cross

BIGGEST CHRISTMAS SALE !

red-starWHO WILL BE FUNDING THE COURSE?

We cannot process your enquiry without contacting you, please tick to confirm your consent to us for contacting you about your enquiry.

By submitting your details you agree to be contacted in order to respond to your enquiry.

What are you looking for?
close

close

Or select from our popular topics

Press esc to close

close

close

Talk to a learning expert

Fill out your contact details below and our training experts will be in touch.

alertIf you wish to make any changes to your course, please log a ticket and choose the category ‘booking change’

Fill out your  contact details  below

WHO WILL BE FUNDING THE COURSE?

+44

By submitting your details you agree to be contacted in order to respond to your enquiry

close

close

Press esc to close

close

close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

Close
close

close

Press esc to close

close close

Back to course information

Thank you for your enquiry!

One of our training experts will be in touch shortly to go overy your training requirements.

Close
close close

Thank you for your enquiry!

One of our training experts will be in touch shortly to go over your training requirements.

Close

Course Information

ISO 27002 Lead Auditor Training Course Outline

Module 1: Introduction to ISO 27002

  • What is Information Security?
  • Why is Information Security Needed?
  • How to Establish Security Requirements
  • Assessing Security Risks
  • Selecting Controls
  • Information Security Starting Point
  • Critical Success Factors
  • Lifecycle Considerations
  • Difference between the ISO 27001 and 27002
  • Relation between the ISO 27001 and 27002

Module 2: Scope, Terms and Definitions

  • Scope
  • Terms and Definitions

Module 3: Structure of ISO 27002 Standard

  • Clauses
  • Security Categories
    • Control
    • Implementation Guidance
    • Other Information

Module 4: Risk Assessment and Treatment

  • Assessing Security Risks
  • Treating Security Risks

Module 5: Audit Plan and Process

  • Audit Plan
  • Preparing for an Audit
  • Audit Process
    • Planning
    • Notification
    • Opening Meeting
    • Fieldwork
    • Report Drafting
    • Management Response
    • Closing Meeting
    • Final Audit Report Distribution
    • Follow-Up

Module 6: Internal Auditor

  • Understanding an Internal Auditor (IA) 
  • Internal Auditing Process 
  • Requirements for Internal Auditors
  • Internal Auditor Vs External Auditor 
  • Benefits of an Internal Auditor (IA) 

Module 7: ISMS Audit

  • Introduction
  • Principles 
  • Audit Management
  • Auditing Process
  • Competence and Evaluation of Auditors 

Module 8: Cybersecurity Auditing

  • What is Cybersecurity Audit?
  • How It Helps Organisation? 
  • Cybersecurity and the Role of Internal Audit 
    • Cyber Risk and Internal Audit
    • Third Line of Defence
    • Cybersecurity Assessment Framework

Module 9: Information Security Audit

  • What is IT Security Audit?
  • Benefits 
  • Types
    • Approach Based
    • Methodology Based
  • Importance
  • How to Conduct an IT Security Audit?
  • Roles and Responsibilities of Information Security Auditor
    • Basic Duties List
    • Roles and Responsibilities on the Job

Module 10: Information Security in Project Management

  • Project Management
  • Attributes Table
  • Purpose of Control 5.8
  • Meet Requirements 
  • Differences Between ISO 27002:2013 and ISO 27002:2022

Module 11: Components of Information Security

  • Confidentiality
  • Integrity 
  • Availability
  • Authenticity
  • Non-Repudiation 

Module 12: Information Security Risk Management (ISRM)

  • Introduction
  • Stages
    • Identification
    • Assessment
    • Treatment
    • Communication
    • Rinse and Repeat
  • Ownership
    • Process Owners
    • Risk Owners

Module 13: Control and Compliance

  • Security Controls
  • Importance of Compliance
  • Legal Requirements for Information Security 
  • Information Technology Compliance
    • Improved Security
    • Minimised Losses
    • Increased Control
    • Maintained Trust
  • Information Security Compliance Standards 

