Building an ISO 27001-Compliant Cybersecurity Program: The Annex A Controls

Focused View

Marc Menninger

2:13:12

152 View

01. Introduction

001. Introduction to the Annex A controls.mp4

01:56

02. Policies and the Organization of Information Security (Clauses A.5 and A.6)

002. Management direct.mp4

03:26

003. Information secur.mp4

03:13

004. Contact with auth.mp4

04:41

005. Mobile device pol.mp4

02:47

03. Human Resources Security (Clause A.7)

006. Human resources security Prior to employment (Clause A..mp4

03:17

007. Human resources security During employment (Clause A.7..mp4

03:46

008. Human resources security Termination and change of empl.mp4

02:09

04. Asset Management (Clause A.8)

009. Asset management Responsibility for assets (Clause A.8.1).mp4

03:39

010. Asset management Information classification (Clause A.8.2).mp4

04:28

011. Asset management Media handling (Clause A.8.3).mp4

03:20

05. Access Control and Cryptography (Clauses A.9 and A.10)

012. Access control Business requirements o.mp4

03:16

013. Access control User access management.mp4

06:41

014. Access control System and application.mp4

06:08

015. Cryptography Cryptographic controls (C.mp4

03:17

06. Physical and Environmental Security (Clause A.11)

016. Physical and environmental security Secure.mp4

04:55

017. Physical and environmental security Equipme.mp4

06:17

07. Operations Security (Clause A.12)

018. Operations security Operational procedures and responsibili.mp4

05:11

019. Operations security Protection from malware (Clause A.12.2).mp4

01:46

021. Operations security Logging and monitoring (Clause A.12.4).mp4

05:00

022. Operations security Control of operational software (Clause.mp4

01:42

023. Operations security Technical vulnerability management (Cla.mp4

02:55

024. Operations security Information systems audit consideration.mp4

01:48

08. Communications Security (Clause A.13)

025. Communications security Network security management (Cl.mp4

03:45

026. Communications security Information transfer (Clause A..mp4

04:29

09. System Acquisition, Development, and Maintenance (Clause A.14)

027. System lifecycle Security requ.mp4

04:05

028. System lifecycle Security in d.mp4

06:15

029. System lifecycle Test data (Cl.mp4

01:48

10. Supplier Relationships (Clause A.15)

030. Supplier relationships Information security in supplier.mp4

03:26

031. Supplier relationships Supplier service delivery managem.mp4

02:49

11. Incident Management and Continuity (Clauses A.16 and A.17)

032. Management of information security.mp4

06:01

033. Information security continuity an.mp4

05:02

12. Compliance (Clause A.18)

034. Compliance Compliance with legal and contractual requirements (Claus.mp4

05:07

035. Compliance Information security reviews (Clause A.18.2).mp4

03:12

13. Conclusion

036. Next steps for complying with ISO 27001.mp4

01:35

Description

The Annex A controls in the ISO 27001 standard are used by organizations around the world to improve their information security programs and demonstrate good security practices to others. In this second part of his two-part ISO 27001 course, instructor Marc Menninger provides a comprehensive overview of all 114 security controls in Annex A of the ISO 27001 standard. You can use this knowledge to build a better security program and prepare for compliance with the ISO 27001 standard. This course includes handy documents with recommended ways to demonstrate compliance with ISO 27001, providing you with tools you need to get started on implementing the controls to build an ISO 27001-compliant cybersecurity program.

Note: It is recommended that you start with part one, Building an ISO 27001-Compliant Cybersecurity Program: Getting Started, which includes background information and compliance requirements you need to know if you're serious about building an ISO 27,001-compliant cybersecurity program.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

ISO 27001

Marc Menninger

Instructor's Courses

Security leader with 20+ years of practical enterprise security experience including strategy, policies, governance, technology, risk management, and team development. I have a proven track record of success in strengthening the security posture of the organizations that I serve. KEY ACCOMPLISHMENTS • Planned, developed, and implemented company-wide information security program from scratch based on ISO 27001 security framework • Led successful completion of multiple third-party penetration tests and ISO 27001, HIPAA, and SOC 2 Type 2 audits • Wrote and implemented new information security policies, procedures, and standards in alignment with ISO 27001 • Instituted and chaired the Information Security Steering Committees (ISSC) consisting of company executives and directors • Directed the implementation of the company's first Security Information and Event Management (SIEM) system CERTIFICATIONS & ASSOCIATIONS • Certified Information Systems Security Professional (CISSP) since 2000 • Certified in Risk and Information System Controls (CRISC) • ISACA Board Member • Seattle SecureWorld Expo Advisory Council • Rotary International member since 2008 INDUSTRY EXPERIENCE • Federal, financial, and technology background • ISO 27001-aligned information security program development and management • Security project management • Governance, Risk and Compliance (GRC) • ISO 27001, PCI DSS, SOC 2, HIPAA, FedRAMP, and GLBA compliance gap analysis • Security policy and standards development • Vulnerability management • Network security audit and assessment • Security training and awareness

Linkedin Learning

View courses Linkedin Learning

LinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications. It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.