Explore
For Enterprise
Join for Free
Log In

Google Cloud & NYIF
New! Machine Learning for Trading Specialization
Learn to leverage machine learning to build trading models and optimize your trading portfolio today!
Institute for the Future
Learn how to spot opportunities for innovation and invention
Master essential foresight techniques with the new Futures Thinking Specialization.

Explorez l'intégralité de Coursera

Parcourir
Meilleurs cours
For Enterprise
Connexion
Inscrivez-vous gratuitement

The ISO27000 Family

Loading...

Information Security: Context and Introduction

Université de Londres

4.6 (719 évaluations) | 23K étudiants inscrits

S'inscrire gratuitement

In this course you will explore information security through some introductory material and gain an appreciation of the scope and context around the subject. This includes a brief introduction to cryptography, security management and network and computer security that allows you to begin the journey into the study of information security and develop your appreciation of some key information security concepts. The course concludes with a discussion around a simple model of the information security industry and explores skills, knowledge and roles so that you can determine and analyse potential career opportunities in this developing profession and consider how you may need to develop personally to attain your career goals. After completing the course you will have gained an awareness of key information security principles regarding information, confidentiality, integrity and availability. You will be able to explain some of the key aspects of information risk and security management, in addition, summarise some of the key aspects in computer and network security, including some appreciation of threats, attacks, exploits and vulnerabilities. You will also gain an awareness of some of the skills, knowledge and roles/careers opportunities within the information security industry.

Visualiser le programme de cours

Compétences que vous apprendrez

Cybersecurity, Cryptography, Information Security (INFOSEC), Security Management

Avis

4.6 (719 évaluations)

5 stars
494 ratings
4 stars
177 ratings
3 stars
38 ratings
2 stars
6 ratings
1 star
4 ratings

HJ

Sep 28, 2017

Really good introduction into the topic of Information Security. Step by step lectures and clear information to help get a good understanding of the topic

CW

Apr 06, 2018

Provides a basic knowledge of Information Security in general, and also understand each role (such as Digital Forensics, Penetration Testing, etc...)

À partir de la leçon

Security Management

The ISO27000 Family4:19

Security Policies2:45

Security Controls3:01

Enseigné par

Professor Peter Komisarczuk
Programme Director
Professor Keith M. Martin
Professor of Information Security
Dr Jorge Blasco Alis
Lecturer in Information Security

Essayer le cours pour Gratuit USD

Transcription

[MUSIC] The ISO.IEC 27000 series of standards is a series of information on Security Management Standards, jointly published by ISO and the IEC. ISO is the International Organization for Standardization, while IEC refers to the International Electrotechnical Commission. These standards dominate how information security management is done today. The series provides definitions of basic terminology. Descriptions on how to establish and operate an information security management system. Guidance on security controls and guidance on risk assessment and security audit. The ISO 27000 series also includes a range of cyber specific supplements that can be used to adapt security processes to specific sectors like cloud services or telecoms. The 27000 is constructed in five categories. The first category includes The 27000 standard. And it's basically terminology and definitions. The second category covers requirement standards and includes 27001, 27006 and 27009. The ISO 27001 sets down the requirements for an implementation of an information security management system. These requirements allow organizations to claim compliance against ISO 27001. As a result, this is the key standard in the whole 27000 series. The ISO 27006 establishes the requirements for bodies providing audit and certification of information security management systems. These requirements must be fulfilled by any organization willing to provide ISMS certification. The ISO 27009 explains how to include additional requirements for a specific sectors. The third category of standards included in the 27000 series are the Guidelines standards. These include 27002, 27003, 27004, 27005, 27007, 27013 and 27014. The 27002 provides a catalog of security controls and guidance on their use. This is the oldest member of the series and this a direct descendent of the BS7799. 27003 provides ISMS implementation guidance. 270004 provides guidance on how to measure the effectiveness of an ISMS and its controls. 27005 deals with risk management. And finally, 27007 is related towards a team. The fourth category for standards are Sector-Specific standards, these includes 27010, 11, 15, 17, 18 and 19. These standards are applicable to specific sectors, like telecommunications, financial services, cloud services, and personally identifiable information processors. Finally, the last category includes the control specific guideline standards. These provide a more detailed set of guidelines for guiding security controls mentioned across the rest of the documents of the series. These include, among others, 27031, which describes guidelines to ensure business continuity, the 27032, which provides guidelines for cybersecurity, and the 27033 which describes network security concepts. The 27000 series of standards are developed by the ISO/IEC joint technical committee 1, subcommittee 27, hence the name of the series. As you may imagine, the information included in these standards must be updated frequently to reflect the new developments, and threats in business sectors. The members of subcommittee 27 meet twice a year in person to update and propose new documents to be added to the 27000 series. The 27000 series is a set of information security standards that establishes a set of requirements, recommendations and guidelines to implement information security. The ISO 27001 is the most important standard of the series. Organizations can request to be certified against this standard. When an organization obtains a 27001 certification, it means that a third party has verified that the organization implements an information security management system that will fill all the requirements of the 27001 standard. [MUSIC]

Explorer notre catalogue

Rejoignez-nous gratuitement et obtenez des recommendations, des mises à jour et des offres personnalisées.

Coursera propose un accès universel à la meilleure formation au monde, en partenariat avec des universités et des organisations du plus haut niveau, pour proposer des cours en ligne.

© 2020 Coursera Inc. Tous droits réservés.

Disponible sur Google Play

Coursera
À propos
Direction
Carrières
Catalogue
Certificats
Certificats MasterTrack™
Diplômes
For Enterprise
For Government
Pour le campus

Communauté
Learners
Partners
Developers
Beta Testers
Translators

Se connecter
Blog
Facebook
LinkedIn
Twitter
Instagram
YouTube
Blog Tech

Plus
Conditions
Confidentialité
Aide
Accessibilité
Presse
Contact
Répertoire
Filiales