ISO 27001 Lead Auditor Course Outline
Module 1: Introduction to ISO 27001
- Introduction
- Compatibility with Other Management System Standards
- ISO 27001:2022 and its Clauses
Module 2: Information Security
- What is Business?
- Industries
- Risk
- SWOT Analysis
- Constructs and Characteristics of Assets
- Security and Privacy
- Triad of Information Security
- Cyber Security is Everyone’s Responsibility
- Cybersecurity Landscape
- What is Information Security?
- Information Security Management
- Need of Information Security
- Threats to Information Security
- Active and Passive Attacks
Module 3: Context of the Organization
- Understanding the Organization and Its Context
- Understanding the Needs and Expectations of Interested Parties
- Determining the Scope of the Information Security Management System
- Information Security Management System
Module 4: Leadership
- Leadership and Commitment
- Policy
- Organizational Roles, Responsibilities, and Authorities
Module 5: Planning
- Organizational Roles, Responsibilities, and Authorities
- Information Security Objectives and Planning to Achieve Them
- Planning of Changes
Module 6: Support
- Resources
- Competence
- Awareness
- Communication
- Documented Information
Module 7: Operation
- Documented Information
- Information Security Risk Assessment
- Information Security Risk Treatment
Module 8: Performance Evaluation
- Monitoring, Measurement, Analysis, and Evaluation
- Internal Audit
- Management Review
Module 9: Improvement
- Nonconformity and Corrective Action
- Continual Improvement
Module 10: Introduction to Auditing
- Internal Audit Charter
- Communicate with Organization and Audit Committee
- Auditing Reflects
- General and Internal Auditing Standards and Guidance
- Auditing Types
- Auditing Techniques
- Auditing Principles
- Phases of Audit
Module 11: Performing ISO 27001 Audits
- Preparing an Audit Report
- Assessment of Audit Reports and Documents
- Report Preparation, Findings, Reconciliation, and Conclusions
- Auditing Procedures
- Reviewing Documents and Reports
- Classifying Findings
- Reliability of Audit Findings
Module 12: Internal Auditor
- Roles and Responsibilities
- Audit Plan
- Opening Meeting
- Record Review Activities
- Internal Auditor Checklist
- Communication Between Departments
- Drafting Reports and Test Plans
Module 13: ISMS and the ISO 27001 Standards Family
- What is an ISMS?
- Project Plan
- Management and Governance Frameworks
- ISMS Benefits
- Scope of ISMS in an organization
- Introduction to Management Systems
- Process Approach
- Fundamentals
- PDCA Cycle
Module 14: Interaction with ISO 27005
- What is ISO 27005?
- ISO 27001 VS ISO 27005
- Quantifying the Business Impact
- Impact Severity
Module 15: Roles and Responsibilities of a Lead Implementer
- Roles and Responsibilities
- Case Study: ABC’s ISO 27001
Module 16: Launch and Implement an ISMS in an Organization
- Apply the Frameworks
- Procedures and Controls
- Implementing the Controls
- Training and Awareness Program
- Management’s Role
- Responsibilities of Employees
Module 17: Risk Management
- Analyzing and Evaluating Risks
- Managing Risk Approaches
- Case Study: Law Firm
Module 18: Risk Assessment and the Statement of Applicability (SOA)
- Risk Assessment
- Conducting Risk Assessments
- Risk Assessment Methodology
- ISMS Risk Assessment Report
- Threats and Vulnerabilities
Module 19: Introduction to ISO 27001 Lead Auditor
- Roles and Responsibilities of a Lead Auditor
- Team Selection and Planning
- Qualifications of an Auditor
- Conformance and Compliance
Module 20: Preparing and Planning an Audit
- Roles and Responsibility of an Auditor
- Auditing Schedule and Time
- Procedures and Process Flow
- Activities of an Auditor
- Audit Components
- Purpose and Extent of an Audit
Module 21: Reviewing Process and Qualities
- Different Review Stages
- Collecting Evidence
- Observation
- Audit Findings
- Conducting Follow-ups
Module 22: Certification
- Selecting an ISO 27001 Registrar
- Prepare for the Certification Audits
- Certification
- Stage 1 Audit
- Stage 2 Audit
- Surveillance Audit
- Re-Certification Audit
Module 23: Audit Triangle
- Fraud Triangle
- Tackling the Fraud Triangle
Module 24: Auditing Techniques
- Classifying Audit Findings
- On-Site Auditing
- Remote Auditing Methods
Module 25: Tasks of an Auditor
- Opening Meetings
- Daily Discussion Meetings
- Closing Meeting
- Monitoring and Logging
- Handling Stressful Situations
- Intrusion and Penetration Testing
- Reporting Audits
- Follow-up Actions