ISO 27001:2022-Compliant Cybersecurity: The Annex A Controls

سرفصل های دوره

The Annex A controls in the ISO 27001 standard are used by organizations around the world to improve their information security programs and demonstrate good security practices to others. In this second part of his two-part ISO 27001 course, instructor Marc Menninger provides a comprehensive overview of all 93 security controls in Annex A of the ISO 27001 standard. You can use this knowledge to build a better security program and prepare for compliance with the ISO 27001 standard. This course includes handy documents with recommended ways to demonstrate compliance with ISO 27001, providing you with tools you need to get started on implementing the controls to build an ISO 27001-compliant cybersecurity program.

Note: It is recommended that you start with part one, ISO 27001:2022-Compliant Cybersecurity: Getting Started, which includes background information and compliance requirements you need to know if you're serious about building an ISO 27001-compliant cybersecurity program.

01 - Introduction

01 - Introduction to the Annex A controls

02 - 1. Governance

01 - Policies for information security (Control 5.1)

02 - Roles, responsibilities, and duties (Controls 5.25.4)

03 - Contacts and project management (Controls 5.5, 5.6, and 5.8)

03 - 2. Asset Management

01 - Responsibility for information assets (Controls 5.9, 5.10, 6.7, and 8.1)

02 - Asset security procedures (Controls 5.11, 5.14, and 5.37)

04 - 3. Information Protection

01 - Classification, labeling, and privacy (Controls 5.12, 5.13, and 5.34)

02 - Deletion, masking, DLP, and test data (Controls 8.108.12, and 8.33)

05 - 4. Identity and Access Management

01 - Access management (Controls 5.155.18)

02 - System and application access control (Controls 8.28.5)

06 - 5. Supplier Relationships Security

01 - Supplier relationships security (Controls 5.195.21)

02 - Managing supplier service delivery and cloud services security (Controls 5.22 and 5.23)

07 - 6. Information Security Event Management

01 - Information security incident management (Controls 5.245.28, and 6.8)

02 - Logging and monitoring (Controls 8.158.17)

08 - 7. Continuity

01 - Continuity (Controls 5.29, 5.30, and 8.13)

02 - Backup and availability (Controls 8.13 and 8.14)

09 - 8. Legal, Compliance, and Security Assurance

01 - Legal and compliance (Controls 5.315.33)

02 - Information security assurance (Control 5.35 and 5.36)

10 - 9. Human Resource Security

01 - Prior to employment (Controls 6.1 and 6.2)

02 - During employment (Controls 6.36.6)

11 - 10. Physical Security

01 - Ensuring authorized access (Controls 7.17.3)

02 - Protecting secure areas (Controls 7.47.6)

03 - Equipment security (Controls 7.77.10)

04 - Utilities, cabling, and equipment management (Controls 7.117.14)

12 - 11. System and Network Security

01 - Network security management (Controls 8.208.23)

02 - Protection of information systems (Controls 8.7, 8.18, 8.30, and 8.34)

13 - 12. Threat and Vulnerability Management and Secure Configuration

01 - Threat and vulnerability management (Controls 5.7 and 8.8)

02 - Secure configuration (Controls 8.9, 8.19, and 8.24)

14 - 13. Application Security

01 - Secure development (Controls 8.258.28)

02 - Testing, separate environments, and change management (Controls 8.29, 8.31, and 8.32)

15 - Conclusion

01 - Achieving ISO 27001 compliance

189,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: LinkedIn Learning (Lynda)