Extended version of PECB Webinar of 15/oct/2020
Base version here:
https://www.slideshare.net/PECBCERTIFICATION/isoiec-27701-vs-isoiec-27001-vs-nist-essential-things-you-need-to-know
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor
In this session, we will go through the roles and responsibilities of the main actors responsible for protecting data in an organization: the Data Protection Officer, Information Security Manager, and Information Security Auditor.
The webinar will cover:
• What are the roles and responsibilities of the main actors responsible for protecting data in an organization?
• How can an organization find out if they are required to designate a DPO role or not?
• Can the roles of a DPO and Information Security Manager be covered by the same individual?
• What organizations are required to do to have the DPO perform its role and responsivities independently?
Presenter:
Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Our second presenter is Stefan Mathuvis, owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.
Recorded webinar: https://www.youtube.com/watch?v=Y0hnv1laxAw&feature=youtu.be
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
- Applications, tools and software for the implementation and documentation of the new ISO 27701 for GDPR and DPA compliance
- Key control objectives, requirement based on the ISO 2700 on information security
- How to prepare for an independent certification
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
Just a few days ago NIST published a complete refresh of the SP800-53, which provides a catalog of security measure to protect an organization against a variety of risks and threats.
How might NIST guidance fit in an information security management system like ISO/IEC 27001 and its privacy extension ISO/IEC 27701?
In this session, we will make a quick walk-through the standards and best practices, compare them, and find out how they map and differ from one another.
The webinar will cover:
• A quick recap of the topics covered in ISO27001/ISO27701
• Discovering the NIST guidelines for Information & cyber Security (SP800-SP1800)
• Main differences and mappings between NIST guidance and ISO27001
• About the latest publication (sep/2020) on NIST SP800-53 (Security and Privacy Controls for Information Systems and Organizations)
• Implementing information & cyber-security best practices
Date: October 14, 2020
YouTube presentation: https://youtu.be/zfsxSaaErqg
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...PECB
Key Data Privacy Roles Explained: Data Protection Officer, Information Security Manager, and Information Security Auditor
In this session, we will go through the roles and responsibilities of the main actors responsible for protecting data in an organization: the Data Protection Officer, Information Security Manager, and Information Security Auditor.
The webinar will cover:
• What are the roles and responsibilities of the main actors responsible for protecting data in an organization?
• How can an organization find out if they are required to designate a DPO role or not?
• Can the roles of a DPO and Information Security Manager be covered by the same individual?
• What organizations are required to do to have the DPO perform its role and responsivities independently?
Presenter:
Our first presenter for this webinar is Peter Geelen, director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Our second presenter is Stefan Mathuvis, owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy.
Recorded webinar: https://www.youtube.com/watch?v=Y0hnv1laxAw&feature=youtu.be
How can the ISO 27701 help to design, implement, operate and improve a privac...Hernan Huwyler, MBA CPA
- Applications, tools and software for the implementation and documentation of the new ISO 27701 for GDPR and DPA compliance
- Key control objectives, requirement based on the ISO 2700 on information security
- How to prepare for an independent certification
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
Just a few days ago NIST published a complete refresh of the SP800-53, which provides a catalog of security measure to protect an organization against a variety of risks and threats.
How might NIST guidance fit in an information security management system like ISO/IEC 27001 and its privacy extension ISO/IEC 27701?
In this session, we will make a quick walk-through the standards and best practices, compare them, and find out how they map and differ from one another.
The webinar will cover:
• A quick recap of the topics covered in ISO27001/ISO27701
• Discovering the NIST guidelines for Information & cyber Security (SP800-SP1800)
• Main differences and mappings between NIST guidance and ISO27001
• About the latest publication (sep/2020) on NIST SP800-53 (Security and Privacy Controls for Information Systems and Organizations)
• Implementing information & cyber-security best practices
Date: October 14, 2020
YouTube presentation: https://youtu.be/zfsxSaaErqg
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
ControlCase Discussed:
•What is ISO 27001
•How can companies get ready for ISO 27701 privacy standard
•What is the certification process to ISO 27701
•Common challenges
ISO/TS 29001:2010 defines the quality management system requirements for the design, development, production, installation and service of products for the petroleum, petrochemical and natural gas industries.
With all of the acronyms and numbers, it is challenging to determine what is what in the world of cyber security and compliance.
In the government space, the National Institute of Standards (NIST) has been the key body for identifying and determining standards related to protecting critical infrastructure and government data.
Participants will walk away more conversant in the alphabet soup of NIST requirements and how they apply to these various programs.
This presentation:
• Provides a deep dive in the the similarities and differences between standards such as NIST 800-53, 800-171, and frameworks such as the cybersecurity framework
• How these standards and frameworks apply to FedRAMP, CJIS, and very specific programs covering data like the Death Master File (DMF)
Learn more about the importance of ISO 27001 and its role on GRC, what the advantages of starting with ISO 27001 are and the importance of its structure.
Main points covered:
• Definition and goals of GRC (Governance, Risk and Compliance)
• How the structure of ISO/IEC 27001 implements GRC
• Advantages of starting with ISO/IEC 27001
Presenter:
This webinar was presented by Jorge Lozano. He is a senior manager at the Cybersecurity & Privacy practice of PwC Mexico. He has over 17 years of experience in information security and holds the CISSP, CISM, CEH, and ISO27001LI certifications. He is an instructor of PECB for the ISO27001 Introduction, Foundation and Lead Implementer courses.
Link of the recorded session published on YouTube: https://youtu.be/sLfAarQ8cf0
We provide you an experienced DPO on a cost-effective basis, as allowed by GDPR. Our data protection services are available anytime ask for guidance and reassurance
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
New data protection regulations have significantly impacted the way that businesses collect, store, and handle clients’ personal information.
