • Independent Review of Information Security
  • Compliance with Policies, Rules, and Standards for Information Security
  • Documented Operating Procedures

Module 7: People Controls

  • Screening
  • Terms and Conditions of Employment.
  • Information Security Awareness, Education, and Training
  • Disciplinary Process
  • Responsibilities After Termination or Change of Employment
  • Confidentiality or Non-Disclosure Agreements
  • Remote Working
  • Information Security Event Reporting

Module 8: Physical Controls

  • Physical Security Perimeters
  • Physical Entry
  • Securing Offices, Rooms, and Facilities
  • Physical Security Monitoring
  • Protecting Against Physical and Environmental Threats
  • Working in Secure Areas
  • Clear Desk and Clear Screen
  • Equipment Siting and Protection
  • Security of Assets Off-Premises
  • Storage Media
  • Supporting Utilities
  • Cabling Security
  • Equipment Maintenance
  • Secure Disposal or Re-Use of Equipment

Module 9: Technological Controls

  • User Endpoint Devices
  • Privileged Access Rights
  • Information Access Restriction
  • Access to Source Code
  • Secure Authentication
  • Capacity Management
  • Protection Against Malware
  • Management of Technical Vulnerabilities
  • Configuration Management
  • Information Deletion
  • Data
    • Masking
    • Leakage Prevention
  • Information Backup
  • Redundancy of Information Processing Facilities
  • Logging
  • Monitoring Activities
  • Clock Synchronisation
  • Use of Privileged Utility Programs
  • Installation of Software on Operational Systems
  • Networks Security
  • Security of Network Services
  • Segregation of Networks
  • Web Filtering
  • Use of Cryptography
  • Secure Development Life Cycle
  • Application Security Requirements
  • Secure System Architecture and Engineering Principles
  • Secure Coding
  • Security Testing in Development and Acceptance
  • Outsourced Development
  • Separation of Development, Test, and Production Environments
  • Change Management
  • Test Information
  • Protection of Information Systems During Audit Testing

Module 10: Audit Plan and Process

  • Audit Plan
  • Preparing for an Audit
  • Audit Process

Module 11: Internal Auditor

  • Understanding an Internal Auditor (IA)
  • Internal Auditing Process
  • Requirements for Internal Auditors
  • Internal Auditor Vs External Auditor
  • Benefits of an Internal Auditor (IA)

Module 12: ISMS Audit

  • Introduction
  • Principles
  • Audit Management
  • Auditing Process
  • Competence and Evaluation of Auditors

Module 13: Cybersecurity Auditing

  • What is Cybersecurity Audit?
  • How it helps Organisation?
  • Cybersecurity and the Role of Internal Audit

Module 14: Information Security Audit

  • What is IT Security Audit?
  • Benefits
  • Types
  • Importance
  • How to Conduct an IT Security Audit?
  • Roles and Responsibilities of Information Security Auditor

Module 15: Information Security in Project Management

  • Project Management
  • Attributes Table
  • Purpose of Control 5.8
  • Meet Requirements
  • ISO 27002:2013 Vs ISO 27002:2022

Module 16: Components of Information Security

  • Confidentiality
  • Integrity
  • Availability
  • Authenticity
  • Non-Repudiation

Module 17: Information Security Risk Management (ISRM)

  • Introduction
  • Stages
  • Ownership

Module 18: Control and Compliance

  • Security Controls
  • Importance of Compliance
  • Legal Requirements for Information Security
  • Information Technology Compliance 
  • Information Security Compliance Standards

Module 19: Management Responsibilities

  • Control 5.4 Management Responsibilities
  • What is an Information Security Policy?
  • Attributes Table
  • Purpose of Control 5.4
  • Implementation Guidelines

Module 20: Competence and Evaluation of Auditors

  • Auditor Competence
  • Demonstration of Auditor Competence

Module 21: Lead Auditor

  • What is Lead Auditor?
  • Roles
  • Planning Phase
  • Audit Phase
  • Audit Report

Module 22: Conformity Assessment

  • What is Conformity Assessment?
  • Need of Conformity Assessment
  • Conformity Assessment and Standards
  • Types of Conformity Assessment

Show moredown

Prerequisites

There are no formal prerequisites for attending this ISO 27002 Lead Auditor Training course.

