Requirements of the standard / Training of internal auditors according to the ISO/IEC 27001:2022 standard

Course objectives

The goal of the training is to acquaint participants with the requirements for the creation, implementation, maintenance, and continual improvement of an information security management system according to the ISO/IEC 27001:2022 standard. Participants will also learn how to assess risks in information security and how to prevent them.

Course content

• Introduction to information security management systems
• Methods used in information security management systems
• Defining risks and rules to prevent information leakage
• What is information security
  • Trends in cyber threats
  • IS assets and their valuation
  • Vulnerabilities and risks
  • Security requirements
• Standard ISO/IEC 27001:2022
  • Content of the revised standard
  • Main changes between ISO/IEC 27001:2013 and ISO/IEC 27001:2022
  • Annex A (Organizational controls, people controls, physical controls, technological controls)
    • Introduction of 17 new security measures
    • 16 security measures were removed              (duplication or alignment with other measures)
• Examples - Documentation
  • Information security policy
  • Risk analysis  
  • Measures to eliminate risks
• Discussion

Designed for

• Internal Auditor

Additional information

* UTC +1 time zone (DE, BE, DK, NL, NO, SE, AT, ES, FR, IT, SI, SK, CZ, PL, HU, ...)