Day#1 ISO 27001 Lead Auditor

Guidelines for organizations implementing and maintaining an information security management system

Requirements for establishing, implementing, maintaining, and improving an information security management system

Guidance for auditing an information security management system

ISO/IEC 27002

ISO/IEC 27003

ISO/IEC 27004

To enable organizations to protect certain intangible assets

To enable organizations to ensure that certain assets are regularly reviewed

To enable organizations to provide asset management reports for legal purposes

After conducting the stage 2 audit

After conducting the audit follow-up

After obtaining certification

A certification body certifies management systems, persons, processes, products, and services

A certification body is an authoritative, independent organization that verifies whether a conformity assessment body meets established criteria

A certification body can be a governmental or nongovernmental organization, with or without regulatory authority

Audit preparation

Confirmation of registration

Internal audit and management review

Auditors

Management system certification bodies

Auditees

Information security refers to the protection of information in any format, whereas cybersecurity refers to the protection of digital data in particular

Information security does not protect digital data, whereas cybersecurity protects digital data

Information security refers to the protection of digital data only, whereas cybersecurity protects information in any format, i.e., physical or digital

A threat that has the potential to harm the assets of the organization, such as information or systems

A vulnerability in the physical security system of the organization

A consequence due to incorrectly implemented data backup procedures

Confidentiality

Integrity

Availability