From the course: ISO 27001:2022-Compliant Cybersecurity: Getting Started
Breaking down the ISO 27001 standard
From the course: ISO 27001:2022-Compliant Cybersecurity: Getting Started
Breaking down the ISO 27001 standard
- [Presenter] Let's take a closer look at the ISO 27001 standard. When boiled down, ISO 27001 is a standard on how to manage an information security program. It's split into two main parts, clauses 4 through 10, which describe the foundational requirements of the standard and Annex A, which is called Information Security Controls Reference. Before we get too far, let's talk about the term clauses, which you'll hear me use a lot. You can think of clauses simply as sections of the standard. By the way, the first three clauses at the beginning of the standard are ignored for compliance purposes because they don't contain any actual compliance requirements. That's why we only care about clauses 4 through 10, in the first part. In clauses 4 through 10, you'll be introduced right away to a term and concept that will be used throughout this standard and ISO 27002; The Information Security Management System or ISMS. When I first heard this term, I thought ISMS might be referring to some sort of computer system that helps secure your organization. But ISMS isn't a computer system, it's a management system, specifically a management system for information security. The ISMS has a never-ending security management cycle which includes four main parts: One, establish the ISMS. Two, implement and operate the ISMS. Three, monitor and review the ISMS. Four, maintain and improve the ISMS. These parts of the ISMS correspond to the classic Plan Due Check Act, or PDCA, continuous improvement method. You can see how clauses 4 through 10 fit nicely into the PDCA model. Plan; establish the ISMS. Includes context of the organization, leadership and planning. Do; implement and operate the ISMS. Includes support and operation. Check; monitor and review the ISMS. Includes performance evaluation. And Act; maintain and improve the ISMS. Includes improvement. in this course, I'll give you a detailed overview of clauses 4 through 10, which will help you get started with your ISO 27001 compliance journey. In the second part of the ISO 27001 Standard, we find the Annex A Controls. These controls are specific requirements that must be followed if you want your organization to comply with ISO 27001. There are four control groups in Annex A with a total of 93 controls. ISO 27002 describes each of these 93 controls and their compliance requirements in detail, in clauses 5 through 8. Now, this is just one of two courses I've created on ISO 27001. In the next course, I'll walk you through all 93 controls required in Annex A of ISO 27001. It's important to note that ISO 27001 doesn't contain any implementation guidance for the Annex A Controls. It's just the controls and the control objectives. You can find implementation guidance for the controls in ISO 27002. And again, I highly recommend you invest in a copy if you're serious about implementing ISO 27001.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.