ISO/IEC 27002:2022. Information security controls

Overview

Understand the information security controls for an ISMS that meets the requirements of ISO/IEC 27001:

2022 What you'll learn:

Implement an effective information security programmeDetermine and apply appropriate security controlsAchieve compliance with ISO/IEC 27001Understand information security best practicesManage information security risks This course details the information security controls in ISO/IEC 27002:

2022.It is intended to provide an overview of the 93 controls required for an ISMS (Information Security Management System).The structure of the course includes an introductory section with a presentation of the ISO/IEC27000 family of international standards, the position and the purpose of ISO/IEC27002. The introductory section provides definitions for concepts like information security, cybersecurity and privacy and explains what is an ISMS and what it should consist of.The second section of the course details the 37 Organizational controls in ISO/IEC27002 including:

roles and responsibilities, duties segregation, threat intelligence, information security in project management, information classification and labelling, access control, information transfer, supplier relationships from an information security perspective, ICTcontinuity, privacy and protection of PIIor documented operating procedures as part of an ISMS.Section three is about security controls that refer to the individuals working for or on behalf of the organization (People controls).

It covers aspects like screening, terms and conditions of employment, training and awareness, disciplinary process or remote working.The next section includes controls that address physical security (Physical controls) including:

secure areas, entry controls, clear desk and clear screen, storage media, supporting utilities or the secure re-use and disposal of equipment.Section number four covers Technological controls that refer to aspects like:

the use of endpoint devices, data masking, information deletion, backup, cryptography, logging, networks security, secure development, secure coding, the protection of test information, web filtering, secure authentication, access to source code or the use of privileged utility programs.The final section of the course provides information on the certification to ISO/IEC 27001 and ISO/IEC 27002 for both organizations and individuals.

Syllabus

• Introduction to ISO/IEC 27002:2022
Overview of ISO/IEC Standards
Importance and application of ISO/IEC 27002:2022
Structure and purpose of the standard
• Context of Information Security
Understanding of Information Security Management
Key principles and benefits of information security controls
• Structure of Information Security Controls
Categories and themes of controls
Control objectives and controls
• Governance of Information Security
Establishing governance framework
Roles and responsibilities
• Information Security Risk Management
Risk assessment and treatment
Risk management programs
• Organizational Controls
Internal organization policies
Human resource security
Asset management
• Information Security Controls
Access control measures
Cryptographic controls
Physical and environmental security
• Operational Controls
Security operations management
Communications and operations management
Protecting against malware
• System Acquisition, Development, and Maintenance
Security requirements in systems and applications
Secure development practices
• Supplier Relationships
Supplier security management
Supply chain security controls
• Incident Management
Information security incident management procedures
Learning from information security incidents
• Business Continuity Management
Planning for information security continuity
Resilience and recovery strategies
• Compliance
Legal and regulatory requirements
Compliance with security policies and procedures
• Conclusion and Best Practices
Integration of controls into organizational processes
Continuous improvement of security controls
• Case Studies and Practical Applications
Analysis of real-world scenarios
Practical exercises for applying the controls
• Review and Assessment
Recap of key learning points
Self-assessment quiz and feedback

Taught by

Cristian Vlad Lupa, rigcert.education

Subjects

Information Security (InfoSec)