ISO/IEC 27001:2022. Information Security Management System

What is ISO/IEC 27001 and why it matters?
ISO/IEC 27001 is the world's most popular standard for information security management, and certification to this standard is highly sought after. It demonstrates an organization’s ability to safeguard information with robust controls, ensuring trust and reliability.
Global leaders like Google, Apple, Adobe, Oracle, and countless other tech corporations, financial institutions, healthcare providers, insurance companies, educational institutions, manufacturers, service companies, government agencies, and businesses of all sizes have implemented and certified Information Security Management Systems (ISMS) according to ISO/IEC 27001. This showcases their commitment to protecting the confidentiality, integrity, and availability of the information they handle.
Course Overview
My course delves into the management system requirements of ISO/IEC 27001:2022, along with the information security controls from the standard's annex (Annex A). This comprehensive guide will help you understand how to implement an ISMS, meet the necessary requirements and achieve compliance.
The course is structured into 6 sections:
-
the first section is an introduction to the concept of information security and to this standard, ISO/IEC 27001.
Among other aspects the introductive part addresses the following subjects: what represents an ISMS (Information Security Management System), what is the purpose of ISO/IEC 27001 and what is the structure of this standard or what are other standards in the ISO/IEC 27000 family that can be of interest for an information security professional.
- the second section of the course is about the management system requirements of ISO/IEC 27001:2022. 
The course follows the structure of the standard, covering all the requirements in each clause and sub-clause. The context of the organization, the scope of the ISMS, information security risk assessment and risk treatment, the information security objectives, the documentation of the ISMS, the internal audit of the ISMS, the management review, the information security policy or the management of nonconformities are among the subjects covered by this second section of the course.
- the third, fourth, fifth and sixth sections are all about the information security controls from Annex A of ISO/IEC 27001:2022
. There are 93 controls divided into 4 themes: Organizational controls (section 3 of the course), People controls (section 4), Physical controls (section 5) and Technological controls (section 6). The information security controls to be discussed cover, among others, subjects like incident management, supplier relationships, network security, business continuity and ICT readiness, equipment maintenance, storage media, the development of software and systems, the use of cryptography, authentication information, the screening of candidates for employment, the disciplinary process, change management, backup and redundancy, malware protection and technical vulnerability management, logging and monitoring, information security awareness and training, requirements for user end-point devices, capacity management, access privileges, protection against environmental threats, cabling security or secure coding.
If you are interested in the certification to ISO/IEC 27001 for organizations and individuals, there is a video dedicated to this subject at the end of the course.
After going through all the videos of this course you will have a good understanding of what are the requirements for an information security management system and how an organization can apply such a system and claim conformity to ISO/IEC 27001:2022.
The information will be very useful to you if you:
- work as a consultant helping organizations apply standards and implement management systems;
- participate in audits (internal or external audits) in accordance with ISO/IEC 27001:2022;
- work in a company that applies or intends to apply an information security management system;
- have an interest in information security management in general;
- are looking to build a career in information security.
If none of the options above suits your profile you can use the information in my course for awareness on information security and you will have a good image of the requirements that many organizations around the world have decided to adopt.
This course provides 7 hours of condensed information that you can revisit anytime you need and once you finish it you can prove your knowledge in the field of information security management with the certificate issued by Udemy.
*The course is updated to account for the 2024 Amendment to ISO/IEC 27001:2022 about climate change.
Who this course is for:
Information security managers
Information security consultants and auditors
Information security officers
Information security risk specialists
Managers and business owners
People involved in the implementation and administration of information security management systems according to ISO/IEC 27001
Information security management enthusiasts