Considering the continuously increasing importance of data protection and privacy in today’s world, businesses should be up to speed with their data privacy policies and procedures.
The webinar covers:
1. ISO/IEC 27001 – Information Security Framework Key requirements under CCPA, CPRA, GDPR
• ISO/IEC 27005 – Information Security Risk Management
• ISO/IEC 27035 – Information Security Incident Management
• ISO/IEC 22301 & 27031 - Business Continuity Management (BCM)
2. Alternative Frameworks
• CMMC - Cybersecurity Maturity Model Certification
• NIST CSF Cybersecurity Framework
• ISO/IEC 27032 – Guidelines for Cybersecurity
3. Supplier Management
Date: April 21, 2021
Recorded Webinar: https://youtu.be/bi3tvvhGV1s
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
The adoption of laws protecting the data of individuals and consumers is becoming a driving force to push organizations to revisit their security around client and personal data. In addition, with the rise of government legislated personal data protection laws such as GDPR, individuals in other jurisdictions are now looking for better personal data protection. In this presentation, we will examine two US laws as well as the ISO/IEC 27001 standard and we will look at commonalities and differences between these three and how data security is driven from each.
The webinar will covered:
• An overview of the state of data security/privacy today
• Current trends driving adoption of stronger data protection standards/laws
• An overview of data protection in ISO/IEC 27001, CCPA, and the NYC Shield Act
• A comparison of ISO/IEC 27001, CCPA and the NYC Shield Act
• Lessons to be applied
Recorded webinar:
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
Due to an increase in the collection of consumer data, high-profile data breaches have become common.
Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy.
The webinar covers:
Data protection, a global development
Introduction to the GDPR, ePrivacy & ISO/IEC 27701
GDPR & ISO/IEC 27701mapping
ePrivacy & ISO/IEC 27701 mapping
Recorded Webinar: https://youtu.be/oVhIoHAGGwk
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Schellman & Company
ISO 27017 /27018 is the first international code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII).
Discover:
• Background of ISO 27017 and 27018
• Scope and Purpose
• Comparison with ISO 27001 and 27002
• Future of ISO 27017 with ISO 27018
• Challenges and Benefits
• Certification Process and Next Steps
Privacy is a growing concern in today’s compliance environment.
Existing and new requirements continue to push for organizations to properly address their privacy risk.
As a cloud provider, there is no better way to help ensure that an organization is serious about their customers and their customers’ data than to include the control requirements from ISO 27018 into their compliance stack.
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
ISO 27001 Implementation Taining done by Industry Experts,customized for you & connected with relevance to your Industry, products, services & Processes
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
ISO 27001 Internal Auditor Taining is done by Industry Experts, customized for you & connected with relevance to your Industry, products, services & Processes
The EU ePrivacy Directive - Navigating the UK Cookie LawSilverpop
Silverpop and the IMRG take a look at the EU ePrivacy Directive and the UK implementation. Contains an overview of the ICO guidance as well as best practice recommendations on how marketers can become compliant.
Doug Landoll, CEO, Lantego
Four Deadly Traps in Using Information Security Frameworks
Frameworks can be used to effectively build or assess information security programs, but applied incorrectly and they effectively mask major program gaps. During this talk, Mr. Landoll will explain the four framework traps and how to avoid them and how to effectively utilize a framework to build or assess an information security program. Mr. Landoll will focus on the NIST 800-53 framework as an example.
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
ControlCase Discussed:
•What is ISO 27001
•How can companies get ready for ISO 27701 privacy standard
•What is the certification process to ISO 27701
•Common challenges
ISO/TS 29001:2010 defines the quality management system requirements for the design, development, production, installation and service of products for the petroleum, petrochemical and natural gas industries.
With all of the acronyms and numbers, it is challenging to determine what is what in the world of cyber security and compliance.
In the government space, the National Institute of Standards (NIST) has been the key body for identifying and determining standards related to protecting critical infrastructure and government data.
Participants will walk away more conversant in the alphabet soup of NIST requirements and how they apply to these various programs.
This presentation:
• Provides a deep dive in the the similarities and differences between standards such as NIST 800-53, 800-171, and frameworks such as the cybersecurity framework
• How these standards and frameworks apply to FedRAMP, CJIS, and very specific programs covering data like the Death Master File (DMF)
Learn more about the importance of ISO 27001 and its role on GRC, what the advantages of starting with ISO 27001 are and the importance of its structure.
Main points covered:
• Definition and goals of GRC (Governance, Risk and Compliance)
• How the structure of ISO/IEC 27001 implements GRC
• Advantages of starting with ISO/IEC 27001
Presenter:
This webinar was presented by Jorge Lozano. He is a senior manager at the Cybersecurity & Privacy practice of PwC Mexico. He has over 17 years of experience in information security and holds the CISSP, CISM, CEH, and ISO27001LI certifications. He is an instructor of PECB for the ISO27001 Introduction, Foundation and Lead Implementer courses.
Link of the recorded session published on YouTube: https://youtu.be/sLfAarQ8cf0
We provide you an experienced DPO on a cost-effective basis, as allowed by GDPR. Our data protection services are available anytime ask for guidance and reassurance
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
New data protection regulations have significantly impacted the way that businesses collect, store, and handle clients’ personal information.
Considering the continuously increasing importance of data protection and privacy in today’s world, businesses should be up to speed with their data privacy policies and procedures.
