Mastering ISO 27001 Controls: Implementation and Auditing
Keep adding new skills with 10,000+ programs for $239 (usually $399). Save now.
Mastering ISO 27001 Controls: Implementation and Auditing
1,794 already enrolled
Included with
Recommended experience
Recommended experience
What you'll learn
Manage physical and technological controls with confidence.
Implement and monitor information security policies.
Audit security measures within an organization effectively.
Details to know
See how employees at top companies are mastering in-demand skills
There are 8 modules in this course
In today’s digital age, effective information security management is crucial for safeguarding organizational data and ensuring compliance with international standards. This course provides an in-depth understanding of ISO 27001 controls, helping professionals design, implement, and audit a robust Information Security Management System (ISMS).
Through a structured, step-by-step learning approach, you’ll explore practical methods for managing and auditing security measures. The course helps you apply ISO 27001 principles to real-world environments, enabling you to strengthen compliance, reduce risks, and enhance your organization’s security posture. What sets this course apart is its balance of theory and practical application—combining technical knowledge with actionable insights drawn from real-world security and audit scenarios. You’ll gain confidence in interpreting ISO standards and translating them into effective organizational policies. This course is ideal for security managers, compliance officers, IT auditors, and professionals responsible for governance, risk, and compliance. A foundational understanding of information security is helpful but not required. Copyright @ Bridget Kenyon 2019, 2024. The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work. Formerly published as Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001 by BSI. First published in the United Kingdom in 2019 by IT Governance Publishing. Every possible effort has been made to ensure that the information contained in this course is accurate, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at: IT Governance Publishing Ltd, Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA, United Kingdom. www.itgovernancepublishing.co.uk
In this section, we will outline the steps for implementing ISMS control requirements and auditing current control implementations to assist organizations in preparing for ISO/IEC 27001 certification.
What's included
1 video1 reading
1 video•Total 1 minute
- Course Overview Video•1 minute
1 reading•Total 5 minutes
- Scope of This Guide - The Reading•5 minutes
In this section, we will learn how to implement an Information Security Management System (ISMS) in compliance with ISO/IEC 27001.
What's included
1 reading
1 reading•Total 10 minutes
- Field of Application - The Reading•10 minutes
In this section, we explain how to meet ISO/IEC 27001 requirements by implementing ISMS processes and selecting controls from Annex A.
What's included
1 video1 reading1 assignment
1 video•Total 1 minute
- Meeting ISO/IEC 27001 Requirements - Overview Video•1 minute
1 reading•Total 5 minutes
- Meeting ISO/IEC 27001 Requirements – The Reading•5 minutes
1 assignment•Total 10 minutes
- ISO/IEC 27001 Compliance and Control Implementation•10 minutes
In this section, we explore how to use control attributes for risk categorization, analyze control imbalances, and select controls based on risk impact. The focus is on optimizing control selection and review for effective risk management.
What's included
1 video1 reading1 assignment
1 video•Total 1 minute
- Using Control Attributes - Overview Video•1 minute
1 reading•Total 10 minutes
- Using Control Attributes – The Reading•10 minutes
1 assignment•Total 10 minutes
- Control Attributes in Risk Management•10 minutes
In this section, we examine ISO/IEC 27001 A.5.1 control objectives, focusing on implementing and auditing information security policies with version control, access management, and periodic reviews for ISMS compliance.
What's included
1 video19 readings1 assignment
1 video•Total 1 minute
- Organizational Controls (ISO/IEC 27001, A.5) - Overview Video•1 minute
19 readings•Total 190 minutes
- Introduction•10 minutes
- Information security roles and responsibilities (ISO/IEC 27001, A.5.2)•10 minutes
- Segregation of duties (ISO/IEC 27001, A.5.3)•10 minutes
- Contact with authorities (ISO/IEC 27001, A.5.5)•10 minutes
- Information security in project management (ISO/IEC 27001, A.5.8)•10 minutes
- Inventory of information and other associated assets (ISO/IEC 27001, A.5.9)•10 minutes
- Acceptable use of information and other associated assets (ISO/IEC 27001, A.5.10)•10 minutes
- Classification of information (ISO/IEC 27001, A.5.12)•10 minutes
- Information transfer (ISO/IEC 27001, A.5.14)•10 minutes
- Access control (ISO/IEC 27001, A.5.15)•10 minutes
- Authentication information (ISO/IEC 27001, A.5.17)•10 minutes
- Access rights (ISO/IEC 27001, A.5.18)•10 minutes
- Addressing information security within supplier agreements (ISO/IEC 27001, A.5.20)•10 minutes
- Information security for use of cloud services (ISO/IEC 27001, A.5.23)•10 minutes
- Assessment and decision on information security events (ISO/IEC 27001, A.5.25)•10 minutes
- Information security during disruption (ISO/IEC 27001, A.5.29)•10 minutes
- Legal, statutory, regulatory and contractual requirements (ISO/IEC 27001, A.5.31)•10 minutes
- Protection of records (ISO/IEC 27001, A.5.33)•10 minutes
- Independent review of information security (ISO/IEC 27001, A.5.35)•10 minutes
1 assignment•Total 10 minutes
- Organizational Controls and Information Security•10 minutes
In this section, we examine background verification checks, qualification validation, and documentation to ensure compliance with legal and ethical standards in personnel selection.
