Euro-training Center
 ISOIEC 27002 Information Security Controls Y1968 QR Code
Share   Like Download Brochure (PDF) Dates and locations

ISO/IEC 27002 Information Security Controls



The international standard ISO/IEC 27002 offers instructions for choosing and implementing information security controls as well as for putting information security principles and practices into practice. It is applicable to businesses of all sizes and sectors. Information security management standards can be created using ISO/IEC 27002 and customized for each organization's unique situation.

ISO/IEC 27002 was first released in 2005 and then updated in 2013, which was followed by a new revision and publication in 2022. A list of information security measures that are frequently used in the information security sector is provided in this updated version, along with instructions for how to put them into practice. Four types of information security controls are provided by ISO/IEC 27002: organizational, human resources, physical, and technology.

Course Objectives

At the end of this course, participants will be able to:

  • Learn how to establish information security controls and control rules in accordance with ISO/IEC 27002 standards.
  • Understand of the methods and processes employed in the establishment and efficient administration of information security controls
  • Acquire the knowledge required to assist a business in organizing, putting into place, and administering information security measures.
  • Recognize the value of risk management in identifying the best information security controls.
  • Assist firms in continuously enhancing their information security management system.

Targeted Audience

  • Managers or consultants who want to learn more about how to establish information security controls in an ISMS built on ISO/IEC 27001
  • Those in charge of preserving an organization's information security, compliance, risk, or governance
  • IT consultants or professionals who want to learn more about information security
  • Members of an information security or ISMS deployment team

Course Outline:

Unit 1:Introduction to ISO/IEC 27002

  • Goals and elements of a training program
  • Frameworks for standards and regulations
  • Basic principles of information security, cybersecurity, and privacy
  • ISO/IEC 27002 and the information security management system
  • Choosing and creating controls
  • Policies, practices, and roles and responsibilities for information security

Unit 2:Information assets, operational security controls, and controls over people and the physical environment

  • Information assets and access controls
  • People controls
  • Physical controls
  • Operational security controls

Unit 3:Management of information security incidents, observation of information security measures, and certification test

  • Network controls and information system security
  • ICT supply chain and supplier relations
  • Management of information security incidents
  • testing for information security
  • keeping track of information security measures
  • Constant development

Unit 4:Information security incident management and testing and monitoring of information security controls based on ISO/IEC 27002


Select training course venue