Sensitive data is protected by information security from unauthorized actions such as inspection, modification, recording, interruption, or destruction. The objective is to guarantee the security and privacy of sensitive data, including financial information, intellectual property, and account information for customers.

This course is designed for individuals within the organization from Top Management to the lower levels, so that all can understand the part they will play in implementing and maintaining an information security management system as specified in ISO/IEC 27001:2022.

COURSE OUTLINE

PART 1 COURSE DESCRIPTION | FEBRUARY 19, 2024

Module 1: Information Security Management System Concepts – Information Security, Cybersecurity and privacy protection.

• Information, data, and asset
• Information Security, Cybersecurity, and Privacy Protection Concept
• Information security Properties: Confidentiality, integrity and availability
• Impact of vulnerabilities and threats
• Information security risks
• Security objectives and controls
• Control environment

Module 2: ISO Standards and regulatory framework

• The ISO
• The ISO Principles
• Management system standards
• Integrated management systems
• Information security standards
• ISO 27000 family
• ISO 27001 advantages
• ISO 27002:2022 Implementation Updates
• Legal and regulatory conformity

PART 2 COURSE DESCRIPTION | FEBRUARY 20, 2024

Module 3: Information Security, Cybersecurity and Privacy Protection

• Information Security Management System (ISMS) Transition
• The Plan–Do–Check–Act (PDCA) Framework
• Implementation (ISMS including new changes)
• Transition of the ISO 27001 Standard

Module 4: ISMS Implementation

• Context of Organization
• Leader
• Planning
• Support
• Operation
• Performance Evaluation
• Improvement

Module 5: ISMS Implementation

• Organization Controls – 37 controls
• People Controls – 8 Controls
• Physical Controls – 14 Controls
• Technological Controls – 34 Controls

93 Information Security Controls

• New Controls – 11
• Merged Controls – 24 (57 merged into 24)
• Deleted Controls -3

11 New Controls

1. Threat Intelligence
2. Information Security of Cloud Services
3. ICT Readiness for Business Continuity
4. Physical Security Monitoring
5. Configuration Management
6. Information deletion
7. Data Masking
8. Data Leakage Protection
9. Monitoring Activities
10. Web Filtering
11. Secure Coding

Module 6: Certification Process

• Certification Process
• Transition Requirements
• Certification schema
• Accreditation authority, Certification bodies

METHODOLOGY

Participants will learn through lectures, case studies, group exercises, and discussions (workshops).