ISO 27001 Cybersecurity manager. Guidelines.

The purpose of this course is to provide cybersecurity guidelines for the application of ISO 27001 (the popular standard for information security management systems).

After going through the lessons you will have a good understanding of the concepts, principles and requirements for an organization to design a cybersecurity system.

You will understand what are the typical security threats for different activities and processes and the recommended controls that an organization can implement in order to respond and protect itself.

The structure of the course includes:

– introductory aspects including definitions for the Cyberspace and Cybersecurity.

– the concepts of Confidentiality, Integrity, Authentication and Non–Repudiation as critical elements for any security system;

– information classification – schemes, levels and labeling aspects

– Threats, vulnerability, risk assessment (quantiative and qualitative methods) and the options for an organization to treat security risks.

– Internal organization requirements including support from top management and segregation of duties;

– aspect on mobile devices – like BYOD (Bring Your Own Device) and COPE (Company Owned Personally Enabled)

– human resources security – from screening to employment, the contractual requirements and disciplinary process plus the termination and change of employment

– requirements for the use of removable media

– access controls and authentication aspects plus how to manage privileges so they won’t generate security breaches