ISO 27002 Lead Auditor Training

The ISO 27002 Lead Auditor Course provides in-depth training on auditing information security controls aligned with ISO 27002. It equips learners with the skills to evaluate control effectiveness, manage audit teams, and ensure compliance within an ISO 27001-based Information Security Management System. 

Key Topics Covered 

• Overview of ISO 27002: Structure and control categories 

• Audit Planning and Preparation: Objectives, scope, and resources 

• Conducting Control-Based Audits: Interviews, sampling, and observations 

• Audit Reporting: Documenting findings and corrective actions 

• Auditor Ethics and Competence: Roles, responsibilities, and communication 

Course Benefits 

• Globally Recognised Qualification: Validates advanced audit competence 

• Career Advancement: Ideal for Lead Auditors, Consultants, and Security Managers 

• Real-World Focus: Includes control evaluation exercises and audit simulations 

• Cross-Framework Integration: Supports audits across ISO 27001 and related standards

The ISO 27002 Lead Auditor Course is meticulously designed to provide participants with the skills and knowledge to conduct comprehensive external audits on Information Security Management Systems based on the ISO 27002 Standard. The following professionals would especially benefit from attending this course: 

• Information Security Professionals 

• IT and Security Managers 

• Compliance and Governance Officers 

• Risk Managers 

• Internal Auditors 

• Consultants 

• Third-party Auditors 

• Quality Managers 

Module 1: Introduction to ISO 27002

• What is Information Security?
• Why is Information Security Needed?
• How to Establish Security Requirements
• Assessing Security Risks
• Selecting Controls
• Information Security Starting Point
• Critical Success Factors
• Lifecycle Considerations
• Difference between the ISO 27001 and 27002
• Relation between the ISO 27001 and 27002

Module 2: Scope, Terms and Definitions

• Scope
• Terms and Definitions

Module 3: Structure of ISO 27002 Standard

• Clauses
• Security Categories
• Control
• Implementation Guidance
• Other Information

Module 4: Risk Assessment and Treatment

• Assessing Security Risks
• Treating Security Risks

Module 5: Audit Plan and Process

• Audit Plan
• Preparing for an Audit
• Audit Process
• Planning
• Notification
• Opening Meeting
• Fieldwork
• Report Drafting
• Management Response
• Closing Meeting
• Final Audit Report Distribution
• Follow-Up

Module 6: Internal Auditor

• Understanding an Internal Auditor (IA)
• Internal Auditing Process
• Requirements for Internal Auditors
• Internal Auditor Vs External Auditor
• Benefits of an Internal Auditor (IA) 

Module 7: ISMS Audit

• Introduction
• Principles
• Audit Management
• Auditing Process
• Competence and Evaluation of Auditors 

Module 8: Cybersecurity Auditing

• What is Cybersecurity Audit?
• How It Helps Organisation?
• Cybersecurity and the Role of Internal Audit
• Cyber Risk and Internal Audit
• Third Line of Defence
• Cybersecurity Assessment Framework

Module 9: Information Security Audit

• What is IT Security Audit?
• Benefits
• Types
• Approach Based
• Methodology Based
• Importance
• How to Conduct an IT Security Audit?
• Roles and Responsibilities of Information Security Auditor
• Basic Duties List
• Roles and Responsibilities on the Job

Module 10: Information Security in Project Management

• Project Management
• Attributes Table
• Purpose of Control 5.8
• Meet Requirements
• Differences Between ISO 27002:2013 and ISO 27002:2022

Module 11: Components of Information Security

• Confidentiality
• Integrity
• Availability
• Authenticity
• Non-Repudiation 

Module 12: Information Security Risk Management (ISRM)

• Introduction
• Stages
• Identification
• Assessment
• Treatment
• Communication
• Rinse and Repeat
• Ownership
• Process Owners
• Risk Owners

Module 13: Control and Compliance

• Security Controls
• Importance of Compliance
• Legal Requirements for Information Security
• Information Technology Compliance
• Improved Security
• Minimised Losses
• Increased Control
• Maintained Trust
• Information Security Compliance Standards 

Module 14: Management Responsibilities

• Control 5.4 Management Responsibilities
• What is an Information Security Policy?
• Attributes Table
• Purpose of Control 5.4
• Implementation Guidelines 