The webinar covers:
1. ISO/IEC 27001 – Information Security Framework Key requirements under CCPA, CPRA, GDPR
• ISO/IEC 27005 – Information Security Risk Management
• ISO/IEC 27035 – Information Security Incident Management
• ISO/IEC 22301 & 27031 - Business Continuity Management (BCM)
2. Alternative Frameworks
• CMMC - Cybersecurity Maturity Model Certification
• NIST CSF Cybersecurity Framework
• ISO/IEC 27032 – Guidelines for Cybersecurity
3. Supplier Management
Date: April 21, 2021
Recorded Webinar: https://youtu.be/bi3tvvhGV1s
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
The adoption of laws protecting the data of individuals and consumers is becoming a driving force to push organizations to revisit their security around client and personal data. In addition, with the rise of government legislated personal data protection laws such as GDPR, individuals in other jurisdictions are now looking for better personal data protection. In this presentation, we will examine two US laws as well as the ISO/IEC 27001 standard and we will look at commonalities and differences between these three and how data security is driven from each.
The webinar will covered:
• An overview of the state of data security/privacy today
• Current trends driving adoption of stronger data protection standards/laws
• An overview of data protection in ISO/IEC 27001, CCPA, and the NYC Shield Act
• A comparison of ISO/IEC 27001, CCPA and the NYC Shield Act
• Lessons to be applied
Recorded webinar:
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?PECB
Due to an increase in the collection of consumer data, high-profile data breaches have become common.
Currently, there are 128 countries all over the world that have already put in place regulations to secure the protection of data and privacy.
The webinar covers:
Data protection, a global development
Introduction to the GDPR, ePrivacy & ISO/IEC 27701
GDPR & ISO/IEC 27701mapping
ePrivacy & ISO/IEC 27701 mapping
Recorded Webinar: https://youtu.be/oVhIoHAGGwk
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Schellman & Company
ISO 27017 /27018 is the first international code of practice that focuses on protection of personal data in the cloud. It is based on ISO information security standard 27002 and provides implementation guidance on ISO 27002 controls applicable to public cloud Personally Identifiable Information (PII).
Discover:
• Background of ISO 27017 and 27018
• Scope and Purpose
• Comparison with ISO 27001 and 27002
• Future of ISO 27017 with ISO 27018
• Challenges and Benefits
• Certification Process and Next Steps
Privacy is a growing concern in today’s compliance environment.
Existing and new requirements continue to push for organizations to properly address their privacy risk.
As a cloud provider, there is no better way to help ensure that an organization is serious about their customers and their customers’ data than to include the control requirements from ISO 27018 into their compliance stack.
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
ISO 27001 Implementation Taining done by Industry Experts,customized for you & connected with relevance to your Industry, products, services & Processes
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
ISO 27001 Internal Auditor Taining is done by Industry Experts, customized for you & connected with relevance to your Industry, products, services & Processes
The EU ePrivacy Directive - Navigating the UK Cookie LawSilverpop
Silverpop and the IMRG take a look at the EU ePrivacy Directive and the UK implementation. Contains an overview of the ICO guidance as well as best practice recommendations on how marketers can become compliant.
Doug Landoll, CEO, Lantego
Four Deadly Traps in Using Information Security Frameworks
Frameworks can be used to effectively build or assess information security programs, but applied incorrectly and they effectively mask major program gaps. During this talk, Mr. Landoll will explain the four framework traps and how to avoid them and how to effectively utilize a framework to build or assess an information security program. Mr. Landoll will focus on the NIST 800-53 framework as an example.
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
Module 6: Standards for Information Security Management
Information Security Management Systems (ISMS) - ISO 27001 - Framing Security Policy of
Organization- Committees- Security Forum, Core Committee, Custodian and Users, Business
Continuity Process Team & Procedure- Information Security Auditing Process. IT Security Incidents
NIST Cybersecurity Framework is voluntary framework to support the emerging needs for having robust and effective cyber security practices across an enterprise. This presentation recaps the Framework 6 months into implementation and along with changes. Also, discusses the capabilities of TrustedAgent GRC to accelerate and strengthen the implementation of an effective cybersecurity program by automating or addressing many of the practices required by the framework.
Webinar presentation September 20, 2016.
This deck introduces the CSCC’s deliverable, Cloud Security Standards: What to Expect and What to Negotiate V2.0, which was updated in August 2016 to reflect the latest developments in cloud security standards. The presentation is an overview of the various security standards, frameworks, and certifications that exist for cloud computing. This information will help cloud customers understand and distinguish between the different types of security standards that exist and assess the security standards support of their cloud service providers.
Read the CSCC's deliverable here: http://www.cloud-council.org/deliverables/cloud-security-standards-what-to-expect-and-what-to-negotiate.htm
Webinar presentation: November 17, 2016
Subject matter experts from the CSCC present an overview of the security standards, frameworks, and certifications that exist for cloud computing. We also discuss privacy considerations in light of new regulations (e.g., EU’s General Data Protection Regulation (GDPR)). This presentation helps cloud customers understand and distinguish between the different types of security standards that exist and assess the security standards support of their cloud service providers.
Read the CSCC's deliverable, Cloud Security Standards: What to Expect and What to Negotiate: http://www.cloud-council.org/deliverables/cloud-security-standards-what-to-expect-and-what-to-negotiate.htm
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
Learn about the mandate for NIST Special Publication 800-171 and the upcoming deadline for compliance of December 31, 2017. Get answers to questions such as: what is NIST, who needs to comply, what are the requirements, and how do I know if I’m already compliant?
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
In a recent survey of IBM Power Systems users, 52% state they are focusing security investments on compliance auditing and reporting while 28% said they anticipate increased regulatory complexity as a security challenge for the remainder of the year.
Do you need to accelerate compliance for your IBM i systems? Whether it be for PCI, SOX, GDPR or other regulations, view this 15-minute webcast on-demand to learn more about:
• The importance of security risk assessments for compliance
• Implementing compliance policies that align with regulations
• Generating reports and alerts that flag compliance issues
• Trade-offs between do-it-yourself and third-party solutions
Iso iec 27001 foundation training course by interpromMart Rovers
What is involved with the ISO/IEC 27001 Foundation certification training course? Learn about the course curriculum, target audience, duration, formats, exam, fees and much more.
