ISO 27001

Introduction

This ISO 27001 training course provides an overview and some details of the ISO 27001 standard correlated to the NIST Cybersecurity Framework CSF 2.0 which constitute a complete management system for Information Security, Cybersecurity, and Privacy Protection. Latest cybersecurity vulnerabilities, incidents and attacks worldwide is a reminder that standards and frameworks for information security management systems is a crucial component of a security defense strategy.

 ISO 27001 is a process-based certifiable standard, designed to provide a framework for organizations to ensure that their processes consistently produce outcomes that meet customer requirements and comply with applicable regulations.  Process-based standards are intended to help organizations improve efficiency, achieve operational excellence, and enhance customer satisfaction by adopting a systematic approach to managing and optimizing their processes. They emphasize the importance of understanding customer needs, establishing clear quality and security objectives, and engaging in continuous improvement. By becoming certified, organizations can demonstrate their commitment to quality and security, which can increase trust with customers and stakeholders and create a competitive advantage.

 In this training course, the security requirements (ISO 27001) and controls (ISO 27002) will be discussed in the context of the NIST CSF 2.0.

 The delegates attending this training course will learn the details of the NIST CSF including its functions, categories, and subcategories. CSF functions are govern, identify, protect, detect, respond, and recover. In turn, each function includes a number of categories and subcategories to enable detailed specifications. Detailed ISO 27001 security requirements and controls are presented and correlated to the NIST CSF.

 This GLOMACS ISO 27001 training course will highlight:

• The Structure of the NIST CSF
• ISO 27001 Security Requirements
• ISO 27002 Security Controls
• Correlation between ISO 27001 and the NIST CSF
• Active participation in discussions on aspects of ISO 27001 standard and the NIST CSF

Objectives

At the end of this training course, you will learn to:

• List and describe the NIST CSF functions and categories
• Describe the NIST CSF Structure
• Provide a summary of ISO 27001 and ISO 27002
• List and discuss the various ISO 27001 security requirements
• List and discuss the various ISO 27001 security controls
• Describe the mapping of the NIST SCF to ISO 27001 requirements and controls

Training Methodology

This training course will utilize various proven adult learning techniques to ensure maximum understanding, comprehension and retention of the information presented. This includes many examples to clarify the ISO 27001 and ISO 27002 standards and the NIST CSF and a set of breakout exercises to enable delegates active participation in discussions and sharing ideas and experiences towards the completions of the exercises.

Organisational Impact

The Organization will have the following benefits,

• Identifying a path for the organization to gain capability and experience with ISO/IEC AI standards and the NIST AI RMF
• Accepting that standards, and lifecycle-based risk assessment is the basis for addressing AI issues
• Implementing and adopting ISO/IEC AI standards and the NIST AI RMF
• Implementing and improving suggested actions to manage GAI risks
• Leaders which create organizational culture and structure for adopting AI standards and the NIST AI RMF.

Personal Impact

At the end of this training course, the participants will gain the following.

• Identifying a path for any leader and manager who wants to gain capability and confidence with ISO 27001 and ISO 27002 standards and the NIST CSF
• Understanding the value of mitigating IT security risks
• Identifying security controls to mitigate IT risks
• Enhancing their capabilities to lead standards implementation teams
• Improving their knowledge in ISO 27001 standars, and underlying governance aspects.