Security / Governance, Risk & Compliance

ISO/IEC 27002 Lead Manager (ISO/IEC 27002 Lead Manager)

The ISO/IEC 27002 ISO/IEC 20000 Lead Auditor (ISO/IEC 20000 Lead Auditor) Lead Manager training course allows you to gain expert knowledge of best practices and guidelines for implementing information security safeguards in accordance with ISO/IEC 27002. During this training, you will gain an in-depth understanding of information security safeguards based on their structure and purpose, and learn how to effectively implement and manage them to protect your organization's information.

Issues

ISO/IEC 27002 Standard
Information security safeguards
Information Security Management System (ISMS).
Security best practices
Implementing security features
Organizational safeguards
Personal safeguards
Physical safeguards
Technological safeguards
Security monitoring
Continuous improvement
Protecting the organization’s information

Benefits

They will gain an in-depth understanding of information security safeguards and their attributes
Master the concepts, approaches, methods and techniques for selecting and implementing security features
Acquire the knowledge to advise the organization on information security security best practices

Who is this training for?

Those who implement and manage the Information Security Management System (ISMS)

IT managers and information security specialists

Information security consultants and advisors

Prerequisites

Basic knowledge of information security
Knowledge of standards from the ISO/IEC 27000 family (preferred)
Experience in IT security management
Technical and management skills

Training program

Introduction to ISO/IEC 27002:2022 — objectives, scope, structure, changes from the 2013 version, relationship with ISO/IEC 27001
Controls framework — 93 controls in 4 categories, control attributes (type, property, cybersecurity concept, capability, domain)
Organizational context — identification of security requirements, stakeholder analysis, controls scope
Organizational controls (part 1) — information security policies, roles and responsibilities, segregation of duties, contact with authorities
Organizational controls (part 2) — threat intelligence, asset management, information classification, access control
Exercises: mapping ISO 27002 controls to organizational context, attribute analysis

Organizational controls (part 3) — identity management, authentication, supplier management, cloud security
Organizational controls (part 4) — incident management, business continuity, legal compliance, personal data protection
People controls — screening, terms of employment, awareness and training, disciplinary process, termination
Risk management in the context of controls — control selection based on risk assessment, Statement of Applicability (SoA)
Control effectiveness metrics — measuring effectiveness, security KPIs, board reporting
Exercises: developing a Statement of Applicability, selecting controls based on risk assessment

Physical controls — security perimeter, entry control, securing offices and rooms, monitoring, equipment protection
Technological controls (part 1) — endpoint devices, privilege management, source code access control
Technological controls (part 2) — secure authentication, capacity management, malware protection, vulnerability management
Technological controls (part 3) — configuration management, data deletion, data masking, data leakage prevention (DLP)
Technological controls (part 4) — monitoring, network security, web filtering, cryptography, secure SDLC
Exercises: designing physical and technological controls for an organizational scenario

Control implementation planning — prioritization, roadmap, resources, budget, change management
Integration with ISMS (ISO 27001) — Annex A controls, mapping to standard clauses, certification
Control monitoring and review — internal security audit, penetration testing, vulnerability assessment
Nonconformity management — identification, classification, corrective actions, root cause analysis
Continuous improvement — control maturity, threat trends, control updates, lessons learned
Exercises: developing a control implementation plan, control maturity review

Summary of 93 ISO/IEC 27002:2022 controls — review of key controls and attributes
New controls in ISO 27002:2022 — threat intelligence, cloud security, DLP, monitoring, masking, secure coding, and others
Case studies — control implementation analysis in organizations of various scales
PECB certification preparation — exam format, question types, passing strategies
Practice exam — PECB Certified ISO/IEC 27002 Lead Manager exam simulation
PECB certification exam (optional) — written exam leading to PECB Certified ISO/IEC 27002 Lead Manager certificate

Delivery Methods

Online

Convenience of participating from anywhere
Interactive live sessions with trainer
Materials available for 30 days
No travel costs

On-site

Direct contact with trainer and group
Intensive hands-on workshops
Networking with other participants
Full focus on learning

Frequently asked questions

What are the prerequisites for this training?

For ISO/IEC 27002 Lead Manager (ISO/IEC 27002 Lead Manager) we recommend: Basic knowledge of information security; Knowledge of standards from the ISO/IEC 27000 family (preferred); Experience in IT security management.

What is the format and duration of this training?

The training lasts 5 days and is available in online and on-site format. Sessions run from 9:00 AM to 4:00 PM. We can also customize the schedule to fit your team's needs.

Who is this training designed for?

This training is designed for: Those who implement and manage the Information Security Management System (ISMS); IT managers and information security specialists; Information security consultants and advisors.