+- Softwarez.Info - Software's World! (https://softwarez.info)
+-- Forum: Library Zone (https://softwarez.info/Forum-Library-Zone)
+--- Forum: Video Tutorials (https://softwarez.info/Forum-Video-Tutorials)
+--- Thread: Iso/Iec 27001 Lead Auditor For Information Security (/Thread-Iso-Iec-27001-Lead-Auditor-For-Information-Security)
Iso/Iec 27001 Lead Auditor For Information Security - AD-TEAM - 01-30-2025
![[Image: a87de6f31b5b9a6ed55ab1d41a181f97.jpg]](https://i124.fastpic.org/big/2025/0130/97/a87de6f31b5b9a6ed55ab1d41a181f97.jpg)
Iso/Iec 27001 Lead Auditor For Information Security
Published 1/2025
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 11.04 GB | Duration: 12h 15m
Advance your information security career by mastering ISMS auditing to ISO/IEC 27001:2022
What you'll learn
Management system auditing principles and basics
Requirements of ISO/IEC 27001 from the auditor's perspective
Assessing the information security controls from ISO/IEC 27001
Formulating findings and conculsions for the ISMS audit
Requirements
Familiarity with the framework for information security management proposed by ISO/IEC 27001 is useful but not mandatory
Description
This course will help you master Information Security Management System (ISMS) auditing and the requirements of ISO/IEC 27001:2022, equipping you with essential skills to advance your career in the rapidly growing field of information security.Compliance with international standards, such as ISO/IEC 27001, is now a critical requirement for organizations across industries, including finance, engineering, IT, transportation, professional services or manufacturing. Professionals skilled in assessing compliance and in guiding organizations to strengthen their information security are in high demand.By enrolling in this online course, you will gain a solid understanding of auditing fundamentals, the specific requirements of ISO/IEC 27001, the standard's proposed security controls, and how to evaluate compliance during an ISMS audit.The first part of the course introduces the foundational concepts of information security management systems. You will explore what an ISMS is, the standards within the ISO/IEC 27000 series, and the purpose and structure of ISO/IEC 27001:2022.Next, the course provides a comprehensive overview of management system auditing basics. You will learn about the core principles auditors must adhere to, effective methods for collecting audit evidence, and critical documents such as the audit programme, audit plan, and audit report. This section also delves into remote auditing, how to analyze audit findings and conclusions, and the differences between lead auditors and auditors, as well as internal and external audits.The subsequent section focuses on auditing the management system requirements of ISO/IEC 27001. Key topics include auditing the information security risk assessment, assessing the scope of the ISMS, reviewing the information security policy and objectives, evaluating the management reviews and the internal audits of the ISMS, auditing the statement of applicability and the risk treatment plan or reviewing how the organization manages nonconformities. Each topic is analyzed from an auditor's perspective, emphasizing the critical areas to evaluate during compliance assessments.The following four sections of the course address the main themes of information security controls as outlined in ISO/IEC 27001:2022:Organizational Controls, such as policies, supplier relationships, incident management, privacy and protection of personally identifiable information, access control, threat intelligence, information classification and labelling of the inventory of information and assets.People Controls, including screening, disciplinary process, information security education and training, confidentiality and non-disclosure agreements.Physical Controls, focusing on securing the infrastructure, protecting against natural and environmental threats, cabling security, protecting assets off-premises or managing storage media throughout its life cycle.Technological Controls, covering topics like cryptography, malware protection, network security, secure development, capacity management, backups, information deletion, data masking, vulnerability management or system redundancy.This course provides suggestions for assessing during the ISMS audit challenges such as those posed by remote working, or the use of personal devices for work purposes (BYOD) . You will gain actionable insights into how auditors can evaluate compliance with these controls effectively.The final section of the course focuses on closing the ISMS audit, covering how to formulate the audit's findings and conclusions, how to conduct the closing meeting and plan the necessary post-audit activities.This course provides a complete and detailed exploration of ISO/IEC 27001 requirements, with inputs from related standards such as ISO/IEC 27002, ISO/IEC 27005, and ISO/IEC 27035. It combines theoretical knowledge with practical examples, offering auditors valuable guidance on where to focus to gather meaningful evidence.Whether you are a professional aiming to advance your career as an ISMS auditor or preparing for an upcoming audit, this course offers a structured and comprehensive approach to mastering ISO/IEC 27001:2022 ISMS auditing.
Overview
Section 1: Introduction
Lecture 1 Introduction
Lecture 2 What is an ISMS (Information Security Management System)?
Lecture 3 The ISO/IEC 27000 series of standards
Lecture 4 About ISO/IEC 27001:2022
Lecture 5 Certification to ISO/IEC 27001
Section 2: Generic aspects about management system auditing
Lecture 6 What is a management system audit?
Lecture 7 Principles of management system auditing
Lecture 8 What is an audit programme?
