You are leaving our Website
Using an external Link:
You are now leaving our website. The following page is operated by a third party. We accept no responsibility for the content, data protection, or security of the linked page..
URL:
SC185: Practical Implementation of ISO 27001/27002
Training: Governance, Risk & Compliance - Security
Participants learn how to apply Annex A of ISO 27001/27002 in practice. The workshop provides concrete examples and demonstrates how to bring the generic requirements of the standard to life. Experienced information security consultants and CISOs share insights into typical implementation strategies and best practices to build and operate an effective ISMS.
Hybrid training
Start: 2025-11-24 | 10:00 am
End: 2025-11-28 | 01:30 pm
Location: Nürnberg
Price: 2.950,00 € plus VAT.
Agenda:
- Overview of the standards
- ISMS implementation – Essential points
- Practical implementation of requirements / controls
- Organizational requirements group
- IS incident management (reporting and handling of IS incidents, tools for incident management, forensics fundamentals, incident analysis)
- Security in development processes (test data protection, outsourced development, test development and production environment, development methodologies)
- Vulnerability management (organizational linkage to risk management, technical vulnerability management methods, tools)
- Asset management (tools, asset identification, identification and inventory, CMDB, CIS)
- Classification policies (digital rights management, classification levels, structure and content)
- Policies (private/business separation, BYOD, private internet and email usage, employer control rights and obligations)
- Operations and communications management, IT operations processes (change management, capacity management)
- Procurement, development and maintenance of information systems
- User management (password fundamentals, LDAP, identity and access management, active directory)
- Information exchange (exchange agreements, NDAs, technical data exchange + special features)
- Access to information and applications (tools, role and rights management, audit)
- Human resources requirements group
- User responsibility (password handling, social engineering, clear desk and clear screen)
- Mobile computing and teleworking (fundamentals, organization and technology)
- Physical requirements group
- Access control (security zone concepts, access control systems, CCTV, intrusion and fire detection)
- Physical security (cabling security, power supply, air conditioning, fire suppression systems, secure infrastructure operations)
- Technical requirements group
- Network access control (fundamentals, protocols)
- Monitoring (system monitoring, logging, log file analysis, legal requirements for monitoring and logging, forensic investigation)
- Cryptographic measures (cryptography fundamentals, encryption methods e.g. AES and RSA, organizational key management foundation)
- Important security protocols (SSL/TLS, VPN, IPSEC)
- Malware protection (definition, function, protection methods, removal measures)
- Backup (backup fundamentals, storage, SAN, archiving, technical data backup, backup concepts)
- Media handling (endpoint security, media encryption, secure deletion procedures)
- Operating system access (user management)
- Summary and discussion
Objectives:
In the workshop SC185 Practical Implementation of ISO 27001/27002, you will learn from experienced practitioners how to handle information security in a practical and successful manner. The focus is on functional and tailored concepts and solutions, aligned with Annex A of ISO 27001 and ISO 27002. You will be equipped to "enter the negotiation ring" with your IT and other stakeholders to assess the effectiveness and appropriateness of particularly technical measures.In the workshop, we primarily deal with the controls of Annex A of the standard and the practical implementation of ISO 27002. Due to the abundance of control variations, certain emphases are set and addressed. Individual questions from participants are thoroughly addressed. Limitation: Not all industry-specific questions can be answered within the scope of the workshop; participation does not replace targeted consulting or an audit review of your own ISMS.
This course can be attended (also independently) as a supplement to the course SC120 ISMS Implementation according to ISO 27001:2022. It is also of interest to participants of the course SC121 Update 2022 for ISO/IEC 27001 / 27002.
Target audience:
- Members of operational security teams or governance
- CISOs and decision-makers
- ISMS officers
- Auditors
- Certification candidates
Prerequisites:
The workshop SC185 Practical Implementation of ISO 27001/27002 is suitable for all levels. Beginners to advanced participants can attend the course. No technical prerequisites are necessary, as the course provides detailed instruction on the technical fundamentals required to understand the requirements of the Annex of ISO 27001 and ISO 27002.Description:
Most ISMS officers and auditors are familiar with this:When it comes to bringing Annex A of ISO 27001 or 27002 to life, the question "What does the standard require?" quickly arises. The disappointment is usually great when the standard, in its generic language, provides hardly any concrete clues for practical implementation.
In the workshop SC185 Practical Implementation of ISO 27001/27002, you will learn from experienced information security consultants/CISOs how to handle Annex A of ISO 27001 and how it can be applied exemplarily.
Guaranteed implementation:
from 2 Attendees
Booking information
Price:
2.950,00 € plus VAT.
(including lunch & drinks)
Appointment selection:
Authorized training partner
Authorized training partner
Memberships
Memberships
Shopping cart
SC185: Practical Implementation of ISO 27001/27002
was added to the shopping cart.