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
Because of the ongoing increase in consumer data collection, breaches have also been increasing.
In this regards the information security, data privacy, and cybersecurity standards provide some guidelines and requirements on how to better manage and deal with such breaches.
Amongst others, the webinar covers:
• ISO 27032:2012 – A Framework for Cybersecurity Risks
• ISO/IEC 27000-series, Standards, 27001 vs 27002
• ISO 27002:2022 and 27001:2022 Updates
Presenters:
Danny Manimbo
Danny Manimbo is a Principal with Schellman, based in Denver, Colorado. As a member of Schellman’s West Coast/Mountain region management team, Danny is primarily responsible for co-leading Schellman's ISO practice and the development and oversight of Schellman's SOC practice line, as well as specialty practices such as HIPAA. Danny has been with Schellman for nine years and has over 11 years of experience in providing data security audit and compliance services.
Erik Tomasi
Erik Tomasi is the Managing Partner at EMTsec, a security consulting firm based in Miami and New York. He leads the firm’s consulting division and manages client relationships across several industry sectors. Mr. Tomasi is considered an expert in information security, risk management, and technology management.
Sawyer Miller
Sawyer is a Senior Manager who oversees the ISO practice for risk3sixty, an Atlanta-based Security, Privacy, and Compliance firm helping clients implement business-first information security and compliance programs.
Date: June 22, 2022
Tags: ISO, ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27032, Data protection, Data Privacy, Cybersecurity, Information Security
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection
https://pecb.com/whitepaper/no-iso-27001-certified-companies-among-largest-data-breaches-2014-2015
https://pecb.com/whitepaper/isoiec-270022013-information-technology---security-techniques-code-of-practice-for-information-security-controls
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/fE3DqISAfQY
Our audits are designed to help you determine your SAP landscape's actual risk exposure and pinpoint areas that are open to potential attacks. They include everything from your infrastructure and SAP system parameters to individual component configurations and authorizations.
Also if your company's migration to SAP HANA or S/4HANA is right around the corner. An audit offers an ideal solution for safeguarding your systems and taking all the necessary security measures before you start your transition.
Our approach is based on SAP's security guidelines, the recommendations of the German Federal Office for Information Security (BSI), and the information security standard DIN ISO 27001.
Topics of focus:
• Challenges, tools and proven methods
• Advantages of a root cause analysis and of the resulting risks for your company
• Quick check vs. audit vs. penetrationtest
• Our project approach at a glance
• Recommendations for the follow-up of an Audit
-----------------------------------------------------------------------------------------
Für Informationen auf Deutsch, sprechen Sie uns gerne an: sast@akquinet.de
Similar to 20201014 iso27001 iso27701 nist v2 (extended version) (20)
Red flags and attention points in cloud security audit, watch the security ga...Peter GEELEN ✔
In his presentation, Peter will share his insights and experiences on Red flags and attention points in cloud security audit, watch the security gates.
20210325 Slides - (ISC) BeLux Chapter - Using Enterprise Security for cyberse...Peter GEELEN ✔
Making business execs aware of and ultimately responsible for the cybersecurity agenda is not an easy endeavour. Connecting the strategic business realm with the hard-core reality of cybersecurity is a daunting task for security leaders, and needs to be addressed carefully–as cybersecurity is a business responsibility, not merely an information technology task. Enterprise architecture offers the tools and methods to connect these conflicting realities, to close the gap between opportunities and liabilities and to provide a platform for meaningful insights and alignment. In this talk we go into how to use enterprise architecture methods to transform liabilities into opportunities, and get business executives excited about cybersecurity.
Speaker: Niek de Visscher
Having a background with KPMG as management consultant, Niek is leading Digital Innovation Benelux, a strategic, human-oriented digital consulting firm. He’s also DI’s Group CTO. Niek is a business technology professional with a 22-year track record of managing successful business technology & IT enabled business transformation projects, working for large global brands such as adidas, Shell, and Philips in several architecture and tech-leadership roles.
The meeting will be an on-line TEAMS meeting: http://ffwd2.me/ISC2Belux_20210325
Identity Days 2019 - Sécurisation MiM (Peter Geelen)Peter GEELEN ✔
Le but de cette session est de fournir un aperçu des meilleures pratiques de sécurité pour sécuriser votre infrastructure Identity Manager, à la fois sur site et sur le cloud. Ce document est plutôt une liste de contrôle et des consignes de sécurité qu'un guide détaillé, étape par étape. Il fournit des astuces et des conseils pratiques pour sécuriser votre configuration, avec de nombreuses considérations de conception.
À emporter, vous aurez un guide pratique et des pistes de réflexion pour sécuriser votre infrastructure de gestion des identités et vérifier votre configuration par rapport aux meilleures pratiques.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
5. 1. Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard -
(2019-12-09)
2. ISO/IEC 27701 vs GDPR - What you need to know (2020-01-29)
3. Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
(2020-04-15)
4. Key Data Privacy Roles Explained: Data Protection Officer, Information
Security Manager, and Information Security Auditor (2020-06-24)
• Check the past webinars on the PECB website at
• https://pecb.com/past-webinars
Find all sessions with Q&A + collaterals (decks, recording) at:
http://ffwd2.me/PECB_ISO27001_webinars (short cut to LinkedIN page)
Previous sessions
6. • Best practices ≠ regulations
• ISO Requirements (ref. audit) vs guidelines
• Privacy ≠ Data Protection
• Data protection ≠ Information Security
• PII vs Personal Data
• International vs. Regional
Quick Recap
8. ISO or NIST deep dive
• Course material reference see later
• NIST document reference see later
The nuts and bolts of ISMS
Just know that it has
• 10 chapters, 7 clauses (Clause 4..10, built on PDCA)
• Annex with
• 14 main categories (A5..A18)
• 35 subcategories
• 114 controls / measures
• Course material reference, see later
What this session is not about
9. ISO/IEC 27000 series
• ISO27001 and ISO27701 = certifiable
• Total 59 documents
ISO27000 series including
• Code of practices
• Guidance
• Auditing (ISO27006)
• Incident management (ISO27035)
• Cybersecurity (ISO27032)
• Business continuity, Communications security, Application Security, Supply Chain,
Storage, …
• More info: https://www.iso.org/committee/45306/x/catalogue/p/1/u/0/w/0/d/0
And also
10. The nuts and bolts of PIMS
Just know that it
• Is certifiable like ISMS
• Is Privacy & GDPR add-on to ISMS
• Add specifications to interpretation of information security
• Now including PII/personal data
• Extra requirements from GDPR & other legislation
• Interesting annex
• GDPR mapping
• ISO29100 (Privacy) mapping
What this session is not about
12. Source: https://www.nist.gov/about-nist/our-organization/mission-vision-values
About
• Founded in 1901
• Now part of US Department of Commerce
Mission
“To promote U.S. innovation and industrial competitiveness by advancing measurement science,
standards, and technology in ways that enhance economic security and improve our quality of life.”