Audience

This training is designed for everyone who wants to gain the skills and knowledge of planning and conducting external and internal audits in compliance with ISO/IEC 17021 and ISO 19011 certifications. However, it will much more beneficial for:

  • Auditors
  • Managers
  • Technical Experts
  • Expert Advisors

ISO 27002 Lead Auditor Training Course Overview

ISO 27002 gives a reference set of information security, cyber security, and privacy protection controls that includes implementation guidance on the basis of internationally recognised best practices. This standard is curated to help organisations establish information security controls based on internationally recognised best practises and create guidelines for organisation-specific information security management. Studying this training equips learners with this ISO standard, information security management system principles, and evaluates ISMS conformity. It is essential for organisations to secure their information systems from risks and threats while collecting, using, and processing data. Attending this training will enable individuals to plan and manage audit programmes as well as auditing guidelines concerning ISO 19011.

This 5-day ISO 27002:2022 Lead Auditor Training course is designed to provide delegates with a thorough understanding of auditing techniques and how to evaluate the auditing process. During this training, delegates will learn about the fundamental concepts of information security management systems and ISO 27002. They will also learn about various themes and controls, including organisational, physical, and technical controls. Our highly skilled and knowledgeable instructor with years of experience will conduct this course and give delegates deep knowledge of lead auditor responsibilities and techniques.

Course Objectives:

  • To attain knowledge of information systems and their principles
  • To monitor, review, and change management of supplier services
  • To plan and prepare for information security incident management
  • To learn about the active and passive attacks on information systems
  • To understand the roles and responsibilities of cybersecurity professionals
  • To get in touch with conformity assessment that determines product requirements

At the end of this training, delegates will be able to manage audit programmes and report the audit findings by applying audit techniques, principles, and processes. They will also be able to secure information systems by applying cryptographic techniques of encryption and decryption.

Show moredown

  • Delegate pack consisting of course notes and exercises
  • Courseware
  • Experienced Instructor

Show moredown

Online Instructor-led (1 days)

Classroom (1 days)

Online Self-paced (8 hours)

ISO 27002 Foundation Training​ Course Outline

Module 1: Introduction to ISO 27002

  • Scope
  • Terms and Definitions
  • Abbreviated Terms

Module 2: Information Security

  • What is Information Security?
  • CIA
  • Principles of Information Security
  • Need for Information security
  • Threats
  • Active and Passive Attacks

Module 3: Cybersecurity

  • What is Cybersecurity?
  • Cybersecurity Domains
  • Dangerous Cybersecurity Myths
  • Common Cyber Threats
  • Key Cybersecurity Technologies and Best Practices
  • Zero Trust Security Strategy
  • Difference Between Cybersecurity and Information Security 
  • Roles and Responsibilities of Cybersecurity Professionals

Module 4: Information Security Management System (ISMS)

  • Introduction to ISMS
  • Need
  • What Does an ISMS Do?
  • Benefits

Module 5: Themes and Controls

  • Control Type
  • Information Security Properties
  • Cybersecurity Concepts
  • Operational Capabilities
  • Security Domains
  • Control Layout

Module 6: Organisational Controls

  • Policies for Information Security
  • Information Security Roles and Responsibilities
  • Segregation of Duties
  • Management Responsibilities
  • Contact with
    • Authorities
    • Special Interest Groups
  • Threat Intelligence
  • Information Security in Project Management
  • Inventory of Information and Other Associated Assets
  • Acceptable Use of Information and Other Associated Assets
  • Return of Assets
  • Classification of Information
  • Labelling of Information
  • Information Transfer
  • Access Control
  • Identity Management
  • Authentication Information
  • Access Rights
  • Information Security in Supplier Relationships
  • Addressing Information Security within Supplier Agreements
  • Managing Information Security in the ICT Supply Chain
  • Monitoring, Review, and Change Management of Supplier Services
  • Information Security for Use of Cloud Services
  • Information Security Incident Management Planning and Preparation
  • Assessment and Decision on Information Security Events
  • Response to Information Security Incidents
  • Learning from Information Security Incidents
  • Collection of Evidence
  • Information Security During Disruption
  • ICT Readiness for Business Continuity
  • Legal, Statutory, Regulatory, and Contractual Requirements
  • Intellectual Property Rights
  • Protection of Records
  • Privacy and Protection of PII
  • Independent Review of Information Security
  • Compliance with Policies, Rules, and Standards for Information Security
  • Documented Operating Procedures

