Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


ISO 27001:2013 - Information Security Management Systems

via Cybrary


The purpose of this course is to provide students with knowledge, insight and understanding of the requirements and practical activities associated with designing, implementing and maintaining an information security management system, aligned to the ISO 27001 Standard. This course will assist those seeking to better understand the standard and how to implement an ISMS practically within an organisation and to prepare for the ISO 27001:2013 certification for the organisation.

This course covers multiple information security terms and concepts, including documentation design, information security risk management principles and guidelines, and understanding the environment in which the organization operates, and the information security needs and expectations associated with that.

Target Audience

This course is for IT Managers and Compliance Professionals.


Students will need an understanding of their environment and assets that are in the scope of ISO27001. Students must have the ability to take notes and create spreadsheets for data entry. An inquisitive mindset knowing the road to certification is a process that can at times be challenging, but overall rewarding. This course is for an intermediate to advanced audience who already have an understanding of cyber security governance and are looking to implement and get certified in ISO27001.

Course Goals

By the end of this course, students should be able to:

  • Have a detailed understanding of the ISMS clauses and what they entail.
  • Demonstrate knowledge of an information security risk management process.
  • Demonstrate knowledge of the required documentation to support an ISMS.
  • Demonstrate knowledge of how to monitor, measure and evaluate the performance of an ISMS through various processes.
  • Demonstrate knowledge of nonconformities and the continual improvement cycle.
  • Better understanding of governance in the cyber security landscape


  • Overview of an ISMS
    • What is ISO 27001
    • The ISO 27001:2013 Standard Part 1
    • The ISO 27001:2013 Standard Part 2
    • The ISO 27001:2013 Standard Part 3
    • The Plan, Do, Check, Act Cycle
    • Important Terms and Concepts
    • Statement of Applicability
  • Clause 4: Context of the Organization
    • Understanding the Organization and its Context
    • Understanding the Needs and Expectations of Interested Parties
    • Determining the Scope of the ISMS
  • Clause 5: Leadership
    • Leadership, Commitment and its Role in the ISMS
    • Information Security Policy and the ISMS Manual
    • Organizational Roles and Responsibilities
  • Clause 6: Planning
    • Intro to Information Security Risk Management
    • Identification of Assets
    • Identification of Threats
    • Identification of Existing Controls
    • Identification of Vulnerabilities
    • Identification of Consequences
    • Risk Analysis
    • Risk Evaluation
    • Using SimpleRisk to Track and Manage Your Risks
    • Actions to Address Risks and Opportunities Part 1
    • Actions to Address Risks and Opportunities Part 2
    • Actions to Address Risks and Opportunities Part 3
    • Information Security Objectives and Planning to Achieve Them Part 1
    • Information Security Objectives and Planning to Achieve Them Part 2
  • Clause 7: Support
    • Resources Required for Maintaining an ISMS
    • Competence
    • Awareness with Regards to the ISMS
    • Communication Requirements of an ISMS
    • Maintaining Documented Information for the ISMS
  • Clause 8: Operation
    • Operational Planning and Control
    • Information Security Risk Assessment
    • Information Security Risk Treatment
  • Clause 9: Performance Evaluation
    • Monitoring, Measurement, Analysis and Evaluation
    • Internal Audits Specifically for Your ISMS
    • Management Review
  • Clause 10: Improvement
    • Non-Comformity and Corrective Action
    • Handling a Nonconformity and Corrective Actions
    • Continual Improvement
  • An Overview of the ISO 27001 Certification Process for Organizations
    • When are you Ready for the Certification?
    • High-Level Overview of the Certification Process
    • Mandatory Documentation (Recap)
    • What to Prepare for the Audits
  • Putting It All Together With a Plan
    • Define Objectives
    • What Results are you Expecting?
    • Risks to the Success of your ISMS
  • Annex A: Control Objectives and Controls
    • A5 Information Security Policies
    • A6 Organization of Information Security
    • A7 Human Resource Security
    • A8 Asset Management
    • A9 Access Control
    • A10 Cryptography
    • A11 Physical and Environmental Security
    • A12 Operations Security
    • A13 Communications Security
    • A14 System Acquisition, Development and Maintenance
    • A15 Supplier Relationships
    • A16 Information Security Incident Management
    • A17 Information Security Aspects of Business Continuity Management
    • A18 Compliance

Taught by

Judy Winn


Start your review of ISO 27001:2013 - Information Security Management Systems

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.