Core competencies
• Measurement science
• Rigorous traceability
• Development and use of standards
NIST
14. This session focus
• NIST Special publications (SP)
• https://csrc.nist.gov/publications/sp
• Computer security (SP800)
• https://csrc.nist.gov/publications/sp800
• 188 docs
Also check (not covered today)
• SP1800 (Cybersecurity practice guides)
• https://csrc.nist.gov/publications/sp1800
• Not covered in detail today
• 25 documents
NIST – Privacy, Cyber & Information security
15. ISO27001 NIST SP800-53
Management Clauses 7 Incl.
Control Categories 15 20
Subcategories 35 321
Total Controls 114 1189
Pages 23+80 464
Additional ISO27x standards NIST SP800 series
59 188
NIST SP1800 (Cyber)
25
NIST – SP800 level of detail
16. SP800 Series
• 800-53 rev 5 (dd 2020-09-23, fresh !)
• Security and Privacy Controls for Information Systems and Organizations
• (FYI, 464 pag.)
But also
• 800-12: Intro to Information Security
• 800-39: Information Security Risk
• 800-55: Performance management,
And
• Patch management, Firewalls, electronic mail, TLS, PKI, Bluetooth, …
NIST – SP800
19. Abstract
• Catalog of security and privacy control
• For information systems and organizations
• To protect organizational operations and assets, individuals, other
organizations
• Against from a diverse set of threats and risks,
• including hostile attacks, human errors, natural disasters, structural failures,
foreign intelligence entities, and privacy risks.
• Controls are flexible and customizable
• Implemented as part of an organization-wide process to manage risk
• Derived from mission and business needs, regulations, legal requirement …
• Functionality (effectiveness) and assurance perspective (trust)
NIST SP800-53 rev.5
20. Add-ons
• [SP 800-30] provides guidance on the risk assessment process.
• [IR 8062] introduces privacy risk concepts.
• [SP 800-39] provides guidance on risk management processes and strategies.
• [SP 800-37] provides a comprehensive risk management process.
• [SP 800-53A] provides guidance on assessing the effectiveness of controls.
• [SP 800-53B] provides guidance for tailoring security and privacy control
baselines and for developing overlays to support the specific protection needs
and requirements of stakeholders and their organizations.
NIST SP800-53 rev.5
22. Chapter 1 (quick check)
• The need to protect information, systems, organization & individuals
• Purpose & applicability
• Audience
• Organization responsibilities
• Relation to other publications
• Revision & extensions
• Rev 5 (2020) vs Rev 4 (2016)
NIST SP800-53 rev.5
23. Chapter 2
• Fundamental concepts
• Associated with security and privacy
• Controls, including
• The structure of the controls,
• How the controls are organized in the consolidated catalog,
• Control implementation approaches,
• The relationship between
• Security and privacy controls, and
• Trustworthiness and assurance
NIST SP800-53 rev.5
24. Chapter 3 (full catalog)
• Consolidated catalog of security and privacy controls
• Incl. discussion section to explain the purpose of each control and
• Provide useful information regarding
• control implementation and
• assessment,
• A list of related controls to show
• The relationships and dependencies among controls, and
• A list of references to supporting
• Publications that may be helpful to organizations
NIST SP800-53 rev.5
26. Detail provided on every security control/measure
• Control identifier
• Control name
• Base control
• Security measure definition
• Organization tasks (org defined parameter)
• Control enhancement
• Additional sources
• Links to other controls
NIST SP800-53 rev.5
28. Control implementation & classification
• Implementation approaches
• Common implementation (applies to multiple system)
• System Specific
• Hybrid (mix of both)
• Security vs Privacy
• Trustworthiness
• Important part of risk management strategy
• Impact on trustworthiness
• Functionality (effectiveness of security)
• Assurance (measure of confidence)
NIST SP800-53 rev.5
30. Access control
• 25 main
• 122 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
AC-1 Policy and Procedures
AC-2 Account Management
AC-3 Access Enforcement
AC-4 Information Flow Enforcement
AC-5 Separation of Duties
AC-6 Least Privilege
AC-7 Unsuccessful Logon Attempts
AC-8 System Use Notification
AC-9 Previous Logon Notification
AC-10 Concurrent Session Control
AC-11 Device Lock
AC-12 Session Termination
AC-13 Supervision and Review-Access Control
AC-14 Permitted Actions without Identification or Authentication
AC-15 Automated Marking
AC-16 Security and Privacy Attributes
AC-17 Remote Access
AC-18 Wireless Access
AC-19 Access Control for Mobile Devices
AC-20 Use of External Systems
AC-21 Information Sharing
AC-22 Publicly Accessible Content
AC-23 Data Mining Protection
AC-24 Access Control Decisions
AC-25 Reference Monitor
ACCESS CONTROL FAMILY
Collaboration
Index Value
31. Awareness and training
• 6 main
• 11 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
AT-1 Policy and Procedures
AT-2 Literacy Training and Awareness
AT-3 Role-Based Training
AT-4 Training Records
AT-5 Contacts with Security Groups and Associations
AT-6 Training Feedback
AWARENESS AND TRAINING FAMILY
Collaboration
Index Value
32. Audit & accountability
• 16 main
