ISO/IEC 27001 Lead Implementer

  Course Introduction

Available in days

days after you enroll

• Welcome to the Course (2:17) Start
• Acknowledgements Start
• The TRECCERT ISO/IEC 27001 Lead Implementer Certification (6:17) Start
• The TRECCERT ISO/IEC 27001 Lead Implementer Exam (3:20) Start
• Course Disclaimers Start

  Course Resources

Available in days

days after you enroll

• ISO/IEC 27001 Project Toolkit (0:42) Start
• Project Plan Start
• Policy Templates Start
• Process Templates Start
• Record Templates Start
• Mind Map Collection Start
• Bonus Resources Start

  Chapter 1: Information Security Fundamentals

Available in days

days after you enroll

• Chapter 1 Overview (0:54) Start
• Information Assets (3:41) Start
• What is Information Security? (2:06) Start
• The CIA Triad (3:37) Start
• Authenticity and Non-repudiation (4:22) Start
• Review Questions: Chapter 1 Start
• Chapter 1 Summary (1:08) Start

  Chapter 2: ISO/IEC 27001:2022

Available in days

days after you enroll

• Chapter 2 Overview (1:03) Start
• Management Systems (9:37) Start
• Information Security Management Systems (5:59) Start
• International Standards (2:55) Start
• ISO 27000 Family of Standards (8:41) Start
• Other Frameworks worth knowing (11:52) Start
• ISO/IEC 27001 Overview (6:46) Start
• History of ISO/IEC 27001 (2:38) Start
• Review Questions: Chapter 2 Start
• Chapter 2 Summary (1:36) Start

  Chapter 3: Implementation Project

Available in days

days after you enroll

• Chapter 3 Overview (0:58) Start
• Normative Requirements (3:41) Start
• Clause 7.5: Documented Information (11:01) Start
• Project Deliverables (3:17) Start
• Project Plan (6:45) Start
• Review Questions: Chapter 3 Start
• Chapter 3 Summary (2:29) Start

  Step 1: Management Support

Available in days

days after you enroll

• Step 1 Overview (7:36) Start
• Business Case (5:12) Start
• Clause 5.1: Leadership and Commitment (6:14) Start
• Clause 5.3: Organizational Roles, Responsibilities and Authorities (8:38) Start
• Information Security Governance Process (5:14) Start
• Review Questions: Step 1 Start
• Step 1 Summary (2:49) Start

  Step 2: Scope of the ISMS

Available in days

days after you enroll

• Step 2 Overview (2:43) Start
• Context Analysis Process (2:42) Start
• Clause 4.1: Understanding the organization and its context (8:57) Start
• Clause 4.2: Understanding the needs and expectations of interested parties (7:13) Start
• Control A.5.31: Legal, statutory, regulatory and contractual requirements (5:04) Start
• Clause 4.3: Determining the scope of the ISMS (6:44) Start
• Clause 4.4: Information Security Management System (6:06) Start
• Review Questions: Step 2 Start
• BlitzX Engineering - Company Profile (1:44) Start
• Case Study: Scope of the ISMS (0:43) Start
• Step 2 Summary (1:55) Start

  Step 3: Gap Analysis

Available in days

days after you enroll

• Step 3 Overview (2:51) Start

  Step 4: Information Security Policy

Available in days

days after you enroll

• Step 4 Overview (2:30) Start
• Clause 6.2: Information Security Objectives (10:42) Start
• Clause 5.2: Policy (6:47) Start
• Control A.5.1: Policies for Information Security (2:48) Start
• Policy Management Process (3:38) Start
• Clause 7.4: Communication (2:40) Start
• Communication Process (4:05) Start
• Review Questions: Step 4 Start
• Case Study: Information Security Objectives (1:01) Start
• Step 4 Summary (3:20) Start

  Step 5: Competence Assurance

Available in days

days after you enroll

• Step 5 Overview (3:14) Start
• Clause 7.2: Competence (7:51) Start
• Clause 7.3: Awareness (4:03) Start
• Control A.6.3: Information security awareness, education and training (6:33) Start
• Security Awareness and Training Process (3:25) Start
• Review Questions: Step 5 Start
• Step 5 Summary (2:31) Start

  Step 6: Inventory of Assets

Available in days

days after you enroll

• Step 6 Overview (2:39) Start
• Control A.5.9: Inventory of information and other associated assets (6:01) Start
• Control A.5.12: Classification of information (5:26) Start
• Control A.5.13: Labelling of information (4:11) Start
• Review Questions: Step 6 Start
• Case Study: Asset Inventory (2:33) Start
• Step 6 Summary (1:49) Start