Lecture 9 Preparing for an audit
Lecture 10 The audit team
Lecture 11 Lead auditor vs. Auditor
Lecture 12 The audit plan
Lecture 13 Conducting an audit
Lecture 14 Collecting and recording evidence
Lecture 15 Remote auditing
Lecture 16 Audit findings and conclusions
Lecture 17 The audit report and post-audit activities
Section 3: Auditing the management system requirements in ISO/IEC 27001:2022
Lecture 18 Strategy for auditing an ISMS
Lecture 19 Audit and documented information
Lecture 20 Auditing top management
Lecture 21 Context of the organization
Lecture 22 The scope of the ISMS
Lecture 23 Leadership and commitment
Lecture 24 The information security policy
Lecture 25 Organizational roles, responsibilities and authorities
Lecture 26 Addressing risks and opportunities
Lecture 27 The information security risk assessment
Lecture 28 Information security risk treatment
Lecture 29 The Statement of Applicability (SoA)
Lecture 30 Information security objectives and planning to achieve them
Lecture 31 Planning of changes
Lecture 32 Resources
Lecture 33 Competence and awareness
Lecture 34 Communication
Lecture 35 The ISMS documented information
Lecture 36 Operational planning and control
Lecture 37 Monitoring, measurement, analysis and evaluation
Lecture 38 Internal audit
Lecture 39 Management review
Lecture 40 Continual improvement
Lecture 41 Management of nonconformities
Lecture 42 Recapitulation - Management system requirements of ISO/IEC 27001:2022
Section 4: Organizational controls
Lecture 43 Considerations about the organizational controls
Lecture 44 Policies and procedures for information security
Lecture 45 Information security roles and responsibilities
Lecture 46 Segregation of duties
Lecture 47 Contact with authorities and with special interest groups
Lecture 48 Threat intelligence
Lecture 49 Information security in project management
Lecture 50 Inventory of information and associated assets
Lecture 51 Acceptable use of information and assets. Return of assets
Lecture 52 Classification and labelling of information
Lecture 53 Information transfer
Lecture 54 Access control and access rights
Lecture 55 Identity management
Lecture 56 Authentication information
Lecture 57 Information security in supplier relationships and agreeements
Lecture 58 Information security in the ICT supply chain
Lecture 59 Information security for use of cloud services
Lecture 60 Information security incident management
Lecture 61 Information security aspects of business continuity
Lecture 62 Compliance with legal, statutory and regulatory requirements
Lecture 63 Privacy and protection of PII
Lecture 64 Independent review of information security. Compliance with policies and rules
Lecture 65 Recapitulation - Organizational controls
Section 5: People controls
Lecture 66 Considerations about the people controls
Lecture 67 Screening
Lecture 68 Terms & conditions of employment. Confidentiality and non-disclosure agreements
Lecture 69 Information security awareness, education and training
Lecture 70 Disciplinary process
Lecture 71 Responsibilities after termination or change of employment
Lecture 72 Remote working
Lecture 73 Information security event reporting
Lecture 74 Recapitulation - People controls
Section 6: Physical controls
Lecture 75 Considerations about the physical controls
Lecture 76 Security perimeters. Phyiscal entry. Securing rooms and facilities
Lecture 77 Physical security monitoring
Lecture 78 Protection against physical and environmental threats
Lecture 79 Work in secure areas
Lecture 80 Clear desk and clear screen
Lecture 81 Equipment siting, protection and maintenance
Lecture 82 Security of assets off-premises
Lecture 83 Storage media
Lecture 84 Supporting utilities
Lecture 85 Cabling security
Lecture 86 Secure disposal and re-use of equipment
Lecture 87 Recapitulation Physical controls
Section 7: Technological controls
Lecture 88 Considerations about the technological controls
Lecture 89 User end-point devices
Lecture 90 Privileged access rights
Lecture 91 Information access restriction. Access to source code
Lecture 92 Secure authentication
Lecture 93 Capacity management
Lecture 94 Protection against malware
Lecture 95 Management of technical vulnerabilities
Lecture 96 Configuration management
Lecture 97 Information deletion
Lecture 98 Data masking
Lecture 99 Data leakage prevention
Lecture 100 Information backup
Lecture 101 Redundancy of information processing facilities
Lecture 102 Logging, monitoring and clock synchronization
Lecture 103 Use of privileged utility programs
Lecture 104 Installation of software on operational systems
Lecture 105 Security of networks and network services
Lecture 106 Web filtering
Lecture 107 Use of cryptography
Lecture 108 Secure development lifecycle
Lecture 109 Application security requirements
Lecture 110 Secure system architecture and engineering principles
Lecture 111 Secure coding
Lecture 112 Security testing. Test information
Lecture 113 Separation of development, test and production environments
Lecture 114 Outsourced development
Lecture 115 Change management
Lecture 116 Protection of information systems during audit testing
Lecture 117 Recapitulation Technological controls
Section 8: Closing the ISMS audit
Lecture 118 Closing the ISMS audit
Lecture 119 Some final considerations
Lecture 120 Thank you and good bye
Information security professionals,Aspiring ISMS auditors,IT Managers and System Administrators,Consultants and Advisors,Candidates for ISO/IEC 27001 Auditor exams,Organizational Leaders and Decision-Makers,Students or Recent Graduates in IT or Security Fields,ISO specialists and enthusiasts
![[Image: XMcjGOdm_o.jpg]](https://images2.imgbox.com/ae/cc/XMcjGOdm_o.jpg)
RapidGator
AlfaFile
TurboBit