ISO 27001 for Information Security Professionals

I'm an Information Security Professional - How Does the ISO 27001 Standard Relate to My Job?

The ISO 27001 standard is an international standard that provides a framework for organizational information security programs. The standard is broken into two key areas where information security controls are mandated:

  1. clauses four (4) through ten (10), commonly referred to as the "management" controls; and
  2. Annex A, commonly referred to as the "technical" controls.
Organizational leaders, managerial peers and technical employees all look toward Information Security professionals as the 'expert" in all things Information Security. As such, no matter weather the organization simply decided to use the ISO 27001 standard as: 
a)  a foundation for best practices in information security controls;
b)  as an umbrella framework to blend multiple compliance obligations into one consolidated Information Security Management System (ISMS); or
c)  it was mandated by a client organization

people across your organization will be seeking you out as the "go to" person on all things information Security. In order to demonstrate your value to the organization, you will not want to let that expectation down. 

No matter what career level you are current at, or are preparing yourself for, the ISO 27001 standard is your bread and butter, so to speak. To help understand how, we have broken this down to the following two career levels in Information Security, as follows:

ISO 27001 Implementation Knowledge

Managerial Employees

  • Gain insight into the "technical" controls mandated under Annex A. 
  • Understand the expectations of the information security team, as well as other technical and administrative roles supporting the ISMS.
  • Learn how an ISMS must be managed to meet the requirements of ISO 27001 standard. 
  • Learning how measuring and monitoring your controls in a collective manner can help to assess the overall success of the ISMS, in its mission to support the organization's business strategy.
  • Enabling you to better understand the organization you are building and managing the ISMS for, is an inherent element of the standard, and we teach you how to access and leverage this knowledge for greater success in your ISMS.  
  • Acquire new skills and techniques to

Technical Employees

  • Information Security professionals employed in technical roles, will gain a better understanding of why certain technical controls are in place within an ISMS, or their implemented is being planned by the organization.
  • Technical-based employees will be able to better appreciate the collective glue the brings all the technical solutions together under the "management controls."
  • Understanding the source of the mandate and associated expectations provided on our certified ISO 27001 Lead Implementer course, empowers technical professionals with knowledge to be successful in their job, as a key support resource for the organization's ISMS.
  • Learning about the standard's mandate for competency of personnel supporting an ISO 27001-based ISMS will provide you with the key to unlocking the door for more training opportunities, sponsored by your employer.
  • Learning about the value return that can be gained by measuring and monitoring your technical controls can help you to identify issues challenging their operational performance and effectiveness enabling you to find news ways to improve on your existing security investments.
  • Prepare for career advancement into an information security management role.

ISO 27001 Audit Knowledge

Managerial Employees

  • Gain an in-depth understanding of the Internal and Certification Audit processes.
  • Learn the criteria to achieve certification, and how to satisfy it.
  • Empower you with unique insights into ISO's view on audit methods, sampling techniques, as well as the types and weighting of various forms of audit evidence, and more.
  • Understand requirements to build an Internal Audit Program to support an ISMS.
  • Gain insight into the value the audit process brings to your organization.

Technical Employees

  • Information Security professionals employed in technical roles, will gain a better understanding of why auditors are looking for certain