T 84v22 - E-learning - ISO 27001 training package - Readiness and audit of your information security management system ISMS version 2022

Objectives of the ISO 27001 training package

• understand the strategic challenges and objectives of the ISO 27001:2022 standard
• identify the fundamental requirements
• explain the contribution of the ISMS (Information Security Management System) to a comprehensive risk management approach
• describe the key phases of the compliance process
• prepare for ISO 27001 certification
• secure information (customers, employees, intellectual property) against cyber threats (ransomware, phishing, data leaks)
• guarantee the confidentiality, integrity, and availability of data
• develop an Information Security Policy (ISP) aligned with the organization's strategy
• strengthen stakeholder trust in an increasingly threatening digital environment
• evaluate the performance of the ISMS through internal audits

Free quiz without registration on the requirements of the ISO 27001 standard that you can exercise by clicking on the "QUIZ" button:

• Quiz requirements ISO 27001 version 2022

Readiness for implementation, certification, maintenance and improvement of your information security management system (ISO 27001) in order to:

• guarantee the confidentiality, integrity, availability and traceability of information
• reduce information security risks
• seize opportunities for continual improvement

To conduct an audit according to ISO 19011 in order to:

• identify improvement opportunities
• increase the satisfaction of stakeholders
• evaluate the performance of the ISO 27001 information security management system

See the set of documents  ISO 27001 information security package readiness and internal audit version 2022

T 24v22 ONLINE COURSE FOR YOUR INFORMATION SECURITY MANAGEMENT SYSTEM ISO 27001 READINESS VERSION 2022 

This part of the ISO 27001 online training allows you to discover the principles, requirements and challenges of an information security management system that complies with the 2022 version of the standard.

Discover the ISO 27001 standard version 2022 and

• its content
• its principles
• its requirements
• the stakes

Get used to

• information security approach
• information security management system (ISMS)
• process approach
• risk approach
• information security documentation
• ISO 27001 readiness documentation
• ISO 27001 internal audit documentation
• continual improvement

The important and fundamental elements of an information security management system

• information security approach (quality management principles, PDCA cycle)
• process approach (definitions, process types, mapping)
• context of the company (customer requirements)
• leadership of top management (commitments, responsibilities)
• planning of the ISMS (risks, actions, objectives)
• product realization and service provision (operational control, risk assessment and treatment)
• performance evaluation (monitoring, measure, analysis, internal audits, management review)
• improvement (nonconformities, corrective actions, continual improvement)
• controls (Annex A)

The content thus makes it possible to structure a coherent ISO 27001 information security approach, from the identification of issues to the management of continual improvement.

The menu of the course

• Presentation
• MCT (Multiple choice test) Beginning (10 questions)
• 1 Information security
  
  • 1.1 History
  • 1.2 Scope
  • 1.3 Principles and steps
• 2 Standards, definitions, books
  
  • 2.1 Standards
  • 2.2 Definitions
  • 2.3 Books
• MCT Information security (9 questions)
• 3 Process approach
  
  • 3.1 Process
  • 3.2 Process map
  • 3.3 Process approach
• MCT Process approach (7 questions)
• 4 Context
  
  • 4.1 The organization and its context
  • 4.2 Needs and expectations of interested parties
  • 4.3 Scope
  • 4.4 ISMS
• Case Interested parties
• Case Customer and need
• Case Priority tasks
• Summary of clause 4
• MCT Context (7 questions)
• 5 Leadership
  
  • 5.1 Leadership and commitment
  • 5.2 Policy
  • 5.3 Roles, responsibilities and authorities
• Case New line
• Summary of clause 5
• MCT Leadership (7 questions)
• 6 Planning
  
  • 6.1 Actions to address risks
  • 6.2 Objectives
  • 6.3 Changes
• Case New risk
• Case Risk treatment
• Case Risk register
• Summary of clause 6
• MCT Planning (9 questions)
• 7 Support
  
