ISO 27001 Foundations Part 3: Annex A Overview

Tuesday, February 22, 2011

Dejan Kosutic


ISO 27001 Foundations Part 3: Annex A Overview

Why is Annex A important for ISO 27001?

Annex A provides a catalogue of 133 security measures (controls) for decreasing risks. However, these are not only IT-related, but also include controls for human resources management, for physical security, legal protection, controls related to external parties etc.

Most of the risks cannot be managed by using only one type of control – this is why it is crucial to take into account all the types of controls when implementing your Information Security Management System.

Therefore, knowing what controls Annex A offers, how they can be used, and how the documentation is to be structured is very important both when carrying out risk treatment, and when planning to implement the controls.

Register for this webinar to learn:

  • Which are the 133 controls in 11 sections
  • Relationship between ISO 27001 and ISO 27002
  • Relationship between the risk assessment & risk treatment process, Statement of Applicability, Risk Treatment Plan and Annex A
  • Which documents are mandatory and which are not
  • How to structure the documentation for Annex A controls
  • In what sequence to implement documentation for Annex A

This live online training includes the following workshops:

  • Filling in the Risk Treatment Plan (2 workshops)
  • Understanding the requirements of ISO 27001

Upcoming Dates/Times:

Tuesday - February 22, 2011    

10:00 AM London time   

11:00 AM Brussels time   

3:30 PM (15:30) Mumbai time  

7:00 PM (19:00) Tokyo time  

Monday - March 7, 2011

10:00 AM Los Angeles time 

1:00 PM (13:00) New York time   

6:00 PM (18:00) London time   

7:00 PM (19:00) Brussels time

Duration: 2.5 hours                     (including 15 minute break)


Tuition: $189 per attendee
What You Receive

  • Training delivered by Dejan Kosutic, one of the leading experts for ISO 27001 / BS 25999-2
  • 3 workshops
  • Download of presentation deck and workshop materials
  • Access to webinar recording
  • Template of document Risk Treatment Plan ($19.90 value)
  • 30 days access to E-learning tutorials ($69.00 value)
  • 30 minutes of private consultation with Dejan Kosutic
  • Certification & credits: Attendees will receive a Certificate of Completion with 2.5 hours of CPE credits

All of the above is included in the webinar price.

Target Audience

Professionals with little or moderate experience in ISO 27001, including:

  • Chief Security Officers (CSOs)
  • Chief Information Security Officers (CISOs)
  • Chief Information Officers (CIOs)
  • Risk managers
  • Compliance managers
  • ISO 27001/information security consultants
  • ISO 27001/IT auditors
  • Members of top management responsible for information security
  • All information security practitioners

About the training

This highly interactive live online training (via webinar) is designed to enable you to walk away with important skills for executing the planning phase of ISO 27001 in your organization. It contains 3 workshops where filling in the real ISMS documents is exercised. This moderately priced course offers compelling content, downloadable materials and live engagement with an expert consultant with whom you can discuss how to resolve your specific implementation issues. The course includes documentation templates, access to E-learning tutorials and private time with the trainer for consultation on specific issues. You will experience the training right from your desk, eliminating travel costs and minimizing lost time away from your office.

Competencies and prerequisites

The participants must have their own copy of ISO/IEC 27001 standard in English (not included in price), a broadband Internet connection, and computer with a headset or loudspeakers and microphone (in some countries access through telephone line is also available – in such case headset/loudspeakers/microphone are not required). Prior general knowledge of information security is recommended.

In order to receive the Certificate of Completion, the attendees must read E-learning tutorials (as pre-course work), attend the training throughout its duration, and participate in workshops.

Trainer: Dejan Kosutic is the author of documentation toolkits and E-learning tutorials at Information Security & Business Continuity Academy. He has long working experience both as tutor and as a consultant – he is Approved Tutor for ISMS Lead Auditor courses at SGS, and delivers various ISO 27001 and BS 25999-2 in-person courses throughout Europe, as well as online courses via webinars. In his consulting career, he works with clients from the financial sector, government, and small and medium sized businesses including IT companies.

He has an MBA from Henley Management College, and is the holder of the following certificates: Certified Management Consultant, ISO/IEC 27001 Lead Auditor, Associate Business Continuity Professional, and ISO 9001 Lead Auditor.


Complete Webinar Schedule:

February 23 - ISO 27001 Lead Auditor Course Preparation Training

February 23 - BS 25999-2 Foundations Part 1: Business Impact Analysis

March 7 - ISO 27001 Foundations Part 3: Annex A Overview

FREE WEBINAR - February 23 - ISO 27001: An Overview of ISMS Implementation Process

February 24, March 9 - BS 25999-2 Foundations Part 2: Business Continuity Strategy

March 8, March 21 - Risk Management Part 1: Risk Assessment Methodology and Risk Assessment Process

FREE WEBINAR - March 9 - BS 25999-2: An Overview of BCM Implementation Process

March 9, March 22 - How to Become ISO 27001 / BS 25999-2 Consultant

March 10, March 23 - BS 25999-2 Foundations Part 3: Business Continuity Planning

March 22, April 4 - Risk Management Part 2: Risk Treatment Process, Statement of Applicability and Risk Treatment Plan

FREE WEBINAR - March 23 - ISO 27001 Implementation: How to Make It Easier Using ISO 9001

March 23, April 6 - ISO 27001 / BS 25999-2 Management Responsibilities: What Does Management Need to Know?

March 24, April 18 - How to Write Four Mandatory Procedures for ISO 27001 and BS 25999-2

April 5, April 19 - ISO 27001 A.6 & A.8: Organization of Information Security; External Parties; Raising Awareness, Training and HR Management

April 5, April 20 - ISO 27001 and ISO 27004: How to Measure the Effectiveness of Information Security?

FREE WEBINAR - April 6 - ISO 27001/BS 25999-2: The Certification Process

April 6, April 19 - ISO 27001 A.7: Asset Management and Classification

Possibly Related Articles:
Compliance Training ISO 27001 Webinar Annex A
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.