• 53 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
AU-1 Policy and Procedures
AU-2 Event Logging
AU-3 Content of Audit Records
AU-4 Audit Log Storage Capacity
AU-5 Response to Audit Logging Process Failures
AU-6 Audit Record Review, Analysis, and Reporting
AU-7 Audit Record Reduction and Report Generation
AU-8 Time Stamps
AU-9 Protection of Audit Information
AU-10 Non-repudiation
AU-11 Audit Record Retention
AU-12 Audit Record Generation
AU-13 Monitoring for Information Disclosure
AU-14 Session Audit
AU-15 Alternate Audit Logging Capability
AU-16 Cross-Organizational Audit Logging
AUDIT AND ACCOUNTABILITY FAMILY
Collaboration
Index Value
33. Assessment, AuthN and monitoring
• 9 main
• 23 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
CA-1 Policy and Procedures
CA-2 Control Assessments
CA-3 Information Exchange
CA-4 Security Certification
CA-5 Plan of Action and Milestones
CA-6 Authorization
CA-7 Continuous Monitoring
CA-8 Penetration Testing
CA-9 Internal System Connections
ASSESSMENT, AUTHORIZATION, AND MONITORING FAMILY
Collaboration
Index Value
34. Configuration Management
• 14 main
• 53 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
CM-1 Policy and Procedures
CM-2 Baseline Configuration
CM-3 Configuration Change Control
CM-4 Impact Analyses
CM-5 Access Restrictions for Change
CM-6 Configuration Settings
CM-7 Least Functionality
CM-8 System Component Inventory
CM-9 Configuration Management Plan
CM-10 Software Usage Restrictions
CM-11 User-Installed Software
CM-12 Information Location
CM-13 Data Action Mapping
CM-14 Signed Components
CONFIGURATION MANAGEMENT FAMILY
Collaboration
Index Value
35. Contingency planning
• 13 main
• 43 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
CP-1 Policy and Procedures
CP-2 Contingency Plan
CP-3 Contingency Training
CP-4 Contingency Plan Testing
CP-5 Contingency Plan Update
CP-6 Alternate Storage Site
CP-7 Alternate Processing Site
CP-8 Telecommunications Services
CP-9 System Backup
CP-10 System Recovery and Reconstitution
CP-11 Alternate Communications Protocols
CP-12 Safe Mode
CP-13 Alternative Security Mechanisms
CONTINGENCY PLANNING FAMILY
Collaboration
Index Value
36. Identification & Authentication
• 12 main
• 58 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
IA-1 Policy and Procedures
IA-2 Identification and Authentication (Organizational Users)
IA-3 Device Identification and Authentication
IA-4 Identifier Management
IA-5 Authenticator Management
IA-6 Authentication Feedback
IA-7 Cryptographic Module Authentication
IA-8 Identification and Authentication (Non-Organizational Users)
IA-9 Service Identification and Authentication
IA-10 Adaptive Authentication
IA-11 Re-authentication
IA-12 Identity Proofing
IDENTIFICATION AND AUTHENTICATION FAMILY
Collaboration
Index Value
37. Incident response
• 9 main
• 32 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
IR-1 Policy and Procedures
IR-2 Incident Response Training
IR-3 Incident Response Testing
IR-4 Incident Handling
IR-5 Incident Monitoring
IR-6 Incident Reporting
IR-7 Incident Response Assistance
IR-8 Incident Response Plan
IR-9 Information Spillage Response
INCIDENT RESPONSE FAMILY
Collaboration
Index Value
38. Maintenance
• 7 main
• 23 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
MA-1 Policy and Procedures
MA-2 Controlled Maintenance
MA-3 Maintenance Tools
MA-4 Nonlocal Maintenance
MA-5 Maintenance Personnel
MA-6 Timely Maintenance
MA-7 Field Maintenance
MAINTENANCE FAMILY
Collaboration
Index Value
39. Media protection
• 8 main
• 22 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
MP-1 Policy and Procedures
MP-2 Media Access
MP-3 Media Marking
MP-4 Media Storage
MP-5 Media Transport
MP-6 Media Sanitization
MP-7 Media Use
MP-8 Media Downgrading
MEDIA PROTECTION FAMILY
Collaboration
Index Value
40. Physical protection
• 23 main
• 36 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
PE-1 Policy and Procedures
PE-2 Physical Access Authorizations
PE-3 Physical Access Control
PE-4 Access Control for Transmission
PE-5 Access Control for Output Devices
PE-6 Monitoring Physical Access
PE-7 Visitor Control
PE-8 Visitor Access Records
PE-9 Power Equipment and Cabling
PE-10 Emergency Shutoff
PE-11 Emergency Power
PE-12 Emergency Lighting
PE-13 Fire Protection
PE-14 Environmental Controls
PE-15 Water Damage Protection
PE-16 Delivery and Removal
PE-17 Alternate Work Site
PE-18 Location of System Components
PE-19 Information Leakage
PE-20 Asset Monitoring and Tracking
PE-21 Electromagnetic Pulse Protection
PE-22 Component Marking
PE-23 Facility Location
PHYSICAL AND ENVIRONMENTAL PROTECTION FAMILY
Collaboration
Index Value
41. Planning (& policies)
• 11 main
• 6 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
PL-1 Policy and Procedures
PL-2 System Security and Privacy Plans
PL-3 System Security Plan Update
PL-4 Rules of Behavior
PL-5 Privacy Impact Assessment
PL-6 Security-Related Activity Planning
PL-7 Concept of Operations
PL-8 Security and Privacy Architectures
PL-9 Central Management
PL-10 Baseline Selection
PL-11 Baseline Tailoring
PLANNING FAMILY
Collaboration
Index Value
42. Program management
• 32 main
• 5 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
PM-1 Information Security Program Plan
PM-2 Information Security Program Leadership Role
PM-3 Information Security and Privacy Resources
