Autoplay
Autocomplete
Previous Lesson
Complete and Continue
TRECCERT® ISO/IEC 27001 Lead Implementer
Course Introduction
Welcome to the Course (2:09)
Acknowledgements
The TRECCERT ISO/IEC 27001 Lead Implementer Certification (7:35)
The TRECCERT ISO/IEC 27001 Lead Implementer Exam (2:56)
How to maintan your TRECCERT Certification (3:42)
Course Disclaimers
Chapter 1: Information Security Fundamentals
Chapter 1 Overview (0:58)
Information Assets (2:34)
What is Information Security? (2:19)
The CIA Triad (3:55)
Authenticity and Non-repudiation (3:43)
Review Questions: Information Security Fundamentals
Chapter 1 Summary
Chapter 2: ISO/IEC 27001:2022
Chapter 2 Overview (0:47)
Management Systems (9:37)
Information Security Management Systems (5:59)
International Standards (3:44)
ISO 27000 Family of Standards (5:58)
Navigating the ISO 27000 Family of Standards (5:18)
Resource: Mind Map Collection
Other Frameworks worth knowing (11:52)
ISO/IEC 27001 Overview (3:32)
History of ISO/IEC 27001 (2:25)
Table of Contents (4:44)
Review Questions: ISO/IEC 27001
Chapter 2 Summary
Chapter 3: Implementation Project
Chapter 3 Overview (0:45)
Normative Requirements (3:42)
Clause 7.5: Documented Information (11:10)
Project Deliverables (5:19)
Project Plan (9:22)
Resource: Project Plan
Process Landscape (3:04)
Chapter 3 Summary
Step 1: Management Support
Step 1 Overview (6:31)
Business Case (5:12)
Clause 5.1: Leadership and Commitment (5:31)
Clause 5.3: Organizational Roles, Responsibilities and Authorities (9:30)
Information Security Governance Process (3:29)
Review Questions: Step 1
Step 1 Summary
Step 2: Scope of the ISMS
Step 2 Overview (3:20)
Context Analysis Process (3:00)
Customer Relationship Management Process (3:01)
Clause 4.1: Understanding the organization and its context (5:37)
Clause 4.2: Understanding the needs and expectations of interested parties (6:27)
Control A.5.31: Legal, statutory, regulatory and contractual requirements (5:12)
Clause 4.3: Determining the scope of the ISMS (6:32)
Resource: ISMS Scope Template
Clause 4.4: Information Security Management System (1:29)
Review Questions: Step 2
Case Study: MCAS Engineering Group (2:21)
Case Study: Scope of the ISMS (1:38)
Step 2 Summary
Step 3: Gap Analysis
Step 3 Overview (2:51)
Step 4: Information Security Policy
Step 4 Overview (3:04)
Clause 6.2: Information Security Objectives (8:44)
Clause 5.2: Policy (6:54)
Control A.5.1: Policies for Information Security (2:48)
Security Policy Management Process (3:12)
Clause 7.4: Communication (2:40)
Communication Process (1:59)
Resource: Information Security Policy Template
Case Study: Information Security Objectives (1:01)
Review Questions: Information Security Policy
Step 4 Summary
Step 5: Competence Assurance
Step 5 Overview (3:50)
Security Awareness and Training Process (3:29)
Clause 7.2: Competence (5:00)
Clause 7.3: Awareness (2:49)
Control A.6.3: Information security awareness, education and training (3:06)
Review Questions: Step 5
Step 5 Summary
Step 6: Inventory of Assets
Step 6 Overview (3:24)
Control A.5.9: Inventory of information and other associated assets (8:08)
Control A.5.12: Classification of information (4:59)
Resource: Information Classification Policy Template
Control A.5.13: Labelling of information (3:59)
Review Questions: Asset Management
Case Study: Asset Inventory (2:33)
Step 6 Summary
Step 7: Risk Management Methodology
Step 7 Overview (3:27)
Risk Management Fundamentals (5:22)
Information Security Risk Management (5:08)
Review Questions: Risk Management Fundaments
