Changed New Version of ISO/IEC 27002:2022; Information Security, Cybersecurity and Privacy Protection
ISO 27001 involves establishing and maintaining a documented system of controls whereby management of risks can be possible; risks can be identified and reduced. Achieving ISO 27001 certification shows that a business has protected information from getting into unauthorized hands, ensures information is accurate, and can only be modified by authorized users.
Organizations that process client data, provide business products and solutions make ISO 27001 not only an internal control requirement but also a business requirement. Often ISO 27001 is implemented in response to a business requirement raised by the Chief Operating Officer.
ISO 27001:2022 what’s new?
The following are the main changes in the ISO 27001:2022 revision:
·Slight changes in clauses 4–10
·The controls are placed into four sections instead of the previous 14.
·The number of controls has decreased from 114 to 93.
·Controls are merged, not deleted, for a total of 11 new controls.
·The moderate changes in Annex A security controls
Who should attend?
·Auditors who want to update their knowledge as to revised provisions of ISO 27001 2022 version.
·Auditors seeking to perform effective Information Security Management System (ISMS) certification audits
·Managers or consultants seeking to master an Information Security Management System audit process within the organization.
·Technical experts seeking to prepare for an Information Security Management System audit
·Consultants performing information security audits.
Course Objective:
To have a comprehensive understanding of the cover what ISO 27001 is, how it differs from ISO 27002, the likely impact of the revised ISO 27001 and ISO 27002 standards, and new ISO 27001 controls.
Course curriculum and duration
Section 1
·Introduction to the information security management system (ISMS) and ISO/IEC 27001 new standard; comparative analysis
·Course objectives and structure
·Fundamental concepts and principles of information security
·Information security management system (ISMS)
Section 2
·Audit principles, preparation, and initiation of an audit
·Audit concepts and principles and the impact of trends and technology in auditing
·Risk-based auditing based on evidences and Initiation of Stage 1 audit.
Section 3
·On-site audit process and controls to be examined
·Preparing for stage 2 audit and communicating to all team members for updates
·Preparation of audit test plans to test controls in Annexure A
Section 4
·Documenting audit findings and preparing gap or nonconformity reports.
·Audit documentation and quality review.
·Closing of the audit
·Evaluation of action plans by the auditor
·Maintaining the ISMS beyond the initial audit and managing an internal audit program
·Q/A session, doubt clearing session and closure of the training course
Last Day - Certification Exam
Final Assessment
·Q/A session & some case studies
·Small test (MCQ)
·Any clarification on request
Training Takeaway
•Key changes between ISO 27002:2013 and ISO 27002:2022
•Difference between ISO 27001 and ISO 27002
•New ‘attribute’ feature
•Changes to the main management system clauses
•Changes in Annex A controls
•Transitioning over to the new Standard
TRAINER PROFILES
Priti Sikdar
EVP Risk Advisory & Training, Riskpro India
Priti is an Information security and Data privacy professional with over 25 years of experience in IT sector. She has vast experience in implementation of systems to comply with ISO 27001, GDPR, Privacy Shield and GLBA, conducting ISMS audits, security and privacy risk assessments as well as SOC 2 audits. Priti has worked for leading firms such as Grant Thornton, KPMG London and Sharp & Tannan.
Ritu A Thakkar
Vice President- IT Risk Advisory, Riskpro India
Ritu is leading expert on Cybersecurity and Information security professional with over 18+ years of experience in implementing, training, and audits in ISMS, ISO 27001, ISO 9001, ISO 31000, ISO 22301, SOC 2, ISAE 3402, ERM, ITIL, GDPR, HIPAA, NIST & COSO, Enterprise Risk Management, ITGC, ITAC, Quality Management, QMS, Lean, QAI, Process Implementation, IT operations, CMMI, Agile and Software Development Lifecycle (SDLC), internal audits, threat intelligence, data protection, and compliance management.
2 TRAINING BATCHES AVAILABLE:
Evening Batch in December 2022
19th – 26th December 2022
5:30 PM - 8:30 PM IST
Final Assessment:
27th December 2022
10 AM to 11:30 AM IST
Full Day Batch in January 2023
11th – 14th January 2023
10 AM – 5 PM IST
Final Assessment:
16th January 2023
10 AM to 11:30 AM IST
TRAINING FEES PER PERSON PER BATCH:
Rs. 22,000 + 18% GST
FOR REGISTRATION, PLEASE CONTACT:
Priti Sikdar
Executive Vice President
9930721992
Anuj Bhatia
Manager- Sales and Corporate Training
9819315309