  • 7.1 Resources
  • 7.2 Competence
  • 7.3 Awareness
  • 7.4 Communication
  • 7.5 Documented information
• Case Communication
• Summary of clause 7
• MCT Support (7 questions)
• 8 Operation
  
  • 8.1 Operational planning and control
  • 8.2 Risk assessment
  • 8.3 Risk treatment
• Case Design review
• Case Process stability
• Summary of clause 8
• MCT Operation (6 questions)
• 9 Performance
  
  • 9.1 Inspection, analysis and evaluation
  • 9.2 Internal audit
  • 9.3 Management review
• Case Audit readiness
• Case Auditor question
• Case Management review
• Summary of clause 9
• MCT Performance (7 questions)
• 10 Improvement
  
  • 10.1 Continual improvement 
  • 10.2 Nonconformity and corrective action
• Case Nonconformities
• Case Kaizen and problem
• Summary of clause 10
• MCT Improvement (8 questions)
• Annex A
• A.5 Organizational controls
• Case Classification of information
• Case Password
• Case Response to an incident
• Case Selecting suppliers
• Summary of annex A.5
• MCT Annex A.5 (11 questions)
• A.6 People controls
• Case Incident log
• Summary of annex A.6
• MCT Annex 6 (6 questions)
• A.7 Physical controls
• Case Storage media
• Summary of annex A.7
• MCT Annex 7 (7 questions)
• A.8 Technological controls
  
• Case Audit program
• Case Audit report
• Summary of annex 8
• MCT Annex 8 (6 questions)
• MCT End (20 questions)

T 44v22 ONLINE COURSE INTERNAL AUDIT OF YOUR INFORMATION SECURITY MANAGEMENT SYSTEM ISO 27001 VERSION 2022

This second part is dedicated to the ISO 27001 internal audit and its role in evaluating the performance of an ISMS. It explains how the audit fits into the information security approach and the preparation for ISO 27001 certification.

Discover the internal audit in an ISO 27001 certified company and

• locate the audit in the information security approach
• identify the stakes
• understand the requirements
• control the tools

Get used to

• best practices
• good behavior
• the terminology
• the questionnaire
• the report

The important and fundamental elements of an internal audit

• scope
• normative references
• principles
• audit program (responsibilities, records)
• audit conducting (objectives, evidence, conclusions)
• auditor competence (knowledge, training)

The menu of the course

• Presentation
• MCT (multiple-choice test) Beginning (10 questions)
• 1 Scope
• 2 Normative references
• 3 Definitions
• 4 Principles
  
  • 4.1 Management principles
  • 4.2 Audit principles
  • 4.3 ISMS performance
• MCT Internal audit (7 questions)
• 5 Audit program
  
  • 5.1 General
  • 5.2 Objectives
  • 5.3 Risks
  • 5.4 Establishing
  • 5.5 Implementing
  • 5.6 Monitoring
  • 5.7 Reviewing and improving
• Case New risk
• Case Audit program
• MCT Audit program (11 questions)
• 6a Audit preparation
  
  • 6.1 General
  • 6.2 Initiating
  • 6.2.1 First contact
  • 6.2.2 Situations and feasibility
  • 6.3 Preparing the audit
  • 6.3.1 Document review
  • 6.3.2 Audit plan
• Case Nonconformities
• Case Audit readiness
• MCT Audit preparation (8 questions)
• 6b Conduct an audit
• 6.4 Audit activities
  
  • 6.4.1 Opening meeting
  • 6.4.2 Audit evidence
  • 6.4.3 Audit conclusions
  • 6.5 Audit report
  • 6.6 Completing the audit
  • 6.7 Audit follow-up
• Case Audit finding
• Case Audit report
• Case Management review
• MCT Conduct an audit (8 questions)
• 7 Competence and evaluation of auditors
  
  • 7.1 General
  • 7.2 Auditor competence
  • 7.3 Evaluation criteria
  • 7.4 Evaluation methods
  • 7.5 Auditor evaluation
  • 7.6 Improving competence
• Case Auditor question
• MCT Auditor competence (7 questions)
• MCT End (20 questions)