Module 14: Management Responsibilities

  • Control 5.4 Management Responsibilities
  • What is an Information Security Policy?
  • Attributes Table
  • Purpose of Control 5.4 
  • Implementation Guidelines 

Module 15: Competence and Evaluation of Auditors

  • Auditor Competence 
    • Field
    • Changes to ISO27 and Other Standards, Guidelines
    • Legal and Regulatory Changes
    • Business and Organisational Changes
    • Technology Changes
  • Demonstration of Auditor Competence 

Module 16: Lead Auditor

  • What is Lead Auditor?
  • Roles of Lead Auditor
    • Planning Phase
    • Audit Phase 
    • Audit Report 

Module 17: Conformity Assessment

  • What is Conformity Assessment? 
  • Need of Conformity Assessment 
  • Conformity Assessment and Standards
  • Types of Conformity Assessment

Module 18: Themes and Controls 

  • Control Type 
  • Information Security Properties
  • Cybersecurity Concepts 
  • Operational Capabilities 
  • Security Domains 
  • Control Layout

Module 19: Organisational Controls

  • Policies for Information Security
  • Information Security Roles and Responsibilities 
  • Segregation of Duties 
  • Management Responsibilities  
  • Contact with Authorities
  • Contact with Special Interest Groups
  • Threat Intelligence
  • Information Security in Project Management 
  • Inventory of Information and Other Associated Assets
  • Acceptable Use of Information and Other Associated Assets 
  • Return of Assets 
  • Classification of Information 
  • Labelling of Information
  • Information Transfer 
  • Access Control 
  • Identity Management 
  • Authentication Information 
  • Access Rights
  • Information Security in Supplier Relationships  
  • Addressing Information Security within Supplier Agreements
  • Managing Information Security in the ICT Supply Chain
  • Monitoring, Review, and Change Management of Supplier Services
  • Information Security for Use of Cloud Services
  • Information Security Incident Management Planning and Preparation 
  • Assessment and Decision on Information Security Events 
  • Response to Information Security Incidents
  • Learning from Information Security Incidents
  • Collection of Evidence
  • Information Security During Disruption
  • ICT Readiness for Business Continuity
  • Legal, Statutory, Regulatory, and Contractual Requirements
  • Intellectual Property Rights
  • Protection of Records 
  • Privacy and Protection of PII 
  • Independent Review of Information Security 
  • Compliance with Policies, Rules, and Standards for Information Security
  • Documented Operating Procedures 

Module 20: People Controls

  • Screening
  • Terms and Conditions of Employment
  • Information Security Awareness, Education, and Training 
  • Disciplinary Process 
  • Responsibilities After Termination or Change of Employment 
  • Confidentiality or Non-Disclosure Agreements
  • Remote Working 
  • Information Security Event Reporting 

Module 21: Physical Controls

  • Physical Security Perimeters 
  • Physical Entry 
  • Securing Offices, Rooms, and Facilities
  • Physical Security Monitoring
  • Protecting Against Physical and Environmental Threats
  • Working in Secure Areas
  • Clear Desk and Clear Screen
  • Equipment Siting and Protection
  • Security of Assets Off-premises
  • Storage Media
  • Supporting Utilities
  • Cabling Security
  • Equipment Maintenance
  • Secure Disposal or Re-use of Equipment

Module 22: Technological Controls

  • User Endpoint Devices
  • Privileged Access Rights
  • Information Access Restriction
  • Access to Source Code
  • Secure Authentication
  • Capacity Management
  • Protection Against Malware
  • Management of Technical Vulnerabilities
  • Configuration Management
  • Information Deletion
  • Data Masking
  • Information Deletion
  • Data Masking
  • Data Leakage Prevention
  • Information Backup
  • Redundancy of Information Processing Facilities
  • Logging
  • Monitoring Activities
  • Clock Synchronisation
  • Use of Privileged Utility Programs
  • Installation of Software on Operational Systems
  • Networks Security
  • Security of Network Services
  • Segregation of Networks
  • Web Filtering
  • Use of Cryptography
  • Secure Development Life Cycle
  • Application Security Requirements
  • Secure System Architecture and Engineering Principles
  • Secure Coding
  • Security Testing in Development and Acceptance
  • Outsourced Development
  • Separation of Development, Test, and Production Environments
  • Change Management 
  • Test Information
  • Protection of Information Systems during Audit Testing

 

Show moredowndown
Enquire now

Who should attend this ISO 27002 Lead Auditor Training Course?

