Welcome to the course on Information Security Management System! This is a self-paced course that makes you aware of the information security principles and introduces an approach to managing information security within an organization by implementing an information security management system (ISMS) based on the ISO 27001: 2013 standard. The course provides information on the necessary terms and concepts; explains the important clauses of the ISMS 27001 standard, and highlights how they are mapped with the Plan-Do-Check-Act approach. The course also covers how ISMS can be improved continually to meet the increasing demand of information security. This course is meant for everybody – be it a student who wishes to explore the information security management concepts, or a working professional in the domain of cyber security, or a business manager or a compliance manager or even an independent professional considering to implement cyber security in organizations.
Module 01 : Information Security Management Concepts
This module teaches the basics of information security management. An information security system is essential because protecting critical information has become an important business imperative for all organizations. An information management system enables you systematically use its concepts and principles to protect that critical information and gain the certification on information security. This module talks about the information security and how ISMS helps achieve that objective.
Module 02 : Introduction To ISO 27001:2013
This module talks about the series of standards dealing with information security, with special emphasis on 27001: 2013 standard, which enables organizations to implement information security. ISO/IEC 27001:2013 is a collection of best practices prevalent in the domain on information security and it is very important that organizations, irrespective of the size, nature, and functionality, follow these best practices to protect critical information assets. The module talks about the standard 27001:2013 and also compares it with the PDCA approach, which is a popular management approach used across organizations.
Module 03 : ISMS Mapped With PDCA
This module of the course deals with the mapping of the 27001: 2013 mapping with the PDCA approach. PDCA is an iterative four-step management method used in businesses for the control and continual improvement of processes and products. This module maps the PDCA steps with the clauses of the Annex SL, Appendix 2 of 27001:2013. The module talks about the uses of the PDCA approach and how it can be mapped with the ISMS and helps in protecting the critical information of the organizations.
Module 04 : Definitions As Per ISO 27001:2014
This module will familiarize you with some of the definitions and vocabulary related to Information Security, as per ISO 27000:2014. It is important to learn the terms and concepts used in ISMS so that you understand the nitty-gritties of these when used in the context of information security. Knowing the terminology can enable the learners to communicate effectively about ISMS and implementation of information security in their organizations.
Module 05 : Context Of The Organization
This module elaborates on aspects, which help you determine the Context or the environment of the organization in which ISMS objectives can be applied and achieved. The context of the organization is the fourth clause of the ISO 27001:2013 approach and falls under Plan step of PDCA. The module emphasizes on the internal and external factors, which affect the organization’s ability to meet its security objectives. The module also elaborates on the scope of ISMS, which entails to what all lines of business, locations, and departments of an organization an ISMS is applicable.
Module 06 : Role Of Leadership In Governance Of ISMS
This module provides insights on the role of leadership in furthering and enhancing the ISMS. The module also talks at length on the information security policy, which is a policy that the top management formulates and which imbibes the security objectives that an organization should follow and should abide by. This module talks of the role of the top leadership in extending the information security policy to the employees. Additionally, the module sees the leadership’s influence in further outspreading the ISMS and its continual improvement.
Module 07 : ISMS Risk Assessment
This module elaborates on the risks posed to ISMS. Thus, the module begins with the way to address the day-to- day risks and goes on to ISO’s definition of risk. Additionally, the module identifies the common information security risks and the methods to analyze and evaluate risks. It talks about the level of an organization’s acceptable risk criteria and how these concepts help evaluating the information security risks.
Module 08 : ISMS Risk Treatment
This module elaborates on the concepts, such as, a risk treatment plan, which is necessary to select appropriate risk treatment options. The module talks about four risk treatment options, based on which a risk treatment plan is devised and a control method is chosen to mitigate risk. Thus, the module elaborates on all these aspects in detail and enables the learner to have a thorough understanding of the process that is followed to mitigate risk. The module talks at length about the Annexure A of ISO 27001:2013, risk treatment process, and also the controls needed to proactively identify, manage, and reduce or eliminate risks.
Module 09 : Resource Management
This module is on Resource Management, which is the clause 7 of ISO 27001. This module covers in detail the support required to establish, implement, maintain and continually improve the ISMS, including ensuring that there are adequate resources not just at implementation time, but to ensure continued improvement of the ISMS. Resources can include people, systems and financial resources.
Module 10 : Continual Improvement Of ISMS
This module talks at length on the Monitoring, Measurement, Analysis, Evaluation, and Continual Improvement of ISMS. This comes under the check phase of the PDCA steps. This module covers how the management is responsible for ensuring that once the ISMS is adopted, it should be continually improved, even after obtaining certifications.
Module 11 : Implementation Of ISMS
This module on the Implementation of ISMS, takes the learner through the concepts on the implementation process of ISMS and whether the organization should go in for certifications after implementing the standard. There could be various reasons for implementing the ISMS and also various steps of the implementation steps. This module walks through the various implementation steps and reasons for opting for ISMS implementation.
Module 12 : Post Assessment
The Post Assessment module aims to ascertain the overall level of knowledge you gained from the course. Obtaining a score above the minimum stipulated threshold (75%) in the Post Assessment entitles you to earn a Certificate for yourself. Get Certified! Get Specialized!
Learn more: https://www.cisoacademy.com/digilearn/course-catalogue-details/4