ISO/IEC 27001 adalah standar internasional yang menetapkan persyaratan untuk sistem manajemen keamanan informasi (ISMS). Organisasi di berbagai sektor mengadopsi standar ini untuk melindungi data sensitif dan memastikan kepatuhan terhadap regulasi keamanan informasi. Implementasi ISO/IEC 27001 yang efektif dapat mengurangi risiko keamanan dan meningkatkan ketahanan organisasi terhadap ancaman siber (Smith, 2022).
Course Information Security Foundation based on ISO/IEC 27001 Exam Guide ini dirancang untuk memberikan pemahaman mendalam mengenai prinsip dasar keamanan informasi, termasuk arsitektur informasi, manajemen risiko, langkah-langkah keamanan fisik dan teknis, serta kepatuhan terhadap regulasi dan standar industri. Peserta akan mempelajari bagaimana menerapkan kebijakan keamanan, mengelola insiden keamanan, serta mengembangkan strategi mitigasi risiko dalam lingkungan bisnis yang kompleks (Brown, 2023). Selain itu, course ini akan membahas praktik terbaik dalam perlindungan aset bisnis, enkripsi, dan pengelolaan komunikasi serta operasi TI.
Course ini mengadopsi pendekatan berbasis studi kasus dan praktik langsung, memungkinkan peserta untuk memahami bagaimana menerapkan standar ISO/IEC 27001 dalam organisasi mereka. Dengan pendekatan berbasis praktik, peserta akan memperoleh keterampilan yang dibutuhkan untuk menghadapi tantangan dalam keamanan informasi modern.
OBJECTIVES
1. Memahami prinsip dasar keamanan informasi dan arsitektur keamanan
2. Menganalisis dan menerapkan manajemen risiko keamanan informasi
3. Mengimplementasikan langkah-langkah keamanan fisik, teknis, dan organisasi
4. Mengembangkan strategi manajemen insiden dan perlindungan aset bisnis
5. Memahami kepatuhan terhadap regulasi keamanan informasi dan standar internasional
6. Mempersiapkan diri secara optimal untuk ujian sertifikasi ISO/IEC 27001
AUDIENCE
1. IT Security Officer
2. Compliance Specialist
3. Risk Management Professional
4. Information Security Consultant
5. System Administrator
PREREQUISITES
Tidak ada training khusus yang dipersyaratkan
CONTENT
1 Introduction
1.1 Major Changes in the ISO/IEC 27001
1.2 Quality Overview
2 Springbooks an international bookstore
2.1 Introduction
2.2 Springbooks
2.3 Organization
2.4 Security Organization
3 Definitions and Security Concepts
3.1 Definitions
3.2 Security Concepts
3.3 Fundamentals Principles of Security
3.4 The CIA Triangle
3.5 Risk Management
3.6 Themes and Attributes
3.7 Assessing Security Risks
3.8 Measures to Reduce Risks
3.9 Types of Threats
3.10 Types of Risk Strategies
3.11 Guidelines for Implementing Security Measures
4. Context of the Organization
4.1 Fundamental principles of security
4.2 Security Policies
4.3 PDCA Model
4.4 Possession or Control
4.5 Authenticity
4.6 Utility
4.7 Due Diligence and Due Care
4.8 Information
4.9 Information Management
4.10 Distributed Computing
4.11 Operational Processes and Information
4.12 Framework for ISMS
4.13 Supervision of the Information Security Policy
4.14 The Information Security Process
5. Organization Controls
5.1 Policies for Information Security
5.2 Information Security Roles and Responsibilities
5.3 Segregation of Duties
5.4 Management Responsibilities
5.5. Contact with Authorities
5.6. Contact with Special Interest Groups
5.7. Threat Intelligence
5.8. Information Security in Project Management
5.9. Inventory of Information and Associated Assets
5.10. Acceptable Use of Information and Other Assets
5.11. Return of Assets
5.12. Classification of Information
5.13. Labelling of Information
5.14. Information Transfer
5.15. Access Control
5.16. Identity Management
5.17. Authentication Information
5.18. Access Rights
5.19. Information Security in Supplier Relationships
5.20. Addressing Information Security within Supplier Agreements
5.21. Managing Information Security in the ICT Supply Chain
5.22. Monitoring, Review and Change Management of Supplier Services
5.23. Information Security for Use of Cloud Services
5.24. Information Security Incident Management Planning and Preparation
5.25. Assessment and Decision on Information Security Events
5.26. Response to Information Security Incidents
5.27. Learning from Information Security Incidents
5.28. Collection of Evidence
5.29. Information Security During Disruption
5.30. ICT Readiness for Business Continuity
5.31. Identification of Legal, Statutory, Regulatory and Contractual Requirements
5.32. Intellectual Property Rights
5.33. Protection of Records
5.34. Privacy and Protection of PII
5.35. Independent Review of Information Security
