Trainings

ISO 27001:2022 Information Security Management System Awareness Training

28Novto29Nov
Trainings

COURSE DESCRIPTION

Sensitive data is protected by information security from unauthorized actions such as inspection, modification, recording, interruption, or destruction. The objective is to guarantee the security and privacy of sensitive data, including financial information, intellectual property, and account information for customers.

This course is designed for individuals within the organization from Top Management to the lower levels, so that all can understand the part they will play in implementing and maintaining an information security management system as specified in ISO/IEC 27001:2022.

COURSE OUTLINE

Day 1 (November 28, 2023)

Module 1: Information Security Management System Concepts – Information Security, Cybersecurity and privacy protection.

  • Information, data, and asset
  • Information Security, Cybersecurity, and Privacy Protection Concept
  • Information security Properties: Confidentiality, integrity and availability
  • Impact of vulnerabilities and threats
  • Information security risks
  • Security objectives and controls
  • Control environment

Module 2: ISO Standards and regulatory framework

  • The ISO
  • The ISO Principles
  • Management system standards
  • Integrated management systems
  • Information security standards
  • ISO 27000 family
  • ISO 27001 advantages
  • ISO 27002:2022 Implementation Updates
  • Legal and regulatory conformity

Day 2 (November 29, 2023)

Module 3: Information Security, Cybersecurity and Privacy Protection

  • (ISMS) Transition
  • The PDCA Framework
  • (ISMS including new changes) Implementation
  • Transition of the ISO 27001 Standard

Module 4: ISMS Implementation - Clauses 4-10

  • 4: Context of Organization (Changes in 4.2)
  • 5: Leader
  • 6: Planning (Changes in 6.2 and 6.3)
  • 7: Support
  • 8: Operation (Changes 8.1)
  • 9: Performance Evaluation
  • 10: Improvement

Module 5: ISMS Implementation – Annex 14 DOMAINS reduced to 4

  • A.5: Organization Controls – 37 controls
  • A.6: People Controls – 8 Controls
  • A.7: Physical Controls – 14 Controls
  • A.8: Technological Controls – 34 Controls

93 Information Security Controls

  • New Controls – 11
  • Merged Controls – 24 (57 merged into 24)
  • Deleted Controls -3

11 New Controls

  1. Threat Intelligence
  2. Information Security of Cloud Services
  3. ICT Readiness for Business Continuity
  4. Physical Security Monitoring
  5. Configuration Management
  6. Information deletion
  7. Data Masking
  8. Data Leakage Protection
  9. Monitoring Activities
  10. Web Filtering
  11. Secure Coding

Module 6: Certification Process

  • Certification Process
  • Transition Requirements
  • Certification schema
  • Accreditation authority, Certification bodies

METHODOLOGY

Participants will learn through lectures, case studies, group exercises, and discussions (workshops).

DURATION

2 Days (9:00 AM – 05:00 PM)

  • Europe-PH News

  • April 12, 2024

    Digitalization initiatives to drive financial services and employment opportunities in the PH

    Makati City, Philippines – The release of latest ... Read More

  • April 05, 2024

    Unleash Hell in Makati: The Ultimate MMA Festival Showdown at Kombat Sports Kalayaan!

    Get ready to witness the ultimate showdown as Kombat Spo... Read More

  • March 18, 2024

    Milestone Achieved: ECCP Celebrates Restart of EU-Philippines FTA Negotiations

    Manila, Philippines – The European Chamber of Commerce of the Phil... Read More