What's included
1 video4 readings1 assignment
1 video•Total 1 minute
- People Controls (ISO/IEC 27001, A.6) - Overview Video•1 minute
4 readings•Total 40 minutes
- Introduction•10 minutes
- Information security awareness, education and training (ISO/IEC 27001, A.6.3)•10 minutes
- Disciplinary process (ISO/IEC 27001, A.6.4)•10 minutes
- Remote working (ISO/IEC 27001, A.6.7)•10 minutes
1 assignment•Total 10 minutes
- Personnel Security and Compliance•10 minutes
In this section, we examine how to define and maintain physical security perimeters using ISO/IEC 27001. Key concepts include access control, compliance, and regular auditing for asset protection.
What's included
1 video7 readings1 assignment
1 video•Total 1 minute
- Physical Controls - Overview Video•1 minute
7 readings•Total 90 minutes
- Introduction•20 minutes
- Securing offices, rooms and facilities (ISO/IEC 27001, A.7.3)•10 minutes
- Protecting against physical and environmental threats (ISO/IEC 27001, A.7.5)•20 minutes
- Equipment siting and protection (ISO/IEC 27001, A.7.8)•10 minutes
- Security of assets off-premises (ISO/IEC 27001, A.7.9)•10 minutes
- Supporting utilities (ISO/IEC 27001, A.7.11)•10 minutes
- Cabling security (ISO/IEC 27001, A.7.12)•10 minutes
1 assignment•Total 10 minutes
- Physical Controls in Information Security•10 minutes
In this section, we examine securing user endpoint devices using ISO/IEC 27001 and A.8.1 standards. Key concepts include risk analysis, compliance auditing, and implementing security controls.
What's included
1 video17 readings1 assignment
1 video•Total 1 minute
- Technological Controls - Overview Video•1 minute
17 readings•Total 180 minutes
- Introduction•10 minutes
- Information access restriction (ISO/IEC 27001, A.8.3)•10 minutes
- Access to source code (ISO/IEC 27001, A.8.4)•10 minutes
- Protection against malware (ISO/IEC 27001, A.8.7)•10 minutes
- Management of technical vulnerabilities (ISO/IEC 27001, A.8.8)•10 minutes
- Information deletion (ISO/IEC 27001, A.8.10)•10 minutes
- Data leakage prevention (ISO/IEC 27001, A.8.12)•20 minutes
- Redundancy of information processing facilities (ISO/IEC 27001, A.8.14)•10 minutes
- Monitoring activities (ISO/IEC 27001, A.8.16)•10 minutes
- Clock synchronization (ISO/IEC 27001, A.8.17)•10 minutes
- Installation of software on operational systems (ISO/IEC 27001, A.8.19)•10 minutes
- Security of network services (ISO/IEC 27001, A.8.21)•10 minutes
- Use of cryptography (ISO/IEC 27001, A.8.24)•10 minutes
- Secure development life cycle (ISO/IEC 27001, A.8.25)•10 minutes
- Secure coding (ISO/IEC 27001, A.8.28)•10 minutes
- Outsourced development (ISO/IEC 27001, A.8.30)•10 minutes
- Change management (ISO/IEC 27001, A.8.32)•10 minutes
1 assignment•Total 10 minutes
- Security Controls and Information Protection•10 minutes
Instructor
Why people choose Coursera for their career
Frequently asked questions
Yes, you can preview the first video and view the syllabus before you enroll. You must purchase the course to access content not included in the preview.
If you decide to enroll in the course before the session start date, you will have access to all of the lecture videos and readings for the course. You’ll be able to submit assignments once the session starts.
Once you enroll and your session begins, you will have access to all videos and other resources, including reading items and the course discussion forum. You’ll be able to view and submit practice assessments, and complete required graded assignments to earn a grade and a Course Certificate.
More questions
Financial aid available,