Module 7: People Controls

  • Screening
  • Terms and Conditions of Employment
  • Information Security Awareness, Education, and Training
  • Disciplinary Process
  • Responsibilities After Termination or Change of Employment
  • Confidentiality or Non-Disclosure Agreements
  • Remote Working
  • Information Security Event Reporting

Module 8: Physical Controls

  • Physical Security Perimeters
  • Physical Entry
  • Securing Offices, Rooms, and Facilities
  • Physical Security Monitoring
  • Protecting Against Physical and Environmental Threats
  • Working in Secure Areas
  • Clear Desk and Clear Screen
  • Equipment Siting and Protection
  • Security of Assets Off-Premises
  • Storage Media
  • Supporting Utilities
  • Cabling Security
  • Equipment Maintenance
  • Secure Disposal or Re-use of Equipment

Module 9: Technological Controls

  • User Endpoint Devices
  • Privileged Access Rights
  • Information Access Restriction
  • Access to Source Code
  • Secure Authentication
  • Capacity Management
  • Protection Against Malware
  • Management of Technical Vulnerabilities
  • Configuration Management
  • Information Deletion
  • Data
    • Masking
    • Leakage Prevention
  • Information Backup
  • Redundancy of Information Processing Facilities
  • Logging
  • Monitoring Activities
  • Clock Synchronisation
  • Use of Privileged Utility Programs
  • Installation of Software on Operational Systems
  • Networks Security
  • Security of Network Services
  • Segregation of Networks
  • Web Filtering
  • Use of Cryptography
  • Secure Development Life Cycle
  • Application Security Requirements
  • Secure System Architecture and Engineering Principles
  • Secure Coding
  • Security Testing in Development and Acceptance
  • Outsourced Development
  • Separation of Development, Test, and Production Environments
  • Change Management
  • Test Information
  • Protection of Information Systems During Audit Testing

Show moredown

Prerequisites

There are no formal prerequisites to attend this ISO 27002:2022 Foundation Training course.

Audience

This course is ideal for anyone who wants to attain an understanding of the main processes of an Information Security Management System and Information Security Controls. However, this course is much more beneficial for:

  • Information Security Managers
  • ISMS Auditors and Consultants
  • Information Security Management Practitioners
  • Cybersecurity and Privacy Practitioners

ISO 27002 Foundation Training​ Course Overview

ISO 27002 is the international standard and is recognised as an information security control system designed to benefit an organisation's development of any size. Information security controls help to lower risks like hacks, data theft, and unauthorised alterations to digital data. This training will help learners to establish and improve the information security infrastructure. This training will help organisations to implement, maintain, and improve their information security management. Holding these effective skills and knowledge of ISO 27002: 2022 helps individuals to get expertise in monitoring information security and successfully kick start their careers in ISMS.

This 1-day ISO 27002:2022 Foundation Training course is designed to teach delegates about managing system information security. During this course, delegates will learn about the principles of information security along with its differences from cybersecurity. Delegates will get familiar with the information security incident management plans and preparations to detect and react to the risks accordingly. Furthermore, they will get an understanding of the responsibilities after termination or change of employment. Our highly expert trainer with years of teaching experience will conduct this training and equip delegates with the knowledge of various controls to secure information.

Course Objectives:

  • To get familiar with the roles and responsibilities of cybersecurity professionals
  • To understand the information security in supplier relationships
  • To gain knowledge of the redundancy of information processing facilities
  • To follow policies, rules, and standards for information security
  • To learn the importance and benefits of managing information security system
  • To manage the technical vulnerabilities to keep the network safe

After completing this training, delegates will be able to implement information security management in an organisation. Delegates will be able to determine and identify the risks and act accordingly.

