ISO/IEC 27001 Information Security: The Big Picture

Implementing ISO 27001 can be a daunting task. In this course, you'll learn what's involved in the certification process, the major phases of initial certification, and maintaining your certification. Also included are many tips to help you succeed.
Course info
Rating
(45)
Level
Beginner
Updated
Jun 1, 2016
Duration
2h 20m
Table of contents
Description
Course info
Rating
(45)
Level
Beginner
Updated
Jun 1, 2016
Duration
2h 20m
Description

Demand is growing for organizations to demonstrate their adherence to best practice for Information Security. If you're considering the ISO/IEC 27001 certification for your organization, completing this course will give you the confidence to achieve this security milestone. In ISO/IEC 27001 Information Security: The Big Picture, you'll learn essential knowledge of what is required to get your organization certified to this international standard. First, you will learn how to download and interpret the standard documentation and formal text. Next, you'll learn the process you need to go through to attain certification. Then, you'll learn how to retain your certification once you have successfully become certified. Finally, you will learn what tools and support you should consider to help make the process as easy and rapid as possible. When you're finished with this course, you will have the skills and knowledge to get your organization certified to an international information security standard.

About the author
About the author

Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.

More from the author
Cybersecurity Threats: Insider Threats
Beginner
2h 2m
13 Oct 2017
More courses by Richard Harpur
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Richard Harpur. Welcome to my course ISO/IEC 27001 Information Security: The Big Picture. I am a certified information security manager, and my day job is all about managing IT risks. Today, the concern about information security is mainstream. That's why I authored this course. After completing this course, you will have a thorough understanding of the standard, how the process works, and also what tools and supports you should consider when setting out to achieve ISO27001 certification. This course is for everyone who wants to understand more about the ISO standard, how to go about getting your organization certified, and what the certification process entails. Some of the major topics that we'll cover include the following. You will learn why ISO27001 certification is so important, help you understand the standard structure, show you what's involved in getting your organization certified, explain the process for retaining your certification once you've achieved it, and finally understanding the tools and support you'll need to get in place to ensure you succeed. By the end of this course, you'll have learned all about the certification process and will have a solid understanding of all the fundamental aspects of getting your organization certified. I hope you'll join me on this journey to learn information security, ISO/IEC 27001 Information Security: The Big Picture, at Pluralsight.

Certification Life Cycle - Attaining Your Certification
Up to this point in the course we've been covering a lot of material around the standard, its structure, and what the mandatory requirements were for you to implement your ISMS. I want to change gear now and show you how you take what you've learned all the way through to certification. We'll go through the certification lifecycle, but in this module we'll specifically focus on attaining your certification in the first instance. After all, most people who start out on the ISO27001 journey do so because they want to become certified. I'm going to show you the steps involved. So let's look at the overview for this module. Firstly, we're going to cover a map or pathway to certification. I'll take you all the way through from the decision point to become certified through to the pre-certification audit and the certification audit itself. I'm going to take you through what the audit process is like. It's quite a formal process. Also, there are particular findings that may arise during the audits. There are different categories of finding, so we're going to explain each one of those. The very first audit that you'll encounter is something called a Stage 1 Audit. I'm going to describe that in detail for you. After that, Stage 2 Audit becomes the next hurdle. This is really important as this is where you get recommended for certification or not, as the case may be. And finally, it can be difficult to put timeframes around the certification project because it very much depends on the scope, but I'll give you some indication from my experience in terms of what the effort was to become certified. So let's get started with the map of certification.

Certification Life Cycle - Retaining Your Certification
So you've just been informed that you're officially certified for ISO27001. Congratulations! It's a great sense of achievement once you attain your certification. Your boss will be delighted with you, your coworkers really impressed, and the marketing department can go to work in producing a good marketing story. It's a really good feeling to achieve the international standard for information security and also knowing it has helped to secure your business. But you can't take a vacation just yet because once you've achieved your certification, you must then ensure you carry on the required practices to retain your certification, and that's what I want to talk about in this module, retaining your certification. So let's look at the overview for this module. I'm going to bring you back to the map of certification. We initially looked at achieving certification. This time I'm going to expand that map and show you about retaining your certification. There are a number of different audits involved in order to retain your certification. I'm going to explain the frequency of these audits and their purpose. Then we're going to look at the surveillance audit. Following that, I'm going to give you an explanation of re-certification and what that process is all about and when it might affect you. And finally, I'll briefly touch on a transition audit. This doesn't happen too often, but I'm going to give you an explanation of a transition audit so you can be informed.