ISO/IEC 27001:2022 (ISMS) Awareness Training (PowerPoint PPTX)

Globally, ransomware attacks are on the rise and the impacts are devastating to the organizations as well as the customers they serve. According to the Allianz Risk Barometer, ransomware ranks as the top cyber exposure of concern in 2022.

Moreover, most businesses hold or have access to valuable or sensitive information. Failure to provide appropriate protection to such information can have serious operational, financial and legal consequences. In some instances, these can lead to a total business failure.

The challenge that most businesses struggle with is how to provide appropriate protection. In particular, how do they ensure that they have identified all the risks they are exposed to and how can they manage them in a way that is proportionate, sustainable and cost effective?

ISO/IEC 27001:2022 is the internationally-recognised standard for Information Security Management Systems (ISMS). This new standard replaces the old ISO/IEC 27001:2013. An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It provides a robust framework to protect information that can be adapted to all types and sizes of organization. Organizations that have significant exposure to information-security related risks are increasingly choosing to implement an ISMS that complies with ISO/IEC 27001.

The ISMS standard preserves the Confidentiality, Integrity and Availability of information by applying a Risk Management process and gives confidence to interested parties that risks are adequately managed.

This ISO/IEC 27001:2022 (ISMS) awareness PPT presentation is designed for organizations who are embarking on ISO/IEC 27001:2022 implementation or are transitioning to the new standard and need to create awareness of information security among their employees.

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Note: This training package includes:
1. ISO/IEC 27001:2022 (ISMS) Awareness PPT training presentation (PowerPoint format, in new 16:9 widescreen)
2. Risk Assessment template (Excel format)
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
​
LEARNING OBJECTIVES

​1. Acquire knowledge on the fundamentals of information security
2. Describe the ISO/IEC 27001:2022 structure
3. Understand the ISO/IEC 27001:2022 implementation and certification process
4. Gather useful tips on handling an audit session

CONTENTS

1. FUNDAMENTALS OF INFORMATION SECURITY
•  What Is Information?​
•  Why Is Information An Asset?
•  Information Exists In Many Forms
•  Information Can Be...
•  Definition Of Information Security
•  Three Principles Of Information Security (CIA Triad)
•  Information Security Strategies & Approaches
•  Why Is Information Security Important?
•  What Are The Impacts Of Security Incidents?
•  About ISO
•  ISO Standards Contribute Directly To The U.N. Sustainable Development Goals (SDGs)
•  What Are Standards?
•  What Standards Are Not
•  Why Are Standards Important?
•  What Is A Management System?
•  History Of ISO/IEC 27001
•  What Is ISO/IEC 27001?
•  ISO/IEC 27000 Series
•  What Is The Purpose Of ISO/IEC 27001?
•  Main Changes In The Management System
•  Main Changes In Annex A Security Controls
•  What Are The New Security Controls?
•  Benefits Of Adopting ISO/IEC 27001 Standard
•  Advantages Of Certification
•  Plan-Do-Check-Act (PDCA) Process Model
•  ISO/IEC 27001:2022 Is Based On The PDCA Model
•  Emphasis On Process Approach
•  Risk-based Management

2. ISO/IEC 27001 STRUCTURE
•  What Is Annex L?
•  Annex L Is A Framework For A Generic Management System
•  High-Level Structure
•  ISO/IEC 27001:2022 Is Based On The High-Level Structure For Management System Standards
•  High-Level Structure – The Same Core Elements
•  PDCA And The ISO/IEC 27001:2022 Clause Structure
•  ISO/IEC 27001 Key Clause Structure (4-10)
•  Context of the Organization
•  Leadership
•  Planning
•  Support
•  Operation
•  Performance Evaluation
•  Improvement
•  The PDCA Cycle Is The Engine Of Continuous Improvement​

3. ISO/IEC 27001 IMPLEMENTATION, CERTIFICATION & AUDITS
•  Becoming ISO/IEC 27001:2022 Certified
•  ISO/IEC 27001:2022 Implementation Phases
•  ISO/IEC 27001:2022 Certification Process
•  ISO/IEC 27001:2022 Certification Transition Timeline
•  What Does Certification Assure?
•  What Is An ISO Audit?
•  What Are Audits Used For?
•  Types Of Audits
•  Principles Of Auditing
•  Minor Non-Conformity​
•  Major Non-Conformity
•  Observation

4. HANDLING AN AUDIT SESSION
•  Rights Of Auditee
•  Rights Of Auditor
•  How To Handle An Audit Session?
•  Auditee's Conduct
•  Interacting With Auditors – Do's
•  Interacting With Auditors – Don'ts
•  Information Security Is Everybody's Job