Show moredown

  • Delegate pack consisting of course notes and exercises
  • Courseware
  • Experienced Instructor

Show moredown

Online Instructor-led (2 days)

Classroom (2 days)

Online Self-paced (16 hours)

ISO 27002 Internal Auditor Training Course Outline

Module 1: Introduction to ISO 27002 

  • Scope 
  • Terms and Definitions 
  • Abbreviated Terms 

Module 2: Information Security 

  • What is Information Security? 
  • CIA 
  • Principles of Information Security 
  • Need for Information security 
  • Threats 
  • Active and Passive Attacks 

Module 3: Cybersecurity 

  • What is Cybersecurity? 
  • Cybersecurity Domains 
  • Dangerous Cybersecurity Myths 
  • Common Cyber Threats 
  • Key Cybersecurity Technologies and Best Practices 
  • Zero Trust Security Strategy 
  • Difference Between Cybersecurity and Information Security   
  • Roles and Responsibilities of Cybersecurity Professionals 

Module 4: Information Security Management System (ISMS) 

  • Introduction to ISMS 
  • Need 
  • What Does an ISMS Do? 
  • Benefits 

Module 5: Themes and Controls 

  • Control Type 
  • Information Security Properties 
  • Cybersecurity Concepts 
  • Operational Capabilities 
  • Security Domains 
  • Control Layout 

Module 6: Organisational Controls 

  • Policies for Information Security 
  • Information Security Roles and Responsibilities 
  • Segregation of Duties 
  • Management Responsibilities  
  • Contact with  
    • Authorities 
    • Special Interest Groups 
  • Threat Intelligence 
  • Information Security in Project Management 
  • Inventory of Information and Other Associated Assets 
  • Acceptable Use of Information and Other Associated Assets 
  • Return of Assets 
  • Classification of Information 
  • Labelling of Information  
  • Information Transfer  
  • Access Control 
  • Identity Management 
  • Authentication Information 
  • Access Rights 
  • Information Security in Supplier Relationships  
  • Addressing Information Security within Supplier Agreements  
  • Managing Information Security in the ICT Supply Chain 
  • Monitoring, Review, and Change Management of Supplier Services 
  • Information Security for Use of Cloud Services 
  • Information Security Incident Management Planning and Preparation 
  • Assessment and Decision on Information Security Events 
  • Response to Information Security Incidents 
  • Learning from Information Security Incidents 
  • Collection of Evidence 
  • Information Security During Disruption 
  • ICT Readiness for Business Continuity  
  • Legal, Statutory, Regulatory, and Contractual Requirements 
  • Intellectual Property Rights 
  • Protection of Records 
  • Privacy and Protection of PII 
  • Independent Review of Information Security 
  • Compliance with Policies, Rules, and Standards for Information Security 
  • Documented Operating Procedures 

Module 7: People Controls 

  • Screening 
  • Terms and Conditions of Employment. 
  • Information Security Awareness, Education, and Training 
  • Disciplinary Process 
  • Responsibilities After Termination or Change of Employment 
  • Confidentiality or Non-Disclosure Agreements 
  • Remote Working 
  • Information Security Event Reporting 

Module 8: Physical Controls 

  • Physical Security Perimeters 
  • Physical Entry 
  • Securing Offices, Rooms, and Facilities  
  • Physical Security Monitoring 
  • Protecting Against Physical and Environmental Threats  
  • Working in Secure Areas  
  • Clear Desk and Clear Screen 
  • Equipment Siting and Protection  
  • Security of Assets Off-Premises 
  • Storage Media 
  • Supporting Utilities 
  • Cabling Security 
  • Equipment Maintenance 
  • Secure Disposal or Re-use of Equipment 

