SC185: Practical Implementation of ISO 27001/27002

Training: Governance, Risk & Compliance - Security

Participants learn how to apply Annex A of ISO 27001/27002 in practice. The workshop provides concrete examples and demonstrates how to bring the generic requirements of the standard to life. Experienced information security consultants and CISOs share insights into typical implementation strategies and best practices to build and operate an effective ISMS.

Hybrid training Hybrid training

Start: 2025-11-24 | 10:00 am

End: 2025-11-28 | 01:30 pm

Location: Nürnberg

Price: 2.950,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Overview of the standards

  • ISMS implementation – Essential points

  • Practical implementation of requirements / controls

  • Organizational requirements group
    • IS incident management (reporting and handling of IS incidents, tools for incident management, forensics fundamentals, incident analysis)
    • Security in development processes (test data protection, outsourced development, test development and production environment, development methodologies)
    • Vulnerability management (organizational linkage to risk management, technical vulnerability management methods, tools)
    • Asset management (tools, asset identification, identification and inventory, CMDB, CIS)
    • Classification policies (digital rights management, classification levels, structure and content)
    • Policies (private/business separation, BYOD, private internet and email usage, employer control rights and obligations)
    • Operations and communications management, IT operations processes (change management, capacity management)
    • Procurement, development and maintenance of information systems
    • User management (password fundamentals, LDAP, identity and access management, active directory)
    • Information exchange (exchange agreements, NDAs, technical data exchange + special features)
    • Access to information and applications (tools, role and rights management, audit)

  • Human resources requirements group
    • User responsibility (password handling, social engineering, clear desk and clear screen)
    • Mobile computing and teleworking (fundamentals, organization and technology)

  • Physical requirements group
    • Access control (security zone concepts, access control systems, CCTV, intrusion and fire detection)
    • Physical security (cabling security, power supply, air conditioning, fire suppression systems, secure infrastructure operations)
  • Technical requirements group
    • Network access control (fundamentals, protocols)
    • Monitoring (system monitoring, logging, log file analysis, legal requirements for monitoring and logging, forensic investigation)
    • Cryptographic measures (cryptography fundamentals, encryption methods e.g. AES and RSA, organizational key management foundation)
    • Important security protocols (SSL/TLS, VPN, IPSEC)
    • Malware protection (definition, function, protection methods, removal measures)
    • Backup (backup fundamentals, storage, SAN, archiving, technical data backup, backup concepts)
    • Media handling (endpoint security, media encryption, secure deletion procedures)
    • Operating system access (user management)

  • Summary and discussion

Objectives:

In the workshop SC185 Practical Implementation of ISO 27001/27002, you will learn from experienced practitioners how to handle information security in a practical and successful manner. The focus is on functional and tailored concepts and solutions, aligned with Annex A of ISO 27001 and ISO 27002. You will be equipped to "enter the negotiation ring" with your IT and other stakeholders to assess the effectiveness and appropriateness of particularly technical measures.

In the workshop, we primarily deal with the controls of Annex A of the standard and the practical implementation of ISO 27002. Due to the abundance of control variations, certain emphases are set and addressed. Individual questions from participants are thoroughly addressed. Limitation: Not all industry-specific questions can be answered within the scope of the workshop; participation does not replace targeted consulting or an audit review of your own ISMS.

This course can be attended (also independently) as a supplement to the course SC120 ISMS Implementation according to ISO 27001:2022. It is also of interest to participants of the course SC121 Update 2022 for ISO/IEC 27001 / 27002.

Target audience:

  • Members of operational security teams or governance
  • CISOs and decision-makers
  • ISMS officers
  • Auditors
  • Certification candidates

Prerequisites:

The workshop SC185 Practical Implementation of ISO 27001/27002 is suitable for all levels. Beginners to advanced participants can attend the course. No technical prerequisites are necessary, as the course provides detailed instruction on the technical fundamentals required to understand the requirements of the Annex of ISO 27001 and ISO 27002.

Description:

Most ISMS officers and auditors are familiar with this:
When it comes to bringing Annex A of ISO 27001 or 27002 to life, the question "What does the standard require?" quickly arises. The disappointment is usually great when the standard, in its generic language, provides hardly any concrete clues for practical implementation.

In the workshop SC185 Practical Implementation of ISO 27001/27002, you will learn from experienced information security consultants/CISOs how to handle Annex A of ISO 27001 and how it can be applied exemplarily.
check-icon

Guaranteed implementation:

from 2 Attendees

Booking information

Price:

2.950,00 € plus VAT.

(including lunch & drinks)

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.