In today’s digital age, effective information security management is crucial for safeguarding organizational data and ensuring compliance with international standards. This course provides an in-depth understanding of ISO 27001 controls, helping professionals design, implement, and audit a robust Information Security Management System (ISMS).

Through a structured, step-by-step learning approach, you’ll explore practical methods for managing and auditing security measures. The course helps you apply ISO 27001 principles to real-world environments, enabling you to strengthen compliance, reduce risks, and enhance your organization’s security posture. What sets this course apart is its balance of theory and practical application—combining technical knowledge with actionable insights drawn from real-world security and audit scenarios. You’ll gain confidence in interpreting ISO standards and translating them into effective organizational policies. This course is ideal for security managers, compliance officers, IT auditors, and professionals responsible for governance, risk, and compliance. A foundational understanding of information security is helpful but not required. Copyright @ Bridget Kenyon 2019, 2024. The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work. Formerly published as Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001 by BSI. First published in the United Kingdom in 2019 by IT Governance Publishing. Every possible effort has been made to ensure that the information contained in this course is accurate, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader’s own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at: IT Governance Publishing Ltd, Unit 3, Clive Court, Bartholomew’s Walk, Cambridgeshire Business Park, Ely, Cambridgeshire, CB7 4EA, United Kingdom. www.itgovernancepublishing.co.uk