  Step 7: Risk Management Methodology

Available in days

days after you enroll

• Step 7 Overview (4:39) Start
• Risk Management Fundamentals (6:39) Start
• Risk Management Process (4:26) Start
• Clause 6.1.1: General (3:43) Start
• Clause 6.1.2: Information Security Risk Assessment (8:39) Preview
• Risk Assessment Process (3:32) Start
• Clause 6.1.3: Information Security Risk Treatment (7:19) Start
• Risk Treatment Process (5:11) Start
• Resource: Risk Management Procedures Start
• Review Questions: Step 7 Start
• Step 7 Summary (1:46) Start

  Step 8: Information Security Risk Assessment

Available in days

days after you enroll

• Step 8 Overview (2:46) Start
• Clause 8.2: Information Security Risk Assessment (2:40) Start
• Threats (3:16) Start
• Vulnerabilities (1:47) Start
• Case Study: Risk Assessment for MCAS Engineering Group (7:30) Start
• Step 8 Summary Start

  Step 9: Information Security Risk Treatment

Available in days

days after you enroll

• Step 9 Overview (5:22) Start
• Clause 8.3: Information Security Risk Treatment (1:42) Start
• Security Controls (6:35) Start
• Annex A Overview (5:24) Start
• Case Study: Develop a Risk Treatment Plan (1:13) Start
• Clause 7.1: Resources (3:31) Start
• Resource Management Process (2:54) Start
• Records Control Process (2:35) Start
• Step 9 Summary Start

  Annex A: 5. Organizational Controls

Available in days

days after you enroll

• Learning Objectives Start
• A.5.1 Policies for information security (2:48) Start
• A.5.2 Information security roles and responsibilities (1:35) Start
• A.5.3 Segregation of duties (1:20) Start
• A.5.4 Management responsibilities (1:38) Start
• A.5.5 Contact with authorities (1:21) Start
• A.5.6 Contact with special interest groups (1:29) Start
• A.5.7 Threat intelligence (2:17) Start
• A.5.8 Information security in project management (2:09) Start
• A.5.9 Inventory of information and other associated assets (6:01) Start
• A.5.10 Acceptable use of information and other associated assets (1:22) Start
• A.5.11 Return of assets (1:34) Start
• A.5.12 Classification of information (5:26) Start
• A.5.13 Labelling of information (4:11) Start
• A.5.14 Information transfer (2:26) Start
• A.5.15 Access control (1:38) Start
• A.5.16 Identity management (1:02) Start
• A.5.17 Authentication information (1:32) Start
• A.5.18 Access rights (0:58) Start
• Supplier Management Process (2:40) Start
• A.5.19 Information security in supplier relationships (2:10) Start
• A.5.20 Addressing information security within supplier agreements (1:51) Start
• A.5.21 Managing information security in the information and communication technology (ICT) supply chain (1:05) Start
• A.5.22 Monitoring, review and change management of supplier services (1:23) Start
• A.5.23 Information security for use of cloud services (1:50) Start
• Information Security Incident Management Process (3:02) Start
• A.5.24 Information security incident management planning and preparation (1:34) Start
• A.5.25 Assessment and decision on information security events (0:51) Start
• A.5.26 Response to information security incidents (1:21) Start
• A.5.27 Learning from information security incidents (1:08) Start
• A.5.28 Collection of evidence (1:09) Start
• A.5.29 Information security during disruption (0:49) Start
• A.5.30 ICT readiness for business continuity (1:53) Start
• A.5.31 Legal, statutory, regulatory and contractual requirements (5:12) Start
• A.5.32 Intellectual property rights (1:25) Start
• A.5.33 Protection of records (1:55) Start
• A.5.34 Privacy and protection of personal identifiable information (PII) (1:00) Start
• A.5.35 Independent review of information security (1:09) Start
• A.5.36 Compliance with policies, rules and standards for information security (1:06) Start
• A.5.37 Documented operating procedures (0:52) Start

  Annex A: 6. People Controls

Available in days

days after you enroll

• Learning Objectives Start
• A.6.1 Screening (7:16) Start
• A.6.2 Terms and conditions of employment (4:23) Start
• A.6.3 Information security awareness, education and training (6:33) Start
• A.6.4 Disciplinary process (4:12) Start
• A.6.5 Responsibilities after termination or change of employment (4:50) Start
• A.6.6 Confidentiality or non-disclosure agreements (4:39) Start
• A.6.7 Remote working (5:38) Start
• A.6.8 Information security event reporting (4:26) Start