The ISO 27002 Lead Auditor Training Course is meticulously designed to provide participants with the skills and knowledge to conduct comprehensive external audits on Information Security Management Systems based on the ISO 27002 Standard. The following individuals would especially benefit from attending the ISO 27002 Lead Auditor Training Course:

  • Information Security Professionals
  • IT and Security Managers
  • Compliance and Governance Officers
  • Risk Managers
  • Internal Auditors
  • Consultants
  • Third-party Auditors
  • Quality Managers

Prerequisites of the ISO 27002 Lead Auditor Training Course

There are no formal prerequisites for attending this ISO 27002 Lead Auditor Training Course.

ISO 27002 Lead Auditor Training Course Overview

ISO 27002 gives a reference set of information security, cyber security, and privacy protection controls that includes implementation guidance on the basis of internationally recognised best practices. This standard is curated to help organisations establish information security controls based on internationally recognised best practises and create guidelines for organisation-specific information security management. Studying this training equips learners with this ISO standard, information security management system principles, and evaluates ISMS conformity. It is essential for organisations to secure their information systems from risks and threats while collecting, using, and processing data. Attending this training will enable individuals to plan and manage audit programmes as well as auditing guidelines concerning ISO 19011.

This 5-day ISO 27002:2022 Lead Auditor Training course is designed to provide delegates with a thorough understanding of auditing techniques and how to evaluate the auditing process. During this training, delegates will learn about the fundamental concepts of information security management systems and ISO 27002. They will also learn about various themes and controls, including organisational, physical, and technical controls. Our highly skilled and knowledgeable instructor with years of experience will conduct this course and give delegates deep knowledge of lead auditor responsibilities and techniques.

Course Objectives:

  • To attain knowledge of information systems and their principles
  • To monitor, review, and change management of supplier services
  • To plan and prepare for information security incident management
  • To learn about the active and passive attacks on information systems
  • To understand the roles and responsibilities of cybersecurity professionals
  • To get in touch with conformity assessment that determines product requirements

At the end of this training, delegates will be able to manage audit programmes and report the audit findings by applying audit techniques, principles, and processes. They will also be able to secure information systems by applying cryptographic techniques of encryption and decryption.

Show moredowndown

What’s included in this ISO 27002 Lead Auditor Training Course?

  • World-Class Training Sessions from Experienced Instructors
  • ISO 27002 Lead Auditor Training Certificate
  • Digital Delegate Pack

Show moredowndown

ISO 27002 Lead Auditor Exam Information

To achieve the ISO 27002 Lead Auditor Training, candidates will need to sit for an examination. The exam format is as follows: 

  • Question Type: Multiple Choice 
  • Total Questions: 30 
  • Total Marks: 30 Marks 
  • Pass Mark: 50%, or 15/30 Marks 
  • Duration: 40 Minutes 

Show moredowndown

Why choose us

Ways to take this course

Our easy to use Virtual platform allows you to sit the course from home with a live instructor. You will follow the same schedule as the classroom course, and will be able to interact with the trainer and other delegates.

Virtual_Works_on_all_devices-min
Virtual_Recording_&_transcripts-min
Virtual_whiteboard-min
Virtual_See_trainers_screen-min
Virtual_Share_documents-min
Enquire now
Learn more in our FAQs image image

Our fully interactive online training platform is compatible across all devices and can be accessed from anywhere, at any time. All our online courses come with a standard 90 days access that can be extended upon request. Our expert trainers are constantly on hand to help you with any questions which may arise.

online_certificates
online_immediate access
online_work_all
online_exams_included
image
Enquire now
Learn more in our FAQs image image

This is our most popular style of learning. We run courses in 1200 locations, across 200 countries in one of our hand-picked training venues, providing the all important ‘human touch’ which may be missed in other learning styles.

best_trainers

Highly experienced trainers

All our trainers are highly qualified, have 10+ years of real-world experience and will provide you with an engaging learning experience.

venues

State of the art training venues

We only use the highest standard of learning facilities to make sure your experience is as comfortable and distraction-free as possible

small_classes

Small class sizes

We limit our class sizes to promote better discussion and ensuring everyone has a personalized experience

value_for_money

Great value for money

Get more bang for your buck! If you find your chosen course cheaper elsewhere, we’ll match it!

