This course details the information security controls in ISO/IEC 27002:2022.
It is intended to provide an overview of the 93 controls required for an ISMS (Information Security Management System).
The structure of the course includes an introductory section with a presentation of the ISO/IEC 27000 family of international standards, the position and the purpose of ISO/IEC 27002. The introductory section provides definitions for concepts like information security, cybersecurity and privacy and explains what is an ISMS and what it should consist of.
The second section of the course details the 37 Organizational controls in ISO/IEC 27002 including: roles and responsibilities, duties segregation, threat intelligence, information security in project management, information classification and labelling, access control, information transfer, supplier relationships from an information security perspective, ICT continuity, privacy and protection of PII or documented operating procedures as part of an ISMS.
Section three is about security controls that refer to the individuals working for or on behalf of the organization (People controls). It covers aspects like screening, terms and conditions of employment, training and awareness, disciplinary process or remote working.
The next section includes controls that address physical security (Physical controls) including: secure areas, entry controls, clear desk and clear screen, storage media, supporting utilities or the secure re-use and disposal of equipment.
Section number four covers Technological controls that refer to aspects like: the use of endpoint devices, data masking, information deletion, backup, cryptography, logging, networks security, secure development, secure coding, the protection of test information, web filtering, secure authentication, access to source code or the use of privileged utility programs.
The final section of the course provides information on the certification to ISO/IEC 27001 and ISO/IEC 27002 for both organizations and individuals.