ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection
ISO/IEC 27001:2022 is an internationally recognized standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). This standard helps organizations protect their information assets from risks such as cyberattacks, data breaches, and other security threats, while ensuring confidentiality, integrity, and availability of data.
Aim of ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection
Provide a systematic framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) that protects the confidentiality, integrity, and availability of information assets while addressing cybersecurity threats and privacy risks.
Course Overview
ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection
Total Modules 6
Training Credits 18
Directed Learning Hours (DLH) 90
Course Code BUK1934
- Any organization of any size, industry, or location can implement ISO/IEC 27001 and seek certification.
- Organizations handling sensitive, confidential, or critical information that needs protection.
- Companies wanting to demonstrate commitment to information security, cybersecurity, and privacy.
- Suitable for private companies, public sector bodies, non-profits, and other entities.
| Course Code | Curriculum Title | Credit | DLH |
|---|---|---|---|
| BUK1934-1 | Context of the Organization | 3 | 15 |
| BUK1934-2 | Leadership | 3 | 15 |
| BUK1934-3 | Planning | 3 | 15 |
| BUK1934-4 | Operation | 3 | 15 |
| BUK1934-5 | Performance Evaluation | 3 | 15 |
| BUK1934-6 | Improvement | 3 | 15 |
Learning Objectives
- Context of the Organization
- Understand internal and external issues affecting information security
- Identify interested parties (stakeholders) and their requirements
- Define the scope of the ISMS
- Leadership
- Demonstrate leadership commitment and support
- Establish the Information Security Policy
- Assign roles, responsibilities, and authorities for ISMS
- Planning
- Identify information security risks and opportunities
- Define objectives and plans to achieve them
- Plan risk treatment actions and controls
- Support
- Provide necessary resources (people, infrastructure, technology)
- Ensure competence, awareness, and training
- Manage documented information and communication
- Operation
- Implement and control the ISMS processes
- Manage information security risk treatment plans
- Control outsourced processes and supplier relationships
- Performance Evaluation
- Monitor, measure, analyze, and evaluate ISMS performance
- Conduct internal audits
- Perform management reviews
- Improvement
- Address nonconformities and corrective actions
- Continuously improve the ISMS
- Private companies — startups, SMEs, large corporations
- Public sector organizations — government agencies, municipalities
- Non-profits and NGOs
- Educational institutions — schools, universities
- Healthcare providers — hospitals, clinics
- Financial institutions — banks, insurance companies
- IT and technology firms
- Manufacturing, retail, and service sectors
- Any organization that handles sensitive or critical information
- All Modules within this qualification are assessed internally by the approved training Centre and externally verified by BURRAQ UK. The program uses a criterion-referenced assessment approach to ensure that learners successfully meet all required learning outcomes.
- A Pass in any unit is granted only when the learner submits valid, reliable, and authentic evidence that demonstrates achievement of the assessment criteria. The Assessor is responsible for reviewing this evidence and confirming that the learner has attained the expected standard.