ISO 27001 (part 2/5): Security controls, risk management and SoA

This is the second webinar on our 5-part webinar series "Towards ISO 27001 certification". Parts 2-4 cover themes, which are vital for an organization preparing for an ISO 27001 certification audit. Part 5 is about staying compliant and continuously improving your information security management system (ISMS).

The webinar series utilizes Cyberday as training tool (cyberday.ai). It will be used to build your organization's own management system and gather all information needed for the certification audit to one single place.

Webinar is suitable for information security key people in organisations, who are interested in systematic information security management and demonstrating good security level for customers.

Webinar agenda

• Information security management system, ISMS
• Prerequisite for certification
• Connects risk management, defining security controls and monitoring the operation
• Maintenance and continuous improvement
• Security controls and ISO 27002
• Intro to standard and different control domains
• Different current states for controls
• Risk treatment and defining new information security controls
• Decreasing a risk
• Monitoring defined controls
• Control implementation and management in Cyberday
• Owners and review intervals
• Assurance information
• Proactive improvement through risk management
• Reactive improvement through incident management
• Statement of Applicability, SoA
• Controls are implemented through tasks
• Automatic updates
• Treatment of non-applicable controls
• Versioning and sharing for auditor

We welcome questions and comments throughout the webinar! These are also an important part of the webinar content.

P.s. Registering for the webinar doesn't commit you to anything. You may also participate either "live" or via the recording, which you will receive automatically via email after the webinar is over.