Enquire now
Learn more in our FAQs image image

This is the same great training as our classroom learning but carried out at your own business premises. This is the perfect option for larger scale training requirements and means less time away from the office.

tailored_learning_experience

Tailored learning experience

Our courses can be adapted to meet your individual project or business requirements regardless of scope.

budget

Maximise your training budget

Cut unnecessary costs and focus your entire budget on what really matters, the training.

team_building

Team building opportunity

This gives your team a great opportunity to come together, bond, and discuss, which you may not get in a standard classroom setting.

monitor_progress

Monitor employees progress

Keep track of your employees’ progression and performance in your own workspace.

Enquire now
Learn more in our FAQs image image

What our customers are saying

ISO 27002 Lead Auditor Training FAQs

ISO 27002 gives a reference set of information security, cyber security, and privacy protection controls that includes implementation guidance on the basis of internationally recognised best practices.

There are no formal prerequisites for attending this ISO 27002 Lead Auditor Training course.

This training is designed for everyone who wants to gain the skills and knowledge of planning and conducting external and internal audits in compliance with ISO/IEC 17021 and ISO 19011 certifications.

Auditing is the process of determining and reviewing an organisation's operational, financial, and strategic objectives and processes in order to determine conformity with stated principles.

ISO lead auditor is responsible for managing a team of internal auditors, appointing duties and roles to internal audit team members, auditing organisations, and identifying organisational processes.

ISO 27002 gives best practise guidance on applying controls, including organisational, physical, people, and technological controls, whereas ISO 27001 is the specification for ISMS, containing risk management process requirements.

In this ISO 27002:2022 Lead Auditor Training course, you will learn about information security, cybersecurity, themes and controls, audit plan and process, ISMS audit, cybersecurity auditing, components of information security, management responsibilities, and other essential topics.

The price for ISO 27002 Lead Auditor Training certification in the United Kingdom starts from £2495

The Knowledge Academy is the Leading global training provider for ISO 27002 Lead Auditor Training.

Please see our ISO 27002 Training courses available in the United Kingdom
Enquire now

Why choose us

icon

Best price in the industry

You won't find better value in the marketplace. If you do find a lower price, we will beat it.

icon

Many delivery methods

Flexible delivery methods are available depending on your learning style.

icon

High quality resources

Resources are included for a comprehensive learning experience.

barclays Logo
deloitte Logo
Thames Water Logo

"Really good course and well organised. Trainer was great with a sense of humour - his experience allowed a free flowing course, structured to help you gain as much information & relevant experience whilst helping prepare you for the exam"

Joshua Davies, Thames Water

santander logo
bmw Logo
Google Logo

Related courses

Certified EU General Data Protection Regulation (EU GDPR) Foundation and Practitionernext CISSP Certification Coursenext CISA Certified Information Systems Auditornext CISM Certified Information Security Managernext CCSP Certified Cloud Security Professionalnext

Looking for more information on ISO 27002 Training?

backBack to course information

DELIVERY METHOD

Online Instructor-led Online Self-paced Classroom Onsite

Get a custom course package

We may not have any package deals available including this course. If you enquire or give us a call on 01344203999 and speak to our training experts, we should be able to help you with your requirements.

Enquire now
Enquire now Book now

Limited budget?

To help and support our clients we are providing a limited number of 250 daily discount codes. Hurry, first come, first served!
warning If you miss out, enquire to get yourself on the waiting list for the next day!
Enquire now for code(344 left)

We use cookies that are essential for our site to work. Please visit our cookie policy for more information. To accept all cookies click 'Accept & close'.

Accept & close