Explore
For Enterprise
Join for Free
Log In

Parcourir
Rechercher
For Enterprise
Connexion
Inscrivez-vous gratuitement

The ISO27000 Family

Loading...

Information Security: Context and Introduction

Université de Londres

4.6 (693 évaluations) | 22K étudiants inscrits

In this course you will explore information security through some introductory material and gain an appreciation of the scope and context around the subject. This includes a brief introduction to cryptography, security management and network and computer security that allows you to begin the journey into the study of information security and develop your appreciation of some key information security concepts. The course concludes with a discussion around a simple model of the information security industry and explores skills, knowledge and roles so that you can determine and analyse potential career opportunities in this developing profession and consider how you may need to develop personally to attain your career goals. After completing the course you will have gained an awareness of key information security principles regarding information, confidentiality, integrity and availability. You will be able to explain some of the key aspects of information risk and security management, in addition, summarise some of the key aspects in computer and network security, including some appreciation of threats, attacks, exploits and vulnerabilities. You will also gain an awareness of some of the skills, knowledge and roles/careers opportunities within the information security industry.

Visualiser le programme de cours

Compétences que vous apprendrez

Cybersecurity, Cryptography, Information Security (INFOSEC), Security Management

Avis

4.6 (693 évaluations)

5 stars
478 ratings
4 stars
168 ratings
3 stars
37 ratings
2 stars
6 ratings
1 star
4 ratings

HR

Sep 13, 2017

The course is well explained. Can follow without any prior knowledge. Can be considered as a strong foundation for Information Security field. Highly recommended.

HJ

Sep 28, 2017

Really good introduction into the topic of Information Security. Step by step lectures and clear information to help get a good understanding of the topic

À partir de la leçon

Security Management

The ISO27000 Family4:19

Security Policies2:45

Security Controls3:01

Enseigné par

Professor Peter Komisarczuk
Programme Director
Professor Keith M. Martin
Professor of Information Security
Dr Jorge Blasco Alis
Lecturer in Information Security

Transcription

[MUSIC] The ISO.IEC 27000 series of standards is a series of information on Security Management Standards, jointly published by ISO and the IEC. ISO is the International Organization for Standardization, while IEC refers to the International Electrotechnical Commission. These standards dominate how information security management is done today. The series provides definitions of basic terminology. Descriptions on how to establish and operate an information security management system. Guidance on security controls and guidance on risk assessment and security audit. The ISO 27000 series also includes a range of cyber specific supplements that can be used to adapt security processes to specific sectors like cloud services or telecoms. The 27000 is constructed in five categories. The first category includes The 27000 standard. And it's basically terminology and definitions. The second category covers requirement standards and includes 27001, 27006 and 27009. The ISO 27001 sets down the requirements for an implementation of an information security management system. These requirements allow organizations to claim compliance against ISO 27001. As a result, this is the key standard in the whole 27000 series. The ISO 27006 establishes the requirements for bodies providing audit and certification of information security management systems. These requirements must be fulfilled by any organization willing to provide ISMS certification. The ISO 27009 explains how to include additional requirements for a specific sectors. The third category of standards included in the 27000 series are the Guidelines standards. These include 27002, 27003, 27004, 27005, 27007, 27013 and 27014. The 27002 provides a catalog of security controls and guidance on their use. This is the oldest member of the series and this a direct descendent of the BS7799. 27003 provides ISMS implementation guidance. 270004 provides guidance on how to measure the effectiveness of an ISMS and its controls. 27005 deals with risk management. And finally, 27007 is related towards a team. The fourth category for standards are Sector-Specific standards, these includes 27010, 11, 15, 17, 18 and 19. These standards are applicable to specific sectors, like telecommunications, financial services, cloud services, and personally identifiable information processors. Finally, the last category includes the control specific guideline standards. These provide a more detailed set of guidelines for guiding security controls mentioned across the rest of the documents of the series. These include, among others, 27031, which describes guidelines to ensure business continuity, the 27032, which provides guidelines for cybersecurity, and the 27033 which describes network security concepts. The 27000 series of standards are developed by the ISO/IEC joint technical committee 1, subcommittee 27, hence the name of the series. As you may imagine, the information included in these standards must be updated frequently to reflect the new developments, and threats in business sectors. The members of subcommittee 27 meet twice a year in person to update and propose new documents to be added to the 27000 series. The 27000 series is a set of information security standards that establishes a set of requirements, recommendations and guidelines to implement information security. The ISO 27001 is the most important standard of the series. Organizations can request to be certified against this standard. When an organization obtains a 27001 certification, it means that a third party has verified that the organization implements an information security management system that will fill all the requirements of the 27001 standard. [MUSIC]

Explorer notre catalogue

Rejoignez-nous gratuitement et obtenez des recommendations, des mises à jour et des offres personnalisées.

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

© 2019 Coursera Inc. Tous droits réservés.

Disponible sur Google Play

Coursera
À propos
Direction
Carrières
Catalogue
Certificats
Certificats MasterTrack™
Diplômes
For Enterprise
For Government
Pour le campus

Communauté
Learners
Partners
Developers
Beta Testers
Translators

Se connecter
Blog
Facebook
LinkedIn
Twitter
Instagram
YouTube
Blog Tech

Plus
Conditions
Confidentialité
Aide
Accessibilité
Presse
Contact
Répertoire
Filiales