PM-4 Plan of Action and Milestones Process
PM-5 System Inventory
PM-6 Measures of Performance
PM-7 Enterprise Architecture
PM-8 Critical Infrastructure Plan
PM-9 Risk Management Strategy
PM-10 Authorization Process
PM-11 Mission and Business Process Definition
PM-12 Insider Threat Program
PM-13 Security and Privacy Workforce
PM-14 Testing, Training, and Monitoring
PM-15 Security and Privacy Groups and Associations
PM-16 Threat Awareness Program
PM-17 Protecting Controlled Unclassified Information on External Systems
PM-18 Privacy Program Plan
PM-19 Privacy Program Leadership Role
PM-20 Dissemination of Privacy Program Information
PM-21 Accounting of Disclosures
PM-22 Personally Identifiable Information Quality Management
PM-23 Data Governance Body
PM-24 Data Integrity Board
PM-25
Minimization of Personally Identifiable Information Used in
Testing, Training, and Research
PM-26 Complaint Management
PM-27 Privacy Reporting
PM-28 Risk Framing
PM-29 Risk Management Program Leadership Roles
PM-30 Supply Chain Risk Management Strategy
PM-31 Continuous Monitoring Strategy
PM-32 Purposing
PROGRAM MANAGEMENT FAMILY
Collaboration
Index Value
43. Personnel
• 9 main
• 9 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
PS-1 Policy and Procedures
PS-2 Position Risk Designation
PS-3 Personnel Screening
PS-4 Personnel Termination
PS-5 Personnel Transfer
PS-6 Access Agreements
PS-7 External Personnel Security
PS-8 Personnel Sanctions
PS-9 Position Descriptions
PERSONNEL SECURITY FAMILY
Collaboration
Index Value
44. PII
• 8 main
• 13 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
PT-1 Policy and Procedures
PT-2 Authority to Process Personally Identifiable Information
PT-3 Personally Identifiable Information Processing Purposes
PT-4 Consent
PT-5 Privacy Notice
PT-6 System of Records Notice
PT-7 Specific Categories of Personally Identifiable Information
PT-8 Computer Matching Requirements
PERSONALLY IDENTIFIABLE INFORMATION PROCESSING AND TRANSPARENCY FAMILY
Collaboration
Index Value
45. Risk assessment
• 10 main
• 16 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
RA-1 Policy and Procedures
RA-2 Security Categorization
RA-3 Risk Assessment
RA-4 Risk Assessment Update
RA-5 Vulnerability Monitoring and Scanning
RA-6 Technical Surveillance Countermeasures Survey
RA-7 Risk Response
RA-8 Privacy Impact Assessments
RA-9 Criticality Analysis
RA-10 Threat Hunting
RISK ASSESSMENT FAMILY
Collaboration
Index Value
46. System & services acquisition
• 23 main
• 122 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
SA-1 Policy and Procedures
SA-2 Allocation of Resources
SA-3 System Development Life Cycle
SA-4 Acquisition Process
SA-5 System Documentation
SA-6 Software Usage Restrictions
SA-7 User-Installed Software
SA-8 Security and Privacy Engineering Principles
SA-9 External System Services
SA-10 Developer Configuration Management
SA-11 Developer Testing and Evaluation
SA-12 Supply Chain Protection
SA-13 Trustworthiness
SA-14 Criticality Analysis
SA-15 Development Process, Standards, and Tools
SA-16 Developer-Provided Training
SA-17 Developer Security and Privacy Architecture and Design
SA-18 Tamper Resistance and Detection
SA-19 Component Authenticity
SA-20 Customized Development of Critical Components
SA-21 Developer Screening
SA-22 Unsupported System Components
SA-23 Specialization
SYSTEM AND SERVICES ACQUISITION FAMILY
Collaboration
Index Value
47. System & communication protection (SC)
• 51 main
• 111 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
SC-1 Policy and Procedures
SC-2 Separation of System and User Functionality
SC-3 Security Function Isolation
SC-4 Information in Shared System Resources
SC-5 Denial-of-Service Protection
SC-6 Resource Availability
SC-7 Boundary Protection
SC-8 Transmission Confidentiality and Integrity
SC-9 Transmission Confidentiality
SC-10 Network Disconnect
SC-11 Trusted Path
SC-12 Cryptographic Key Establishment and Management
SC-13 Cryptographic Protection
SC-14 Public Access Protections
SC-15 Collaborative Computing Devices and Applications
SC-16 Transmission of Security and Privacy Attributes
SC-17 Public Key Infrastructure Certificates
SC-18 Mobile Code
SC-19 Voice over Internet Protocol
SC-20 Secure Name/Address Resolution Service (Authoritative Source)
SC-21
Secure Name/Address Resolution Service (Recursive or Caching
Resolver)
SC-22 Architecture and Provisioning for Name/Address Resolution Service
SC-23 Session Authenticity
SC-24 Fail in Known State
SC-25 Thin Nodes
SC-26 Decoys
SC-27 Platform-Independent Applications
SC-28 Protection of Information at Rest
SC-29 Heterogeneity
SC-30 Concealment and Misdirection
SC-31 Covert Channel Analysis
SC-32 System Partitioning
SC-33 Transmission Preparation Integrity
SC-34 Non-Modifiable Executable Programs
SC-35 External Malicious Code Identification
SC-36 Distributed Processing and Storage
SC-37 Out-of-Band Channels
SC-38 Operations Security
SC-39 Process Isolation
SC-40 Wireless Link Protection
SC-41 Port and I/O Device Access
SC-42 Sensor Capability and Data
SC-43 Usage Restrictions
SC-44 Detonation Chambers
SC-45 System Time Synchronization
SC-46 Cross Domain Policy Enforcement
SC-47 Alternate Communications Paths
SC-48 Sensor Relocation
SC-49 Hardware-Enforced Separation and Policy Enforcement
