YoVDO

ISO 27001:2022-Compliant Cybersecurity: The Annex A Controls

Offered By: LinkedIn Learning

Tags

Cybersecurity Courses Governance Courses Asset Management Courses Identity and Access Management Courses Incident Management Courses ISO 27001 Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Improve your information security program or prepare for compliance with the ISO 27001 standard by learning about the 93 Annex A security control requirements.

Syllabus

Introduction
  • Introduction to the Annex A controls
1. Governance
  • Policies for information security (Control 5.1)
  • Roles, responsibilities, and duties (Controls 5.2–5.4)
  • Contacts and project management (Controls 5.5, 5.6, and 5.8)
2. Asset Management
  • Responsibility for information assets (Controls 5.9, 5.10, 6.7, and 8.1)
  • Asset security procedures (Controls 5.11, 5.14, and 5.37)
3. Information Protection
  • Classification, labeling, and privacy (Controls 5.12, 5.13, and 5.34)
  • Deletion, masking, DLP, and test data (Controls 8.10–8.12, and 8.33)
4. Identity and Access Management
  • Access management (Controls 5.15–5.18)
  • System and application access control (Controls 8.2–8.5)
5. Supplier Relationships Security
  • Supplier relationships security (Controls 5.19–5.21)
  • Managing supplier service delivery and cloud services security (Controls 5.22 and 5.23)
6. Information Security Event Management
  • Information security incident management (Controls 5.24–5.28, and 6.8)
  • Logging and monitoring (Controls 8.15–8.17)
7. Continuity
  • Continuity (Controls 5.29, 5.30, and 8.13)
  • Backup and availability (Controls 8.13 and 8.14)
8. Legal, Compliance, and Security Assurance
  • Legal and compliance (Controls 5.31–5.33)
  • Information security assurance (Control 5.35 and 5.36)
9. Human Resource Security
  • Prior to employment (Controls 6.1 and 6.2)
  • During employment (Controls 6.3–6.6)
10. Physical Security
  • Ensuring authorized access (Controls 7.1–7.3)
  • Protecting secure areas (Controls 7.4–7.6)
  • Equipment security (Controls 7.7–7.10)
  • Utilities, cabling, and equipment management (Controls 7.11–7.14)
11. System and Network Security
  • Network security management (Controls 8.20–8.23)
  • Protection of information systems (Controls 8.7, 8.18, 8.30, and 8.34)
12. Threat and Vulnerability Management and Secure Configuration
  • Threat and vulnerability management (Controls 5.7 and 8.8)
  • Secure configuration (Controls 8.9, 8.19, and 8.24)
13. Application Security
  • Secure development (Controls 8.25–8.28)
  • Testing, separate environments, and change management (Controls 8.29, 8.31, and 8.32)
Conclusion
  • Achieving ISO 27001 compliance

Taught by

Marc Menninger

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network