Implementing Information Security with ISO/IEC 27002 Certification

Introduction to ISO/IEC 27002 Security Foundation

• Examination and certification goals
• Blueprint of the Information Security Foundation exam
• Assessing your initial readiness

Defining Information and Data Security

Examining the importance of data

• Data and information systems
• Storing, communicating and processing information

What is information security?

• Protecting the security objectives: confidentiality, integrity and availability
• Determining the value of information

Assessing the CIA model

• Implementing confidentiality measures
• Ensuring integrity with accurate information
• Guaranteeing availability for continuity and timely operations
• Creating an information architecture

Analysing Threats and Risks to the Organisation

Evaluating threats to your organisation

• Measuring how assets are at risk
• Detecting vulnerabilities that threaten operations

Performing risk analysis

• Evaluating the benefits of quantitative vs. qualitative risk analysis
• Deploying countermeasures to defeat threats and reduce risk

Managing a Balanced Approach to Information Security

Directing support for information security

• Defining a security policy and its purpose in your organisation
• Examining the components of a security policy
• Achieving in-depth security with a multilevel defence

Documenting security objectives

• Managing the goals of internal security
• Maintaining sound external policy practices
• Assigning roles and responsibilities

Responding to security incidents

• Effectively communicating security events
• Documenting different events and weaknesses
• Establishing and following escalating procedures

Implementing Security Countermeasures

Enumerating types of security countermeasures

• Preventing intrusions and attacks
• Detecting security breaches
• Suppressing the damage of a security incident
• Applying corrective measures to restore integrity
• Transferring risk by insuring against loss

Controlling access to information

• Creating a classification scheme
• Labelling and handling information as an asset

Enhancing security with cryptography

• Managing access with encryption
• Guaranteeing authenticity with digital signatures
• Ensuring integrity with hashing

Assessing threats to your organisation

• Detecting viruses and hoaxes
• Preventing SPAM and phishing fraud
• Countering logic bombs and Trojan horses
• Defending against the threat of spyware, worms and rootkits

Assessing Legal Requirements

Complying with legislation and regulations

• Upholding security standards and policies
• Verifying compliance

Adhering to legislative and regulatory measures

• Defending intellectual property rights
• Managing organisational records
• Safeguarding personal information
• Preventing misuse of information

Final Review and Preparation

• Priming for the exam
• Identifying the exam requirements
• Handling difficult questions
• Managing time and progress during the exam
• Assessing readiness