Module 15: Competence and Evaluation of Auditors

• Auditor Competence
• Field
• Changes to ISO27 and Other Standards, Guidelines
• Legal and Regulatory Changes
• Business and Organisational Changes
• Technology Changes
• Demonstration of Auditor Competence 

Module 16: Lead Auditor

• What is Lead Auditor?
• Roles of Lead Auditor
• Planning Phase
• Audit Phase
• Audit Report 

Module 17: Conformity Assessment

• What is Conformity Assessment?
• Need of Conformity Assessment
• Conformity Assessment and Standards
• Types of Conformity Assessment

Module 18: Themes and Controls 

• Control Type
• Information Security Properties
• Cybersecurity Concepts
• Operational Capabilities
• Security Domains
• Control Layout

Module 19: Organisational Controls

• Policies for Information Security
• Information Security Roles and Responsibilities
• Segregation of Duties
• Management Responsibilities
• Contact with Authorities
• Contact with Special Interest Groups
• Threat Intelligence
• Information Security in Project Management
• Inventory of Information and Other Associated Assets
• Acceptable Use of Information and Other Associated Assets
• Return of Assets
• Classification of Information
• Labelling of Information
• Information Transfer
• Access Control
• Identity Management
• Authentication Information
• Access Rights
• Information Security in Supplier Relationships
• Addressing Information Security within Supplier Agreements
• Managing Information Security in the ICT Supply Chain
• Monitoring, Review, and Change Management of Supplier Services
• Information Security for Use of Cloud Services
• Information Security Incident Management Planning and Preparation
• Assessment and Decision on Information Security Events
• Response to Information Security Incidents
• Learning from Information Security Incidents
• Collection of Evidence
• Information Security During Disruption
• ICT Readiness for Business Continuity
• Legal, Statutory, Regulatory, and Contractual Requirements
• Intellectual Property Rights
• Protection of Records
• Privacy and Protection of PII
• Independent Review of Information Security
• Compliance with Policies, Rules, and Standards for Information Security
• Documented Operating Procedures 

Module 20: People Controls

• Screening
• Terms and Conditions of Employment
• Information Security Awareness, Education, and Training
• Disciplinary Process
• Responsibilities After Termination or Change of Employment
• Confidentiality or Non-Disclosure Agreements
• Remote Working
• Information Security Event Reporting 

Module 21: Physical Controls

• Physical Security Perimeters
• Physical Entry
• Securing Offices, Rooms, and Facilities
• Physical Security Monitoring
• Protecting Against Physical and Environmental Threats
• Working in Secure Areas
• Clear Desk and Clear Screen
• Equipment Siting and Protection
• Security of Assets Off-premises
• Storage Media
• Supporting Utilities
• Cabling Security
• Equipment Maintenance
• Secure Disposal or Re-use of Equipment

Module 22: Technological Controls

• User Endpoint Devices
• Privileged Access Rights
• Information Access Restriction
• Access to Source Code
• Secure Authentication
• Capacity Management
• Protection Against Malware
• Management of Technical Vulnerabilities
• Configuration Management
• Information Deletion
• Data Masking
• Information Deletion
• Data Masking
• Data Leakage Prevention
• Information Backup
• Redundancy of Information Processing Facilities
• Logging
• Monitoring Activities
• Clock Synchronisation
• Use of Privileged Utility Programmes
• Installation of Software on Operational Systems
• Networks Security
• Security of Network Services
• Segregation of Networks
• Web Filtering
• Use of Cryptography
• Secure Development Life Cycle
• Application Security Requirements
• Secure System Architecture and Engineering Principles
• Secure Coding
• Security Testing in Development and Acceptance
• Outsourced Development
• Separation of Development, Test, and Production Environments
• Change Management
• Test Information

By the end of the course, learners will be able to:

• Plan, execute, and manage ISO 27002 control audits
• Evaluate control effectiveness within an ISO 27001 ISMS
• Lead internal or external audit teams with confidence
• Prepare structured audit reports and follow-up actions
• Support continual improvement of information security controls

To achieve the ISO 27002 Lead Auditor Training, candidates will need to sit for an examination. The exam format is as follows:  

• Question Type: Multiple Choice  

• Total Questions: 30  

• Total Marks: 30 Marks  

• Pass Mark: 50%, or 15/30 Marks  

• Duration: 40 Minutes