ISO 27001:2013-Compliant Cybersecurity: Getting Started

Explore how to build an effective cybersecurity program in compliance with the ISO 27001 standard.

Introduction

• The international standard for information security
• Who this course is for and prerequisites

1. ISO 27001 Overview

• What is the ISO 27001 standard?
• Breaking down the ISO 27001 standard
• Why build an ISO 27001-compliant cybersecurity program?
• ISO 27001 gaps and criticisms

2. Complying with ISO 27001

• ISO 27001 compliance and certification
• What to expect when getting ISO 27001 certified
• Building your ISO 27001 compliance plan
• Begin the ISO 27001 compliance process: Introduction to Clauses 4 through 10

3. Context of the Organization (Clause 4)

• Context of the organization and needs of interested parties (Clauses 4.1 and 4.2)
• The Information security management system (ISMS) and its scope (Clauses 4.3 and 4.4)

4. Leadership (Clause 5)

• Leadership and commitment (Clause 5.1)
• Policy (Clause 5.2)
• Organizational roles, responsibilities, and authorities (Clause 5.3)

5. Planning (Clause 6)

• Information security risk assessment (Clause 6.1.2)
• Information security risk treatment (Clause 6.1.3)
• Information security objectives and planning to achieve them (Clause 6.2)

6. Support and Operation (Clauses 7 and 8)

• Resources, competence, and awareness (Clauses 7.1, 7.2, and 7.3)
• Communication (Clause 7.4)
• Documented information (Clause 7.5)
• Operational planning and control, risk assessment, and risk treatment (Clauses 8.1, 8.2, and 8.3)

7. Performance Evaluation and Improvement (Clauses 9 and 10)

• Monitoring, measurement, analysis, and evaluation (Clause 9.1)
• Internal audit (Clause 9.2)
• Management review (Clause 9.3)
• Corrective action and continual improvement (Clause 10)

Conclusion

• Next steps to take with ISO 27001