SC-50 Software-Enforced Separation and Policy Enforcement
SC-51 Hardware-Based Protection
SYSTEM AND COMMUNICATIONS PROTECTION FAMILY
Collaboration
Index Value
48. System & info integrity
• 23 main
• 95 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
SI-1 Policy and Procedures
SI-2 Flaw Remediation
SI-3 Malicious Code Protection
SI-4 System Monitoring
SI-5 Security Alerts, Advisories, and Directives
SI-6 Security and Privacy Function Verification
SI-7 Software, Firmware, and Information Integrity
SI-8 Spam Protection
SI-9 Information Input Restrictions
SI-10 Information Input Validation
SI-11 Error Handling
SI-12 Information Management and Retention
SI-13 Predictable Failure Prevention
SI-14 Non-Persistence
SI-15 Information Output Filtering
SI-16 Memory Protection
SI-17 Fail-Safe Procedures
SI-18 Personally Identifiable Information Quality Operations
SI-19 De-Identification
SI-20 Tainting
SI-21 Information Refresh
SI-22 Information Diversity
SI-23 Information Fragmentation
SYSTEM AND INFORMATION INTEGRITY FAMILY
Collaboration
Index Value
49. Supply chain
• 12 main
• 15 sub
NIST SP800-53 rev.5
Control Control Name
Number Control Enhancement Name
SR-1 Policy and Procedures
SR-2 Supply Chain Risk Management Plan
SR-3 Supply Chain Controls and Processes
SR-4 Provenance
SR-5 Acquisition Strategies, Tools, and Methods
SR-6 Supplier Assessments and Reviews
SR-7 Supply Chain Operations Security
SR-8 Notification Agreements
SR-9 Tamper Resistance and Detection
SR-10 Inspection of Systems or Components
SR-11 Component Authenticity
SR-12 Component Disposal
SUPPLY CHAIN RISK MANAGEMENT FAMILY
Collaboration
Index Value
51. The essentials
• ISMS
• high level approach
• Part 1 = clauses (Management responsibilities)
• Part 2 = operational security measures (ref ISO27002)
• ISO27002
• Advisory & suggestions on ISMS (& PIMS)
• PIMS
• Turns “information security”
• Into “information security & data protection (PII)”
• Add-on to ISO27001, ISO27002 & ISO29100
• NIST
• Highly detailed on all categories
ISMS, PIMS & NIST
52. Attention points
• ISMS
• No practical advise, or implementation guidance
• Lots of freedom & choice
• 114 control points / measures
• You can plug in any technical / implementation framework to achieve
ISO27001
• International level
• NIST
• US level
• Extremely detailed, very extended
• Well organized, super practical guidance & reference
ISMS, PIMS & NIST
53. And also
• ISO
• Limited set publicly Available Standards: http://ffwd2.me/FreeISO
• Subscription/License model
• NIST
• Free
ISMS, PIMS & NIST
57. NIST
• NIST does not offer certification and accreditation methods to
certify information security management systems
• No equivalent process to ISO
Certification
58. NIST Alternatives
• assessment and authorization (A&A) process that is part of the NIST
Risk Management Framework (RMF)
• As part of control assessment, the organization selects the appropriate
assessor or assessment team
• Fully described in NIST SP800-37, Rev.2
[https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final].
• Guidance for assessing
• Controls: NIST SP 800-53A,
• Risk: NIST SP 800-30
• Infosec Continuous monitoring: NIST SP 800-137A
Certification
60. Relevant Training
PIMS
• PECB ISO 27701 Foundation
• PECB ISO 27701 LI
• PECB ISO 27701 LA
Information Security
• PECB ISO 27001 LI
• PECB ISO 27001 LA
• PECB ISO 27002 LM
63. Check the PECB agenda, select the ISO/IEC 27701 Lead
Implementer
https://pecb.com/en/partnerEvent/event_schedule_list
Training Events
For full detailed information about an event click on the ‘View’ button on the right hand
side under ‘View full details’.
Note: Before applying for any training courses listed below, please make sure you are
registered to PECB
Training Agenda
66. Relevant Training
PECB ISO 27701 Foundation
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27701/iso-iec-27701-foundation
PECB ISO 27701 Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27701/iso-iec-27701-lead-implementer
PECB ISO 27701 Lead Auditor
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27701/iso-iec-27701-lead-auditor
67. Relevant Training
PECB ISO 27001
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001
Lead Implementer
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27001/iso-iec-27001-lead-implementer
Lead Auditor
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27001/iso-iec-27001-lead-auditor
68. Relevant Training
PECB ISO 27002
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002
Lead Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-
27002/iso-iec-27002-lead-manager
71. Relevant Training
PECB ISO27035 - Incident Management
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035
Lead Incident Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035
/iso-iec-27035-lead-incident-manager
72. Relevant Training
PECB ISO27005 - Risk Management
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005
Lead Risk Manager
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005
/iso-27005-lead-risk-manager
73. ISO/IEC 27701
Training Courses
• ISO/IEC 27701 Foundation
2 Day Course
• ISO/IEC 27701 Lead Implementer
5Days Course
Exam and certification fees are included in the training price.
https://pecb.com/en/education-and-certification-for-individuals/iso-
27701
www.pecb.com/events