ISO/IEC 27002: Manager
The ISO/IEC 27002: Manager course is designed to develop the skills required to manage, monitor, and continually improve information security controls in alignment with an organization's Information Security Management System (ISMS). ISO/IEC 27002 is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and provides detailed guidance on the implementation and management of information security controls that support ISO/IEC 27001 requirements. This course goes beyond foundation knowledge and focuses on operational control management, governance, performance measurement, and continual improvement. It prepares participants to take responsibility for control ownership, ensure controls remain effective, manage risks, and support audits and compliance activities. The course is suitable for professionals managing security controls across business units, IT, and operational environments. Course Objectives By the end of this course, participants will be able to: Manage and oversee information security controls throughout their lifecycle Align control implementation with information security risk treatment plans Assign and manage control ownership and accountability Monitor and measure control effectiveness Address control weaknesses and nonconformities Support internal and external audits related to security controls Drive continual improvement of information security controls
Course Curriculum
1
- Responsibilities of a control manager
- Relationship between ISO/IEC 27001 and ISO/IEC 27002
- Control ownership and governance
- Integrating controls into organizational processes
2
- Control design and implementation
- Operational management of controls
- Change management and control updates
- Decommissioning and replacement of controls
3
- Managing organizational controls
- Managing people controls
- Managing physical controls
- Managing technological controls
- Coordinating cross-functional control activities
4
- Linking controls to risk assessment results
- Managing residual risk
- Updating controls based on risk changes
- Supporting the risk treatment plan
5
- Defining control performance indicators
- Monitoring and reporting control effectiveness
- Using metrics to support decision-making
- Identifying trends and weaknesses
6
- Periodic control reviews
- Identifying improvement opportunities
- Managing corrective actions
- Continual improvement of controls
7
- Maintaining control-related documentation
- Evidence management
- Supporting the Statement of Applicability (SoA)
- Documentation control and version management
8
- Supporting internal ISMS audits
- Responding to audit findings
- Demonstrating control effectiveness
- Working with auditors and assessors
9
- Reporting to management and stakeholders
- Coordinating across departments
- Awareness and training related to controls
- Managing third-party and supplier controls
10
- Review of ISO/IEC 27002 Manager syllabus
- Scenario-based questions and exam techniques
- Certification exam guidance
11
- Information security managers and officers
- ISMS managers and coordinators
- Risk, compliance, and governance professionals
- Control owners and process managers
- Internal auditors and consultants
- Professionals preparing for ISO/IEC 27002 Manager certification
12
- ISO/IEC 27002 Foundation certificate or equivalent knowledge
- ISO/IEC 27001 Foundation knowledge is strongly recommended
- Experience in information security or control management is beneficial
This course includes
- 12+ Activity Modules
- 40 hours + lessons
- Lifetime access
- Certificate of completion
- Available on desktop and mobile
Some of Our Partners
