Genre: eLearning | MP4 | Video: h264, 1280×720 | Audio: AAC, 44.1 KHz
Language: English | Size: 4.5 GB | Duration: 6h 43m
Understand the comprehensive set of information security, cybersecurity and privacy controls detailed in ISO/IEC 27002.
What you’ll learn
Define and establish information security controls
Implement information security management in an organization
Develop specific controls for different areas and domains
Ensure compliance with ISO/IEC 27001
Required policies and procedures for an ISMS
Description
This course details the information security controls in ISO/IEC 27002:2022.
It is intended to provide an overview of the 93 controls required for an ISMS (Information Security Management System).
The structure of the course includes an introductory section with a presentation of the ISO/IEC 27000 family of international standards, the position and the purpose of ISO/IEC 27002. The introductory section provides definitions for concepts like information security, cybersecurity and privacy and explains what is an ISMS and what it should consist of.
The second section of the course details the 37 Organizational controls in ISO/IEC 27002 including: roles and responsibilities, duties segregation, threat intelligence, information security in project management, information classification and labelling, access control, information transfer, supplier relationships from an information security perspective, ICT continuity, privacy and protection of PII or documented operating procedures as part of an ISMS.
Section three is about security controls that refer to the individuals working for or on behalf of the organization (People controls). It covers aspects like screening, terms and conditions of employment, training and awareness, disciplinary process or remote working.
The next section includes controls that address physical security (Physical controls) including: secure areas, entry controls, clear desk and clear screen, storage media, supporting utilities or the secure re-use and disposal of equipment.
Section number four covers Technological controls that refer to aspects like: the use of endpoint devices, data masking, information deletion, backup, cryptography, logging, networks security, secure development, secure coding, the protection of test information, web filtering, secure authentication, access to source code or the use of privileged utility programs.
The final section of the course provides information on the certification to ISO/IEC 27001 and ISO/IEC 27002 for both organizations and individuals.
Who this course is for:
Information security managers
ISMS auditors and consultants
Information security management practitioners and enthusiasts
Cybersecurity and privacy practitioners
Those interested in the ISO 27k framework
Password/解压密码www.tbtos.com
转载请注明:0daytown » ISO/IEC 27002. Information security controls.