5.36. Compliance with Information Security Policies and Standards
6. People Controls
6.1. Screening
6.2. Terms and Conditions of Employment
6.3. Information Security Awareness, Education and Training
6.4. Disciplinary Process
6.5. Responsibilities After Termination or Change of Employment
6.6. Confidentiality or Non-Disclosure Agreements
6.7. Remote Working
6.8. Information Security Event Reporting
7. Physical Controls
7.1. Physical Security Perimeter
7.2. Physical Entry Controls
7.3. Securing Offices, Rooms and Facilities
7.4. Physical Security Monitoring
7.5. Protecting Against Physical and Environmental Threats
7.6. Working in Secure Areas
7.7. Clear Desk and Clear Screen
7.8. Equipment Siting and Protection
7.9. Security of Assets Off-Premises
7.10. Storage Media
7.11. Supporting Utilities
7.12. Cabling Security
7.13. Equipment Maintenance
7.14. Secure Disposal or Re-Use of Equipment
8. Technological Controls
8.1. User Endpoint Devices
8.2. Privileged Access Rights
8.3. Information Access Restriction
8.4. Access Control to Source Code
8.5. Secure Authentication
8.6. Capacity Management
8.7. Protection Against Malware
8.8. Management of Technical Vulnerabilities
8.9. Configuration Management
8.10. Information Deletion
8.11. Data Masking
8.12. Data Leakage Prevention
8.13. Information Back-Up
8.14. Redundancy of Information Processing Facilities
8.15. Logging
8.16. Monitoring Activities
8.17. Clock Synchronization
8.18. Use of Privileged Utility Programs
8.19. Installation of Software on Operational Systems
8.20. Networks Security
8.21. Security of Network Services
8.22. Segregation in Networks
8.23. Use of Web Filtering
8.24. Use of Cryptography
8.25. Secure Development Lifecycle
8.26. Application Security Requirements
8.27. Secure System Architecture and Engineering Principles
8.28. Secure Coding
8.29. Security Testing in Development and Acceptance
8.30. Outsourced Development
8.31. Separation of Development, Test and Production Environments
8.32. Change Management
8.33. Test Information
8.34. Protection of Information Systems During Audit Testing
Course Features
- Lectures 82
- Quizzes 2
- Duration 24 hours
- Skill level All levels
- Language Indonesia
- Students 0
- Certificate No
- Assessments Yes
- 14 Sections
- 82 Lessons
- 24 Hours
- PERSIAPAN2
- PEMBELAJARAN11
- 2.11. Introduction
- 2.22, Case study: Springbooks an international bookstore
- 2.33. Definitions
- 2.44. Information, security and architecture
- 2.55. Security management
- 2.66. Business assets and information security incidents
- 2.77. Physical measures
- 2.88 Technical measures (IT security)
- 2.99. Organizational measures
- 2.1010. Managing communication and operating processes
- 2.1111. Law, regulations and standards
- 1. INTRODUCTION0
- 2 CASE STUDY: SPRINGBOOKS AN INTERNATIONAL BOOKSTORE2
- 3. DEFINITIONS0
- 4. INFORMATION, SECURITY AND ARCHITECTURE8
- 5. SECURITY MANAGEMENT10
- 7.15.1 Security definitions
- 7.25.2 Assessing security risks
- 7.35.3 Mitigating security risks
- 7.45.4 Risk management
- 7.55.5 Risk analysis
- 7.65.6 Countermeasures to mitigate the risk
- 7.75.7 Types of threats
- 7.85.8 Types of damage
- 7.95.9 Types of risk strategies
- 7.105.10 Guidelines for implementing security measures
- 6. BUSINESS ASSETS AND INFORMATION SECURITY INCIDENTS5
- 7. PHYSICAL MEASURES8
- 8 TECHNICAL MEASURES (IT SECURITY)8
- 9. ORGANIZATIONAL MEASURES3
- 10. MANAGING COMMUNICATION AND OPERATING PROCESSES14
- 12.110.1 Operating procedures and responsibilities
- 12.210.2 Change management
- 12.310.3 Segregation of duties
- 12.410.4 Development, testing, acceptance and production
- 12.510.5 Management of services by a third party
- 12.610.6 Protection against malware, phishing and spam
- 12.710.7 Some definitions.
- 12.810.8 Back-up and restore
- 12.910.9 Managing network security.
- 12.1010.10 Handling media
- 12.1110.11 Mobile equipment
- 12.1210.12 Exchanging information
- 12.1310.13 Services for e-commerce
- 12.1410.14 Publically available information
- 11 LAW, REGULATIONS AND STANDARDS11
- 13.111.1 Observance of statutory regulations
- 13.211.2 Compliance
- 13.311.3 Intellectual property rights (IPR)
- 13.411.4 Protecting business documents
- 13.511.5 Protecting data and the confidentiality of personal data
- 13.611.6 Preventing abuse of IT facilities
- 13.711.7 Observing security policy and security standards.
- 13.811.8 Monitoring measures
- 13.911.9 Information system audits.
- 13.1011.10 Protecting tools used for auditing information systems
- 13.1111.11 Standards and standards organizations
- PENUTUPAN2
