“ISO 27001 2013 Foundations Course” by Dejan Kosutic


To counter the ever increasing threats and attacks organisations are facing in this digitally connected world, it is essential to implement and run an effective Information Security Management System(ISMS).  ISO 27001 is the most widely adopted and respected standard for implementing an ISMS in any organisation.  As the standard is proprietary very little concrete and useful information is available online and especially not free. Here Advisera’s  Dejan Kosutic and the ISO 27001 Academy are filling in the gap by providing an excellent course on ISO 27001 standard. The free “ISO 27001 2013 Foundations Course” at Advisera is an excellent introduction to the standard and gives simple yet concrete steps to implement an ISMS in any organisation.  This free course is structured into six modules as given below
  • Module 1 - Introduction to ISO 27001
  • Module 2 - The planning phase
  • Module 3 -  Risk Management
  • Module 4 - The DO  phase
  • Module 5 - The CHECK and ACT phase
  • Module 6 - Annex A : Control Objectives and Controls
Each module begins with a small brief on the topics being covered and references to certain compulsory and additional readings. This is followed by short videos describing the topic with a review question at the end. At the end of the module a description of the relevant documents as per ISO 27001 standard is given followed by a short practice exam on the topics covered in the module. The methodology of reading relevant articles, listening to video lectures by the instructor, review of related documents and finally a practice exam makes sure that you understand each module comprehensively. This gives a student a good understanding of the ISO 27001 standard. Once you register for the course, Dejan sends you useful emails regularly which complement the course as they highlight the important aspects and clarify doubts which you may have while taking the course. His first email titled “I don't know where to start from with ISO 27001” gave out relevant readings from the website for understanding the standard as well as links to relevant webinars, various courses and where to obtain the ISO 27001 standard itself. I received several such emails while learning the course which were all very useful and pointed me to further resources on ISO 27001. For example, I learnt from one of his articles that the controls in Annex A of ISO 27001 are described in one sentence only whereas the ISO 27002 standard describes these controls in detail in one whole page explaining how to implement them in an ISMS. Besides this, the Advisera website also has an expert community section where you can ask questions to clarify your doubts and queries on any topic in the course.


The course is absolutely free with large no of videos, relevant articles and also a preview of the documents required for implementing the ISMS as per ISO 27001 standard. If you need to certify your knowledge of the ISO 27001 standard you can take an online proctored exam for a fee of $99. Dejan has also written an ebook “9 steps to Cyber Security”  which is the great introduction to cyber security from a manager's perspective without any technical jargon. The book is available for free on Advisera website where you need to register with your email id and you will be sent the link to download this book. This course is a must watch  for all information security and IT professionals looking for information on ISO 27001 standard and to learn how to effectively implement and maintain an ISMS in their organisations.
Advisera has another course on ISO 27001, “ISO 27001 Internal Auditor” which is useful for both internal auditors and security professionals looking to audit ISMS and those wanting to learn more about about the standard.This course also has a PECB certified online proctored exam.Once I have gone through this course I will review the same for your benefit.
I believe that instructor, Dejan Kosutic has done an extremely good job by making this free course on a difficult yet very relevant and useful topic which all information security professionals can use to implement and maintain an ISMS in their organisations. I look forward to more such courses from Advisera. To gain a quick overview of ISO 27001 do read my earlier post “Understanding ISO 27001”.
References

  2. ISO 27001 reference website - http://www.iso27001security.com/
  5. Advisera - ISO 27001 Academy - http://advisera.com/27001academy/

Comments

Post a Comment

Popular posts from this blog

API Security - A risk based approach for CISOs

       APIs or Application Programming Interfaces are the building blocks of modern applications. As the usage of APIs  and API traffic increases it is likely to be the major attack vector for hackers. APIs are utilised for a variety of purposes such as - share data with partners, customers, and other third parties. As per Akamai, 83 % of internet traffic is driven by APis. While APIs are a powerful enabler of digital transformation, they also present new security challenges. In fact, Gartner predicts that in 2023, API abuses will be the most frequent attack vector. To substantiate that prediction, OWASP has come out with a separate OWASP Top 10 for APIs in 2019. Also multiple organisations such as Coinbase and IRCTC have been affected by API security vulnerabilities in their applications.  To tackle this emerging attack vector, CISOs should understand the key risks associated with APIs. These include: Data Breaches or Data Leakages -  Risk of data le...
Read more

2024 Year Review and thoughts

  My review of 2024.  The year was a mixed bag with a overall positive outlook and a few hiccups. My ratings on key parameters  Health - Average  Family - Good  Professional - Good  Career - Good  Finances - Average  Health -  My health has been a mixed bag with several notable improvements and some setbacks. Exercise - I was able to regularly attend Gym and do strength training.  Due to improved leg strength I was able to run a 10 k run in Dec in a time of 67 mins . I was 40th out of 120 runners in the Veteran category which I am satisfied with keeping in mind the several issues I had been having at the start of the year.  Gut Health : My stomach and gut issues continued which led me to a take a nutritionist led meal plan. This has helped but I still continue to have gas and loose motions intermittently  and outside food does not suit me at all. The worry is that my weight has reduced from 68 Kg to 63 Kg in las...
Read more

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection

Key Steps for Building an Effective Data Protection Program: From Analysing Business Needs to Ongoing Protection In today's world, data is often referred to as the new oil, given its immense value to organisations. Companies have access to vast amounts of data, from customer information to intellectual property and strategic plans.  Over the last decade cyber criminals have targeted organisations repeatedly related to multiple breaches. Some organisations like Uber have faced multiple breaches and even government organisations are not spared as we observed in the Snowden case where confidential data of US  govt was leaked online. Protecting this data has become essential, and having an effective data protection program is crucial to achieving this requirement.  In my role as a CISO for the last five years I have found data protection as the most complex initiative yet most closely related to business enablement. This can be related to protecting customer data to prevent c...
Read more