This module explores the growing importance of information security in today's digital landscape, examining the increasing threats to organizational data and the impact of cyber crime and cyber warfare. Learners will also review key legislation shaping information security practices and understand why robust security measures are essential for organizations.

This module explores the evolution and key principles of corporate governance frameworks, focusing on the UK Corporate Governance Code, the FRC Guidance on Risk Management, and the Sarbanes-Oxley Act. Learners will examine how these regulations shape risk management, internal controls, and compliance in organizations. The module also introduces the COSO ERM Framework as a standard for effective risk oversight.

This module introduces the ISO/IEC 27001 standard and its role within the broader ISO/IEC 27000 series, highlighting the benefits of certification and best practices for implementing an information security management system (ISMS). Learners will explore structured approaches to ISMS implementation, integration with other management systems, and the importance of leadership and communication in achieving compliance.

This module explores how organizations can effectively structure and manage their information security programs in alignment with ISO 27001. Learners will examine key roles, responsibilities, and processes, including management reviews, cross-functional forums, and the importance of specialist advice and external contacts. By the end, participants will understand how to coordinate information security efforts across an organization.

This module explores the foundational elements of crafting an effective information security policy, emphasizing the critical role of top management commitment and clear policy statements. Learners will examine the importance of defining key security terms and aligning policy with recognized standards such as ISO 27001. By the end, participants will understand how to articulate and scope an information security policy within an organizational context.

This module guides learners through the process of conducting an information security risk assessment in alignment with ISO 27001, including defining boundaries, identifying critical assets, and evaluating threats and vulnerabilities. Learners will also explore how to select appropriate controls and develop a Statement of Applicability and risk treatment plan. By the end, participants will understand how to document and justify security decisions within an ISMS framework.

This module explores the key principles and controls for managing mobile devices and enabling secure remote work in accordance with ISO 27002 standards. Learners will gain insights into developing effective policies and operational procedures to support remote and hybrid working environments.

This module explores the critical role of human resources in supporting information security management systems (ISMS) according to ISO 27001 and ISO 27002 standards. Learners will examine best practices for employee screening, employment terms, ongoing management responsibilities, and disciplinary processes to ensure organizational security. By the end, participants will understand how HR policies and procedures contribute to a secure information environment.

This module explores the principles and practices of managing information assets within an organization, focusing on asset classification, acceptable use policies, and secure handling procedures. Learners will gain insights into international classification systems and the implementation of controls for different asset sensitivity levels.

This module explores best practices and policies for secure information exchange within and between organizations, focusing on compliance with relevant legislation. Learners will examine formal agreements, email and social media usage, and strategies for managing internet use to protect information integrity and confidentiality. Practical guidance on developing and enforcing acceptable use policies is also provided.

This module explores the principles and practices of restricting access to sensitive information within organizations. Learners will examine common hacker techniques, industry standards like ISO 27002, and the balance between security and operational needs. By the end, you'll understand how to implement and evaluate effective access control policies.

This module explores the principles and best practices for managing user access within information systems, focusing on formal processes for assigning and revoking access rights. Learners will examine key ISO 27002 controls related to access control and secret authentication information, such as passwords. By the end, participants will understand how to implement secure and compliant user access management procedures.

This module explores the critical role of supplier relationships in supply chain risk management, with a focus on information security. Learners will examine best practices for integrating security controls into supplier agreements, managing risks in the ICT supply chain, and adapting to changes in third-party services. By the end, participants will understand how to safeguard organizational assets through effective supplier management.

This module explores the principles and best practices for safeguarding physical assets and environments in accordance with ISO 27002. Learners will examine entry controls, secure area requirements, and strategies to mitigate risks from environmental and external threats. By the end, participants will understand how to implement effective physical and environmental security measures within an organization.

This module explores best practices for safeguarding organizational equipment, including protection against physical threats, utility failures, and data breaches. Learners will examine ISO 27002 controls related to equipment security, cabling, and secure disposal or reuse of assets. Practical strategies for minimizing risks and ensuring business continuity are emphasized.

This module explores strategies for preventing unauthorized access to systems and applications by implementing effective access restrictions and secure authentication processes. Learners will gain an understanding of key ISO 27002 controls and best practices for safeguarding information services.

This module introduces the principles and policies behind cryptographic controls for information protection. Learners will explore the role of digital signatures in ensuring authenticity and integrity of electronic documents, and understand how cryptographic decisions fit into broader risk assessment processes.

This module explores the essential practices for maintaining secure and effective operations within an information security management system. Learners will examine the importance of documented procedures, structured change management, and robust information backup strategies aligned with ISO 27001 and ISO 27002 standards. By the end, participants will understand how these controls contribute to organizational resilience and compliance.

This module explores essential strategies for detecting, preventing, and responding to various forms of malicious software, including viruses, phishing, and mobile threats. Learners will gain practical knowledge about anti-malware tools, user awareness, and the evolving landscape of cyber attacks targeting both computers and handheld devices.

This module explores essential strategies for securing organizational networks, including network segmentation, secure wireless deployment, and controlled access to network services. Learners will examine best practices for managing routers, switches, and extranets in alignment with ISO 27001 and ISO 27002 standards. By the end, participants will understand how to implement and evaluate effective network security controls.

This module explores the processes and challenges involved in acquiring, developing, and maintaining information and communication technology (ICT) systems, with a focus on security considerations. Learners will examine key issues in e-commerce security and review essential security technologies and controls relevant to modern organizations.

This module explores how information security is integrated throughout the systems development lifecycle, emphasizing secure architecture, engineering principles, and structured security testing. Learners will gain practical knowledge of best practices for embedding security controls in development and acceptance processes.

This module explores the integration of monitoring, logging, and incident management within information security frameworks, focusing on ISO 27002 controls. Learners will discover best practices for protecting log data, establishing incident response procedures, and leveraging incident reports for continual improvement. Practical guidance on reporting events and software malfunctions is also provided.

This module explores how organizations can ensure the continuity of both business operations and information security during major disruptions. Learners will examine best practices for business continuity planning, including risk assessment, plan development, testing, and maintenance, with a focus on integrating information security into every stage.

This module explores key compliance requirements for information security management, focusing on major UK, EU, and US legislation, as well as international standards related to data protection and organizational records. Learners will gain an understanding of how to identify, interpret, and implement compliance controls within an ISO 27001 framework.

This module guides learners through the ISO 27001 audit process, emphasizing the significance of certification and the steps involved in the initial audit stages. Participants will gain insights into how organizations prepare for and undergo formal assessments of their Information Security Management Systems (ISMS).