Module 9: Technological Controls  

  • User Endpoint Devices  
  • Privileged Access Rights 
  • Information Access Restriction 
  • Access to Source Code 
  • Secure Authentication 
  • Capacity Management 
  • Protection Against Malware 
  • Management of Technical Vulnerabilities 
  • Configuration Management 
  • Information Deletion 
  • Data  
    • Masking  
    • Leakage Prevention 
  • Information Backup 
  • Redundancy of Information Processing Facilities 
  • Logging 
  • Monitoring Activities 
  • Clock Synchronisation 
  • Use of Privileged Utility Programmes 
  • Installation of Software on Operational Systems 
  • Networks Security 
  • Security of Network Services 
  • Segregation of Networks 
  • Web Filtering 
  • Use of Cryptography  
  • Secure Development Life Cycle 
  • Application Security Requirements 
  • Secure System Architecture and Engineering Principles 
  • Secure Coding 
  • Security Testing in Development and Acceptance 
  • Outsourced Development 
  • Separation of Development, Test, and Production Environments 
  • Change Management 
  • Test Information 
  • Protection of Information Systems During Audit Testing 

Module 10: Audit Plan and Process 

  • Audit Plan 
  • Preparing for an Audit 
  • Audit Process 

Module 11: Internal Auditor 

  • Understanding an Internal Auditor (IA) 
  • Internal Auditing Process 
  • Requirements for Internal Auditors 
  • Internal Auditor Vs External Auditor 
  • Benefits of an Internal Auditor (IA) 

Module 12: ISMS Audit 

  • Introduction 
  • Principles 
  • Audit Management 
  • Auditing Process 
  • Competence and Evaluation of Auditors 

Module 13: Cybersecurity Auditing 

  • What is Cybersecurity Audit? 
  • How it helps Organisation? 
  • Cybersecurity and the Role of Internal Audit 

Module 14: Information Security Audit 

  • What is IT Security Audit? 
  • Benefits  
  • Types  
  • Importance  
  • How to Conduct an IT Security Audit? 
  • Roles and Responsibilities of Information Security Auditor

Show moredown

Prerequisites 

There are no formal prerequisites for attending this 27002:2022 Internal Auditor Training course.

Audience 

This course is intended for those who need to gain knowledge about securing information and cyber security.

ISO 27002 Internal Auditor Training Course Overview

ISO 27002 specifies a set of controls for information security, cyber security, and privacy protection, as well as implementation recommendations based on internationally recognised best practices, and it is closely related to ISO 27001. This standard has been created to assist organisations in establishing information security controls based on internationally recognised best practises and in developing guidelines for organisation-specific information security management. This training provides learners with this ISO standard, information security management system principles, and the need for ISMS. It is essential for organisations to protect their information systems from risks and threats while collecting, using, and processing data. Pursuing this training helps individuals get equipped with the necessary skills and techniques that will ultimately enhance their career opportunities and upgrade their earnings.

In this 2-day ISO 27002:2022 Internal Auditor Training course, delegates will gain knowledge of all the comprehensive concepts of ISO 27002 Internal Auditor. During this training, delegates will learn principles of information security, dangerous cybersecurity myths, and common cyber threats. They will also learn about the classification of information, labelling of information, information transfer, access control, identity management, and authentication of information. Our highly professional trainer with years of experience in teaching ISO training courses will conduct this training and help delegates gain a comprehensive understanding of this course.

Course Objectives:

  • To understand the roles and responsibilities of cybersecurity professionals
  • To gain a deep knowledge of the inventory of information and other associated assets
  • To learn about addressing information security within supplier agreements
  • To attain the knowledge of managing information security in the ICT supply chain
  • To stay in touch with responsibilities after termination or change of employment
  • To become familiar with the protection of information systems during audit testing

At the end of this course, delegates will be able to secure their data and information with the help of cybersecurity techniques and information security. They will also be able to manage audit programmes and report the audit findings by following audit principles, processes, and techniques.

