Trainings

ISO 27001:2022 Information Security Management System Awareness Training

28Novto29Nov
Trainings

COURSE DESCRIPTION

Sensitive data is protected by information security from unauthorized actions such as inspection, modification, recording, interruption, or destruction. The objective is to guarantee the security and privacy of sensitive data, including financial information, intellectual property, and account information for customers.

This course is designed for individuals within the organization from Top Management to the lower levels, so that all can understand the part they will play in implementing and maintaining an information security management system as specified in ISO/IEC 27001:2022.

COURSE OUTLINE

Day 1 (November 28, 2023)

Module 1: Information Security Management System Concepts – Information Security, Cybersecurity and privacy protection.

  • Information, data, and asset
  • Information Security, Cybersecurity, and Privacy Protection Concept
  • Information security Properties: Confidentiality, integrity and availability
  • Impact of vulnerabilities and threats
  • Information security risks
  • Security objectives and controls
  • Control environment

Module 2: ISO Standards and regulatory framework

  • The ISO
  • The ISO Principles
  • Management system standards
  • Integrated management systems
  • Information security standards
  • ISO 27000 family
  • ISO 27001 advantages
  • ISO 27002:2022 Implementation Updates
  • Legal and regulatory conformity

Day 2 (November 29, 2023)

Module 3: Information Security, Cybersecurity and Privacy Protection

  • (ISMS) Transition
  • The PDCA Framework
  • (ISMS including new changes) Implementation
  • Transition of the ISO 27001 Standard

Module 4: ISMS Implementation - Clauses 4-10

  • 4: Context of Organization (Changes in 4.2)
  • 5: Leader
  • 6: Planning (Changes in 6.2 and 6.3)
  • 7: Support
  • 8: Operation (Changes 8.1)
  • 9: Performance Evaluation
  • 10: Improvement

Module 5: ISMS Implementation – Annex 14 DOMAINS reduced to 4

  • A.5: Organization Controls – 37 controls
  • A.6: People Controls – 8 Controls
  • A.7: Physical Controls – 14 Controls
  • A.8: Technological Controls – 34 Controls

93 Information Security Controls

  • New Controls – 11
  • Merged Controls – 24 (57 merged into 24)
  • Deleted Controls -3

11 New Controls

  1. Threat Intelligence
  2. Information Security of Cloud Services
  3. ICT Readiness for Business Continuity
  4. Physical Security Monitoring
  5. Configuration Management
  6. Information deletion
  7. Data Masking
  8. Data Leakage Protection
  9. Monitoring Activities
  10. Web Filtering
  11. Secure Coding

Module 6: Certification Process

  • Certification Process
  • Transition Requirements
  • Certification schema
  • Accreditation authority, Certification bodies

METHODOLOGY

Participants will learn through lectures, case studies, group exercises, and discussions (workshops).

DURATION

2 Days (9:00 AM – 05:00 PM)

  • Europe-PH News

  • September 17, 2024

    Converge Unlocks Next-Level Hospitality with Converge Concierge with SkyTV

    Converge ICT Solutions Inc., the Philippines’ leading fiber broadb... Read More

  • June 24, 2024

    Turkish Airlines Named Best Airline in Europe at Skytrax Awards for the Ninth Time

    Turkish Airlines, the airline that flies to more countries than an... Read More

  • July 02, 2024

    Eastern Communications' employee-centric culture earns Great Place To Work Certification™

    Manila, Philippines — Eastern Communications... Read More