Risk Management Process and ISO/IEC 27005 (3:57)
Clause 6.1: Actions to address risks and opportunities (2:03)
Clause 6.1.2: Information Security Risk Assessment (8:39)
Risk Assessment Process (2:48)
Clause 6.1.3: Information Security Risk Treatment (7:19)
Risk Treatment Process (3:48)
Resource: Risk Management Procedures
Control Implementation Process (1:34)
Review Questions: Risk Management Methodology
Step 7 Summary
Step 8: Information Security Risk Assessment
Step 8 Overview (2:46)
Clause 8.2: Information Security Risk Assessment (2:40)
Threats (3:16)
Vulnerabilities (1:47)
Case Study: Risk Assessment for MCAS Engineering Group (7:30)
Step 8 Summary
Step 9: Information Security Risk Treatment
Step 9 Overview (5:22)
Clause 8.3: Information Security Risk Treatment (1:42)
Security Controls (6:35)
Annex A Overview (5:24)
Resource: Statement of Applicability (SoA) Template
Case Study: Develop a Risk Treatment Plan (1:13)
Clause 7.1: Resources (3:31)
Resource Management Process (2:54)
Records Control Process (2:35)
Step 9 Summary
Annex A: Management of the ISMS
A.5.1 Policies for information security (2:48)
A.5.2 Information security roles and responsibilities (1:35)
A.5.3 Segregation of duties (1:20)
A.5.4 Management responsibilities (1:38)
A.5.5 Contact with authorities (1:21)
A.5.6 Contact with special interest groups (1:29)
A.5.7 Threat intelligence (2:17)
A.5.8 Information security in project management (2:09)
Annex A: Asset Management
Learning Objectives
A.5.9 Inventory of information and other associated assets (8:08)
A.5.10 Acceptable use of information and other associated assets (1:22)
A.5.11 Return of assets (1:34)
A.5.12 Classification of information (4:59)
A.5.13 Labelling of information (3:59)
A.5.14 Information transfer (2:26)
Annex A: Access Rights Management
Learning Objectives
A.5.15 Access control (1:38)
A.5.16 Identity management (1:02)
A.5.17 Authentication information (1:32)
A.5.18 Access rights (0:58)
Annex A: Supplier Management
Learning Objectives
Supplier Management Process (2:40)
A.5.19 Information security in supplier relationships (2:10)
A.5.20 Addressing information security within supplier agreements (1:51)
A.5.21 Managing information security in the information and communication technology (ICT) supply chain (1:05)
A.5.22 Monitoring, review and change management of supplier services (1:23)
A.5.23 Information security for use of cloud services (1:50)
Annex A: Information Security Incident Management
Learning Objectives
Information Security Incident Management Process (3:02)
A.5.24 Information security incident management planning and preparation (1:34)
A.5.25 Assessment and decision on information security events (0:51)
A.5.26 Response to information security incidents (1:21)
A.5.27 Learning from information security incidents (1:08)
A.5.28 Collection of evidence (1:09)
A.5.29 Information security during disruption (0:49)
A.5.30 ICT readiness for business continuity (1:53)
Annex A: Compliance
Learning Objectives
A.5.31 Legal, statutory, regulatory and contractual requirements (5:12)
A.5.32 Intellectual property rights (1:25)
A.5.33 Protection of records (1:55)
A.5.34 Privacy and protection of personal identifiable information (PII) (1:00)
A.5.35 Independent review of information security (1:09)
A.5.36 Compliance with policies, rules and standards for information security (1:06)
A.5.37 Documented operating procedures (0:52)
Annex A: 6. People Controls
Learning Objectives
A.6.1 Screening (3:45)
A.6.2 Terms and conditions of employment (3:48)