Show moredown

  • Delegate pack consisting of course notes and exercises
  • Courseware
  • Experienced Instructor

Show moredown

Online Instructor-led (3 days)

Classroom (3 days)

Online Self-paced (24 hours)

ISO 27002 Lead Implementer Training Course Outline

Module 1: Introduction to ISO 27002

  • Scope
  • Terms and Definitions
  • Abbreviated Terms

Module 2: Information Security

  • What is Information Security?
  • CIA
  • Principles of Information Security
  • Need for Information Security
  • Threats
  • Active and Passive Attacks

Module 3: Cybersecurity

  • What is Cybersecurity?
  • Cybersecurity Domains
  • Dangerous Cybersecurity Myths
  • Common Cyber Threats
  • Key Cybersecurity Technologies and Best Practices
  • Zero Trust Security Strategy
  • Difference Between Cybersecurity and Information Security 
  • Roles and Responsibilities of Cybersecurity Professionals

Module 4: Information Security Management System (ISMS)

  • Introduction to ISMS
  • Need
  • What Does an ISMS Do?
  • Benefits

Module 5: Themes and Controls

  • Control type
  • Information Security Properties
  • Cybersecurity Concepts
  • Operational Capabilities
  • Security Domains
  • Control Layout

Module 6: Organisational Controls

  • Policies for Information Security
  • Information Security Roles and Responsibilities
  • Segregation of Duties
  • Management Responsibilities
  • Contact with
    • Authorities
    • Special Interest Groups
  • Threat Intelligence
  • Information Security in Project Management
  • Inventory of Information and Other Associated Assets
  • Acceptable Use of Information and Other Associated Assets
  • Return of Assets
  • Classification of Information
  • Labelling of Information
  • Information Transfer
  • Access Control
  • Identity Management
  • Authentication Information
  • Access Rights
  • Information Security in Supplier Relationships
  • Addressing Information Security within Supplier Agreements
  • Managing Information Security in the ICT Supply Chain
  • Monitoring, Review, and Change Management of Supplier Services
  • Information Security for Use of Cloud Services
  • Information Security Incident Management Planning and Preparation
  • Assessment and Decision on Information Security Events
  • Response to Information Security Incidents
  • Learning from Information Security Incidents
  • Collection of Evidence
  • Information Security During Disruption
  • ICT Readiness for Business Continuity
  • Legal, Statutory, Regulatory, and Contractual Requirements
  • Intellectual Property Rights
  • Protection of Records
  • Privacy and Protection of PII
  • Independent Review of Information Security
  • Compliance with Policies, Rules, and Standards for Information Security
  • Documented Operating Procedures

Module 7: People Controls

  • Screening
  • Terms and Conditions of Employment.
  • Information Security Awareness, Education, and Training
  • Disciplinary Process
  • Responsibilities After Termination or Change of Employment
  • Confidentiality or Non-Disclosure Agreements
  • Remote Working
  • Information Security Event Reporting

Module 8: Physical Controls

  • Physical Security Perimeters
  • Physical Entry
  • Securing Offices, Rooms, and Facilities
  • Physical Security Monitoring
  • Protecting Against Physical and Environmental Threats
  • Working in Secure Areas
  • Clear Desk and Clear Screen
  • Equipment Siting and Protection
  • Security of Assets Off-Premises
  • Storage Media
  • Supporting Utilities
  • Cabling Security
  • Equipment Maintenance
  • Secure Disposal or Re-Use of Equipment

Module 9: Technological Controls

  • User Endpoint Devices
  • Privileged Access Rights
  • Information Access Restriction
  • Access to Source Code
  • Secure Authentication
  • Capacity Management
  • Protection Against Malware
  • Management of Technical Vulnerabilities
  • Configuration Management
  • Information Deletion
  • Data
    • Masking
    • Leakage Prevention
  • Information Backup
  • Redundancy of Information Processing Facilities
  • Logging
  • Monitoring Activities
  • Clock Synchronisation
  • Use of Privileged Utility Programs
  • Installation of Software on Operational Systems
  • Networks Security
  • Security of Network Services
  • Segregation of Networks
  • Web Filtering
  • Use of Cryptography
  • Secure Development Life Cycle
  • Application Security Requirements
  • Secure System Architecture and Engineering Principles
  • Secure Coding
  • Security Testing in Development and Acceptance
  • Outsourced Development
  • Separation of Development, Test, and Production Environments
  • Change Management
  • Test Information
  • Protection of Information Systems During Audit Testing

Module 10: Audit Plan and Process

  • Audit Plan
  • Preparing for an Audit
  • Audit Process

Module 11: Internal Auditor

  • Understanding an Internal Auditor (IA)
  • Internal Auditing Process
  • Requirements for Internal Auditors
  • Internal Auditor Vs External Auditor
  • Benefits of an Internal Auditor (IA)

Module 12: ISMS Audit

  • Introduction
  • Principles
  • Audit Management
  • Auditing Process
  • Competence and Evaluation of Auditors

Module 13: Cybersecurity Auditing

  • What is Cybersecurity Audit?
  • How it Helps Organisation?
  • Cybersecurity and the Role of Internal Audit

Module 14: Information Security Audit

  • What is IT Security Audit?
  • Benefits
  • Types
  • Importance
  • How to Conduct an IT Security Audit?
  • Roles and Responsibilities of Information Security Auditor

Show moredown

Prerequisites

There are no formal prerequisites for attending this 27002:2022 Lead Implementer Training course.

Audience

This course is intended for those who need to gain knowledge about securing information and cyber security.

ISO 27002 Lead Implementer Training Course Overview

ISO 27002 gives a reference set of information security, cyber security, and privacy protection controls that includes implementation guidance on the basis of internationally recognised best practices. This training will help learners use a working framework for resolving issues related to information security, cyber security, physical security, and information privacy. This training will assist organisations about information security risks and threats to be aware of when they collect, use, and process data. The Knowledge of ISO 27002 Lead Implementer Training course assists individuals in implementing, managing, maintaining, and evaluating information security management systems. Holding skills in ISO 27002 can help individuals gain quick and significant professional growth and expand career opportunities in their work field.

This 3-day ISO 27002:2022 Lead Implementer Training course is designed to provide delegates with comprehensive knowledge about information security controls. During this training course, delegates will learn about how to address information security within supplier agreements. Delegates will also learn about how to conduct assessments and decisions on information security events and respond to information security incidents. Our highly skilled trainers with years of teaching experience will conduct this training with a deep knowledge of lead implementer responsibilities and techniques.

Course Objectives:

  • To understand the cybersecurity technologies and tools
  • To learn about information security and its principles
  • to gain in-depth knowledge of the applications of security domains
  • To learn about information security incident management planning,
  • To in-depth knowledge about information transfer and access control
  • To get in touch with ICT readiness for business continuity

After completing this training course, delegates will be able to learn about information security, cybersecurity, themes and controls, audit plan and process, ISMS audit, cybersecurity auditing, and components of information security. They will also be able to learn about information security in project management.

Show moredown

  • Delegate pack consisting of course notes and exercises
  • Courseware
  • Experienced Instructor

Show moredown

Not sure which course to choose?

Speak to a training expert for advice if you are unsure of what course is right for you. Give us a call on 01344203999 or Enquire.

What our customers are saying

ISO 27002 Training FAQs

FAQ's

ISO 27002 provides a reference set of controls for information security, cyber security, and privacy protection, as well as implementation guidelines based on internationally, recognised best practises.
Information security controls are significant because they protect the organisation's ability to function and enable the safe operation of applications implemented on the organisation's IT systems to safeguard the data that it collects and uses.
Information security policies keep you away from penalties and fines, secure your reputation for doing business, strengthen your skills in data protection and the culture of business, and promote transparency and access controls.
Pursuing this training helps you to demonstrate your competence and abilities and gain the necessary skills and techniques that will ultimately enhance your career opportunities and upgrade your earnings.
In this ISO 27002 Training, you will learn about the principles of information security, how to conduct an IT security audit, audit plan and process, competence and evaluation of auditors, segregation of networks, etc.
Please see our ISO 27002 Training courses available in the United Kingdom
The Knowledge Academy is the Leading global training provider in the world for ISO 27002 Training.
The price for ISO 27002 Training certification in the United Kingdom starts from £.

Why we're the go to training provider for you

icon

Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.

icon

Trusted & Approved

We are accredited by PeopleCert on behalf of AXELOS

icon

Many delivery methods

Flexible delivery methods are available depending on your learning style.

icon

High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo

Looking for more information on ISO 27002 Training