Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Coursera

Mastering ISO 27001 Controls: Implementation and Auditing

Packt via Coursera

Go to class Write review

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
In today’s digital age, effective information security management is crucial for safeguarding organizational data and ensuring compliance with international standards. This course provides an in-depth understanding of ISO 27001 controls, helping professionals design, implement, and audit a robust Information Security Management System (ISMS). Through a structured, step-by-step learning approach, you’ll explore practical methods for managing and auditing security measures. The course helps you apply ISO 27001 principles to real-world environments, enabling you to strengthen compliance, reduce risks, and enhance your organization’s security posture. What sets this course apart is its balance of theory and practical application—combining technical knowledge with actionable insights drawn from real-world security and audit scenarios. You’ll gain confidence in interpreting ISO standards and translating them into effective organizational policies. This course is ideal for security managers, compliance officers, IT auditors, and professionals responsible for governance, risk, and compliance. A foundational understanding of information security is helpful but not required. Copyright @ Bridget Kenyon 2019, 2024. The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work. Formerly published as Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001 by BSI. First published in the United Kingdom in 2019 by IT Governance Publishing. Every possible effort has been made to ensure that the information contained in this course is accurate, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at: IT Governance Publishing Ltd, Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA, United Kingdom. www.itgovernancepublishing.co.uk

Syllabus

  • Scope of This Guide
    • In this section, we will outline the steps for implementing ISMS control requirements and auditing current control implementations to assist organizations in preparing for ISO/IEC 27001 certification.
  • Field of Application:
    • In this section, we will learn how to implement an Information Security Management System (ISMS) in compliance with ISO/IEC 27001.
  • Meeting ISO/IEC 27001 Requirements
    • In this section, we explain how to meet ISO/IEC 27001 requirements by implementing ISMS processes and selecting controls from Annex A.
  • Using Control Attributes
    • In this section, we explore how to use control attributes for risk categorization, analyze control imbalances, and select controls based on risk impact. The focus is on optimizing control selection and review for effective risk management.
  • Organizational Controls (ISO/IEC 27001, A.5)
    • In this section, we examine ISO/IEC 27001 A.5.1 control objectives, focusing on implementing and auditing information security policies with version control, access management, and periodic reviews for ISMS compliance.
  • People Controls (ISO/IEC 27001, A.6)
    • In this section, we examine background verification checks, qualification validation, and documentation to ensure compliance with legal and ethical standards in personnel selection.
  • Physical Controls
    • In this section, we examine how to define and maintain physical security perimeters using ISO/IEC 27001. Key concepts include access control, compliance, and regular auditing for asset protection.
  • Technological Controls
    • In this section, we examine securing user endpoint devices using ISO/IEC 27001 and A.8.1 standards. Key concepts include risk analysis, compliance auditing, and implementing security controls.

Taught by

Packt - Course Instructors

Reviews

Start your review of Mastering ISO 27001 Controls: Implementation and Auditing

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.