  Annex A: 7. Physical Controls

Available in days

days after you enroll

• Learning Objectives Start
• A.7.1 Physical security perimeters (8:52) Start
• A.7.2 Physical entry (6:21) Start
• A.7.3 Securing offices, rooms and facilities (4:14) Start
• A.7.4 Physical security monitoring (4:12) Start
• A.7.5 Protecting against physical and environmental threats (3:57) Start
• A.7.6 Working in secure areas (3:05) Start
• A.7.7 Clear desk and clear screen (6:34) Start
• A.7.8 Equipment siting and protection (4:49) Start
• A.7.9 Security of assets off-premises (5:45) Start
• A.7.10 Storage media (6:09) Start
• A.7.11 Supporting utilities (5:30) Start
• A.7.12 Cabling security (5:53) Start
• A.7.13 Equipment maintenance (4:36) Start
• A.7.14 Secure disposal or re-use of equipment (3:34) Start

  Annex A: 8. Technological Controls

Available in days

days after you enroll

• Learning Objectives Start
• A.8.1 User end point devices (1:42) Start
• A.8.2 Privileged access rights (2:07) Start
• A.8.3 Information access restriction (1:52) Start
• A.8.4 Access to source code (1:55) Start
• A.8.5 Secure authentication (2:34) Start
• A.8.6 Capacity management (2:47) Start
• A.8.7 Protection against malware (2:28) Start
• A.8.8 Management of technical vulnerabilities (2:04) Start
• A.8.9 Configuration management (2:33) Start
• A.8.10 Information deletion (3:01) Start
• A.8.11 Data masking (2:05) Start
• A.8.12 Data leakage prevention (2:01) Start
• A.8.13 Information backup (2:17) Start
• A.8.14 Redundancy of information processing facilities (2:03) Start
• A.8.15 Logging (2:38) Start
• A.8.16 Monitoring activities (2:26) Start
• A.8.17 Clock synchronization (1:42) Start
• A.8.18 Use of privileged utility programs (1:36) Start
• A.8.19 Installation of software on operational systems (2:22) Start
• A.8.20 Networks security (2:03) Start
• A.8.21 Security of network services (1:35) Start
• A.8.22 Segregation of networks (2:16) Start
• A.8.23 Web filtering (1:38) Start
• A.8.24 Use of cryptography (2:09) Start
• A.8.25 Secure development life cycle (1:38) Start
• A.8.26 Application security requirements (1:59) Start
• A.8.27 Secure system architecture and engineering principles (3:07) Start
• A.8.28 Secure coding (2:59) Start
• A.8.29 Security testing in development and acceptance (1:47) Start
• A.8.30 Outsourced development (1:53) Start
• A.8.31 Separation of development, test and production environments (2:06) Start
• A.8.32 Change management (1:42) Start
• A.8.33 Test information (1:19) Start
• A.8.34 Protection of information systems during audit testing (1:24) Start

  Step 10: Performance Evaluation

Available in days

days after you enroll

• Step 10 Overview (3:28) Start
• What is Compliance? (1:30) Start
• Clause 9.1: Monitoring, Measurement, Analysis and Evaluation (4:09) Start
• Performance Evaluation Process (2:12) Start
• Clause 9.2: Internal Audit (5:24) Start
• Internal Audit Process (3:43) Start
• Clause 9.3: Management Review (3:19) Start
• Management Review Process (3:37) Start
• Review Questions: Performance Evaluation Start

  Step 11: Improvement

Available in days

days after you enroll

• Step 11 Overview (2:41) Start
• Clause 10.1: Continual Improvement (4:17) Start
• Clause 10.2: Nonconformity and corrective action (7:04) Start
• ISMS Improvement Process (2:12) Start
• ISMS Change Management Process (3:09) Start
• Review Questions: Improving the ISMS Start

  Step 12: Certification Audit

Available in days

days after you enroll

• Step 12 Overview (2:26) Start
• Certification Process (5:00) Start
• Review Questions: Certification Audit Start
• Step 12 Summary Start

  Practice Exam

Available in days

days after you enroll

• Practice Exam Start
• How to maintan your TRECCERT Certification (3:19) Start