Organizations are increasingly recognizing the importance of implementing best-practice security controls to safeguard their information assets. This course is for people with a basic understanding of information security, focusing on the practical skills needed for implementing the controls from ISO/IEC 27001:2022.
ISO/IEC 27002:2022 helps organizations select, implement and manage information security controls. It includes 4 security control clauses and 93 controls. During the two-day training, you will learn which controls are the most appropriate to implement and how to put these into practice within your organization.
How will I benefit?
- Gain in-depth knowledge of ISO/IEC 27002:2022 and its benefits from your partner in learning
- Understand how implementing security controls will help reduce levels of risk within your organization
- Implement the security controls more effectively through clear and practical guidance
Who should attend?
Anyone who wants to learn about:
- Identifying and analysing information security risks
- How risks can be evaluated
- What treatments, controls and measures can be implemented in order to mitigate risks
- Ongoing governance and risk monitoring processes
The course is applicable to individuals from any size or type of organization who are currently involved in (or will be in the future) planning, implementing, maintaining, supervising or assessing information security, as part of an ISO/IEC 27001 ISMS or a standalone system.
Prerequisites: You should have a basic knowledge of ISO/IEC 27001:2013 and ISO/IEC 27002:2013, as well as an understanding of the key principles of an ISMS.
We also recommend that you have an awareness of generic risk assessments and basic understanding of information security principles and terminology.
Some delegates on this course will have already attended our Information Security Management System (ISMS) Requirements of ISO 27001:2013 or Information Security Management System (ISMS) Implementing ISO/IEC 27001:2013 course.
We also recommend delegates have an understanding of the risk assessment approach currently employed in their organizations, should one exist.
What will I learn?
By the end of this course delegates will be able to:
- Explain concepts specific to information risk management, including terms and definitions
- Recognize typical information security risks faced by organizations
- Identify typical information security risk management concerns
- Communicate ISO/IEC 27005:2018 introduction, background, purpose, scope and structure
- Explain how ISO/IEC 27005:2018 integrates and interfaces with other standards, such as ISO/IEC 27001:2013
- Implement the topics covered in ISO/IEC 27005:2018 within your organization
- Determine the value of the information assets under your control
- Evaluate threats to information assets
- Identify, analyse and evaluate information security risks
- Prioritize and choose appropriate risk treatments
What's included?
On completion, you’ll be awarded an internationally recognized BSI Training Academy certificate.
Contact us
If you have any enquiries, let us know how can we help you.
Call: +91 80815 80815
Email us: info.in@bsigroup.com
Notes:
- This training content will be delivered via BSI’s Connected Learning Live Platform as a virtual classroom with the BSI tutor. This will provide the delegate with the flexibility of attending it from the convenience of home or office, without travelling to BSI facility. A stable internet connection, headset with USB connection, a quiet and suitable work area. In advance of the training a ‘testing room’ will be provided for delegates to confirm their hardware works and that they can fully participate in the training.
- Examination will be conducted online via an e-assessment platform 'Questionmark'. Invigilation will be done through delegate’s webcam and microphone.
Please Note: This training fee is applicable only for residents of India and the Indian subcontinent.
