ISO 27001:2022-Compliant Cybersecurity: The Annex A Controls

Focused View

Marc Menninger

2:10:59

53 View

01 - Introduction

01 - Introduction to the Annex A controls.mp4

00:51

02 - 1. Governance

01 - Policies for information security (Control 5.1).mp4

04:58

02 - Roles, responsibilities, and duties (Controls 5.25.4).mp4

04:13

03 - Contacts and project management (Controls 5.5, 5.6, and 5.8).mp4

04:39

03 - 2. Asset Management

01 - Responsibility for information assets (Controls 5.9, 5.10, 6.7, and 8.1).mp4

04:54

02 - Asset security procedures (Controls 5.11, 5.14, and 5.37).mp4

03:52

04 - 3. Information Protection

01 - Classification, labeling, and privacy (Controls 5.12, 5.13, and 5.34).mp4

04:30

02 - Deletion, masking, DLP, and test data (Controls 8.108.12, and 8.33).mp4

05:40

05 - 4. Identity and Access Management

01 - Access management (Controls 5.155.18).mp4

05:14

02 - System and application access control (Controls 8.28.5).mp4

04:50

06 - 5. Supplier Relationships Security

01 - Supplier relationships security (Controls 5.195.21).mp4

04:31

02 - Managing supplier service delivery and cloud services security (Controls 5.22 and 5.23).mp4

04:06

07 - 6. Information Security Event Management

01 - Information security incident management (Controls 5.245.28, and 6.8).mp4

05:43

02 - Logging and monitoring (Controls 8.158.17).mp4

04:17

08 - 7. Continuity

01 - Continuity (Controls 5.29, 5.30, and 8.13).mp4

05:03

02 - Backup and availability (Controls 8.13 and 8.14).mp4

02:27

09 - 8. Legal, Compliance, and Security Assurance

01 - Legal and compliance (Controls 5.315.33).mp4

03:24

02 - Information security assurance (Control 5.35 and 5.36).mp4

02:54

10 - 9. Human Resource Security

01 - Prior to employment (Controls 6.1 and 6.2).mp4

03:12

02 - During employment (Controls 6.36.6).mp4

05:31

11 - 10. Physical Security

01 - Ensuring authorized access (Controls 7.17.3).mp4

02:47

02 - Protecting secure areas (Controls 7.47.6).mp4

03:04

03 - Equipment security (Controls 7.77.10).mp4

03:53

04 - Utilities, cabling, and equipment management (Controls 7.117.14).mp4

03:36

12 - 11. System and Network Security

01 - Network security management (Controls 8.208.23).mp4

04:53

02 - Protection of information systems (Controls 8.7, 8.18, 8.30, and 8.34).mp4

05:00

13 - 12. Threat and Vulnerability Management and Secure Configuration

01 - Threat and vulnerability management (Controls 5.7 and 8.8).mp4

04:20

02 - Secure configuration (Controls 8.9, 8.19, and 8.24).mp4

05:47

14 - 13. Application Security

01 - Secure development (Controls 8.258.28).mp4

05:36

02 - Testing, separate environments, and change management (Controls 8.29, 8.31, and 8.32).mp4

05:38

15 - Conclusion

01 - Achieving ISO 27001 compliance.mp4

01:36

Description

The Annex A controls in the ISO 27001 standard are used by organizations around the world to improve their information security programs and demonstrate good security practices to others. In this second part of his two-part ISO 27001 course, instructor Marc Menninger provides a comprehensive overview of all 93 security controls in Annex A of the ISO 27001 standard. You can use this knowledge to build a better security program and prepare for compliance with the ISO 27001 standard. This course includes handy documents with recommended ways to demonstrate compliance with ISO 27001, providing you with tools you need to get started on implementing the controls to build an ISO 27001-compliant cybersecurity program.

Note: It is recommended that you start with part one, ISO 27001:2022-Compliant Cybersecurity: Getting Started, which includes background information and compliance requirements you need to know if you're serious about building an ISO 27001-compliant cybersecurity program.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Cyber Security Awareness

Marc Menninger

Instructor's Courses

Security leader with 20+ years of practical enterprise security experience including strategy, policies, governance, technology, risk management, and team development. I have a proven track record of success in strengthening the security posture of the organizations that I serve. KEY ACCOMPLISHMENTS • Planned, developed, and implemented company-wide information security program from scratch based on ISO 27001 security framework • Led successful completion of multiple third-party penetration tests and ISO 27001, HIPAA, and SOC 2 Type 2 audits • Wrote and implemented new information security policies, procedures, and standards in alignment with ISO 27001 • Instituted and chaired the Information Security Steering Committees (ISSC) consisting of company executives and directors • Directed the implementation of the company's first Security Information and Event Management (SIEM) system CERTIFICATIONS & ASSOCIATIONS • Certified Information Systems Security Professional (CISSP) since 2000 • Certified in Risk and Information System Controls (CRISC) • ISACA Board Member • Seattle SecureWorld Expo Advisory Council • Rotary International member since 2008 INDUSTRY EXPERIENCE • Federal, financial, and technology background • ISO 27001-aligned information security program development and management • Security project management • Governance, Risk and Compliance (GRC) • ISO 27001, PCI DSS, SOC 2, HIPAA, FedRAMP, and GLBA compliance gap analysis • Security policy and standards development • Vulnerability management • Network security audit and assessment • Security training and awareness

Linkedin Learning

View courses Linkedin Learning

LinkedIn Learning is an American online learning provider. It provides video courses taught by industry experts in software, creative, and business skills. It is a subsidiary of LinkedIn. All the courses on LinkedIn fall into four categories: Business, Creative, Technology and Certifications. It was founded in 1995 by Lynda Weinman as Lynda.com before being acquired by LinkedIn in 2015. Microsoft acquired LinkedIn in December 2016.