A.6.3 Information security awareness, education and training (3:06)
A.6.4 Disciplinary process (3:18)
A.6.5 Responsibilities after termination or change of employment (3:27)
A.6.6 Confidentiality or non-disclosure agreements (3:18)
A.6.7 Remote working (2:46)
A.6.8 Information security event reporting (2:34)
Annex A: 7. Physical Controls
Learning Objectives
A.7.1 Physical security perimeters (4:03)
A.7.2 Physical entry (5:35)
A.7.3 Securing offices, rooms and facilities (4:26)
A.7.4 Physical security monitoring (5:12)
A.7.5 Protecting against physical and environmental threats (3:03)
A.7.6 Working in secure areas (4:31)
A.7.7 Clear desk and clear screen (3:56)
A.7.8 Equipment siting and protection (7:25)
A.7.9 Security of assets off-premises (6:04)
A.7.10 Storage media (4:32)
A.7.11 Supporting utilities (3:23)
A.7.12 Cabling security (3:08)
A.7.13 Equipment maintenance (3:16)
A.7.14 Secure disposal or re-use of equipment (2:31)
Annex A: Access Security
Learning Objectives
A.8.1 User end point devices (1:42)
A.8.2 Privileged access rights (2:07)
A.8.3 Information access restriction (1:52)
A.8.4 Access to source code (1:55)
A.8.5 Secure authentication (2:34)
Annex A: Operational Security
Learning Objectives
A.8.6 Capacity management (2:47)
A.8.7 Protection against malware (2:28)
A.8.8 Management of technical vulnerabilities (2:04)
A.8.9 Configuration management (2:33)
Annex A: Data Security
Learning Objectives
A.8.10 Information deletion (3:01)
A.8.11 Data masking (2:05)
A.8.12 Data leakage prevention (2:01)
A.8.13 Information backup (2:17)
A.8.14 Redundancy of information processing facilities (2:03)
Annex A: System Security
Learning Objectives
A.8.15 Logging (2:38)
A.8.16 Monitoring activities (2:26)
A.8.17 Clock synchronization (1:42)
A.8.18 Use of privileged utility programs (1:36)
A.8.19 Installation of software on operational systems (2:22)
Annex A: Network Security
Learning Objectives
A.8.20 Networks security (2:03)
A.8.21 Security of network services (1:35)
A.8.22 Segregation of networks (2:16)
A.8.23 Web filtering (1:38)
A.8.24 Use of cryptography (2:09)
Annex A: Development Security
Learning Objectives
A.8.25 Secure development life cycle (1:38)
A.8.26 Application security requirements (1:59)
A.8.27 Secure system architecture and engineering principles (3:07)
A.8.28 Secure coding (2:59)
A.8.29 Security testing in development and acceptance (1:47)
A.8.30 Outsourced development (1:53)
A.8.31 Separation of development, test and production environments (2:06)
A.8.32 Change management (1:42)
A.8.33 Test information (1:19)
A.8.34 Protection of information systems during audit testing (1:24)
Step 10: Performance Evaluation
Step 10 Overview (3:28)
What is Compliance? (1:30)
Clause 9.1: Monitoring, Measurement, Analysis and Evaluation (4:09)
Performance Evaluation Process (2:12)
Clause 9.2: Internal Audit (5:24)
Internal Audit Process (3:43)
Clause 9.3: Management Review (3:19)
Management Review Process (3:37)
Review Questions: Performance Evaluation
Step 11: Improvement
Step 11 Overview (2:41)
Clause 10.1: Continual Improvement (4:17)
Clause 10.2: Nonconformity and corrective action (7:04)
ISMS Improvement Process (2:12)
ISMS Change Management Process (3:09)
Review Questions: Improving the ISMS
Step 12: Certification Audit
Step 12 Overview (1:20)
Certification Process (3:52)
Review Questions: Certification Audit
Step 12 Summary
Practice Exam
Practice Exam
A.7.8 Equipment siting and protection
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock