ISO 27001 Logo

ISO 27001 ISO Bytes

Stay ahead in information security management with our ISO “Byte Sized” course on ISO 27001:2022 updates. Explore key domains including governance controls, asset management, information protection, and more. Led by industry expert, Sawyer Miller, gain practical skills to implement ISO standards effectively. Perfect for professionals seeking to enhance their cybersecurity knowledge and skills at any level.

Course Introduction

Introducing the “ISO Bytes” video series led by Sawyer Miller, Director of Audit & Implementation Practice at risk3sixty. Join us to learn about essential insights, updates and strategies for ISO 27001 and 27002 compliance.

Lets Dive In

Governance Controls

This video covers:

  • Policies for Information Security
  • Information Security Roles & Responsibilities
  • Segregation of Duties
  • Management Responsibilities
  • Contact with Authorities
  • Contact with Special Interest Groups
  • Information Security in Project Management
  • Incident Management Planning & Preparation

Secure Configuration, Threat & Vulnerability Management

This overview includes:

  • Threat Intelligence
  • Management of Technical Vulnerabilities
  • Configuration Management
  • Installation of Software on Operational Systems
  • Use of Cryptography

Asset Management

This video covers:

  • Inventory of Information & Other Associated Assets
  • Acceptable Use of Information & Other Associated Assets
  • Return of Assets
  • Information Transfer
  • Documented Operating Procedures
  • Remote Working
  • User Endpoint Devices

Information Protection Controls

This overview includes:

  • Classification of Information
  • Labeling of Information
  • Privacy and protection of Personally Identifiable Information (PII)
  • Information Deletion
  • Data Masking
  • Data Leakage Prevention
  • Test Information

Identity & Access Management Controls

This concise overview includes:

  • Access Control
  • Identity Management
  • Authentication Information
  • Access Rights
  • Privileged Access Rights
  • Information Access Restriction
  • Access to Source Code
  • Secure Authentication

Information Security Event Management

This concise overview includes:

  • Assessment and Decision on Information Security Events
  • Response to Information Security Incidents
  • Learning From Information Security Incidents
  • Collection of Evidence
  • Information Security Event Reporting
  • Monitoring Activities
  • Clock Synchronization

Physical Security Controls

This concise overview includes:

  • Physical Security Perimeter
  • Physical Entry Controls
  • Securing Offices, Rooms, and Facilities
  • Physical Security Monitoring
  • Protection Against Physical and Environmental Threats
  • Working in Secure Areas
  • Clear Desk and Clear Screen Policies
  • Equipment Siting and Protection
  • Security of Assets off Premises
  • Storage Media Security
  • Supporting Utilities
  • Cabling Security
  • Equipment Maintenance

Business Continuity Controls

This concise overview includes:

  • Information Security During Disruption
  • ICT Readiness for Business Continuity
  • Capacity Management
  • Information Backup
  • Redundancy of Information Processing Facilities

Application Security Controls

This concise overview includes:

  • Secure Development Lifecycle Control
  • Application Security Requirements
  • Secure System Architecture & Engineering Principles
  • Secure Coding
  • Security Testing, Development & Acceptance
  • Separation of Development, Test & Production Environments
  • Change Management

System & Network Security Controls

This concise overview includes:

  • Protection Against Malware
  • Use of Privileged Utility Programs
  • Network Controls
  • Security of Network Services
  • Segregation in Networks
  • Web Filtering
  • Outsourced Development
  • Protection of Information Systems During Audit and Testing