ISO 27001 Lead Auditor - United States

ISO 27001 Lead Auditor Course Outline

Module 1: Introduction to ISO 27001

• Introduction
• Compatibility with Other Management System Standards
• ISO 27001:2022 and its Clauses

Module 2: Information Security

• What is Business?
• Industries
• Risk
• SWOT Analysis
• Constructs and Characteristics of Assets
• Security and Privacy
• Triad of Information Security
• Cyber Security is Everyone’s Responsibility
• Cybersecurity Landscape
• What is Information Security?
• Information Security Management
• Need of Information Security
• Threats to Information Security
• Active and Passive Attacks

Module 3: Context of the Organization

• Understanding the Organization and Its Context
• Understanding the Needs and Expectations of Interested Parties
• Determining the Scope of the Information Security Management System
• Information Security Management System

Module 4: Leadership

• Leadership and Commitment
• Policy
• Organizational Roles, Responsibilities, and Authorities

Module 5: Planning

• Organizational Roles, Responsibilities, and Authorities
• Information Security Objectives and Planning to Achieve Them
• Planning of Changes

Module 6: Support

• Resources
• Competence
• Awareness
• Communication
• Documented Information

Module 7: Operation

• Documented Information 
• Information Security Risk Assessment
• Information Security Risk Treatment

Module 8: Performance Evaluation

• Monitoring, Measurement, Analysis, and Evaluation
• Internal Audit
• Management Review

Module 9: Improvement

• Nonconformity and Corrective Action
• Continual Improvement

Module 10: Introduction to Auditing

• Internal Audit Charter
• Communicate with Organization and Audit Committee
• Auditing Reflects
• General and Internal Auditing Standards and Guidance
• Auditing Types
• Auditing Techniques
• Auditing Principles
• Phases of Audit

Module 11: Performing ISO 27001 Audits

• Preparing an Audit Report
• Assessment of Audit Reports and Documents
• Report Preparation, Findings, Reconciliation, and Conclusions
• Auditing Procedures
• Reviewing Documents and Reports
• Classifying Findings
• Reliability of Audit Findings

Module 12: Internal Auditor

• Roles and Responsibilities
• Audit Plan
• Opening Meeting
• Record Review Activities
• Internal Auditor Checklist
• Communication Between Departments
• Drafting Reports and Test Plans

Module 13: ISMS and the ISO 27001 Standards Family

• What is an ISMS?
• Project Plan
• Management and Governance Frameworks
• ISMS Benefits
• Scope of ISMS in an organization
• Introduction to Management Systems
• Process Approach
• Fundamentals
• PDCA Cycle

Module 14: Interaction with ISO 27005

• What is ISO 27005?
• ISO 27001 VS ISO 27005
• Quantifying the Business Impact
• Impact Severity

Module 15: Roles and Responsibilities of a Lead Implementer

• Roles and Responsibilities
• Case Study:  ABC’s ISO 27001

Module 16: Launch and Implement an ISMS in an Organization

• Apply the Frameworks
• Procedures and Controls
• Implementing the Controls
• Training and Awareness Program
• Management’s Role
• Responsibilities of Employees

Module 17: Risk Management

• Analyzing and Evaluating Risks
• Managing Risk Approaches
• Case Study: Law Firm

Module 18: Risk Assessment and the Statement of Applicability (SOA)

• Risk Assessment
• Conducting Risk Assessments
• Risk Assessment Methodology
• ISMS Risk Assessment Report
• Threats and Vulnerabilities

Module 19: Introduction to ISO 27001 Lead Auditor

• Roles and Responsibilities of a Lead Auditor
• Team Selection and Planning
• Qualifications of an Auditor
• Conformance and Compliance

Module 20: Preparing and Planning an Audit

• Roles and Responsibility of an Auditor
• Auditing Schedule and Time
• Procedures and Process Flow
• Activities of an Auditor
• Audit Components
• Purpose and Extent of an Audit

Module 21: Reviewing Process and Qualities

• Different Review Stages
• Collecting Evidence
• Observation
• Audit Findings
• Conducting Follow-ups

Module 22: Certification

• Selecting an ISO 27001 Registrar
• Prepare for the Certification Audits
• Certification
• Stage 1 Audit
• Stage 2 Audit
• Surveillance Audit
• Re-Certification Audit

Module 23: Audit Triangle

• Fraud Triangle
• Tackling the Fraud Triangle

Module 24: Auditing Techniques

• Classifying Audit Findings
• On-Site Auditing
• Remote Auditing Methods

Module 25: Tasks of an Auditor

• Opening Meetings
• Daily Discussion Meetings
• Closing Meeting
• Monitoring and Logging
• Handling Stressful Situations
• Intrusion and Penetration Testing
• Reporting Audits
• Follow-up Actions