In this course, you’re going to learn about Communication Security Management. This is Annex 13 of ISO 27001:2013. It is divided into two sections Network Security and Information Transfer. This is a theoretical course in which we will discuss the control objectives and general requirements of these two areas, as well as implementation guidelines. The style of lectures is a presentation with a voiceover
In network security, we’ll discuss things like network services security, segregation in networks, methods of attack, and more. The goal of network security is to protect the areas of the organization where information flows and is stored or process. The organization has to identify these areas, understand what the risks associated with each of them are, and implement controls in order to reduce or eliminate the risks.
Information transfer is concerned with the transfer of information. In this section, we discuss information agreements, electronic messaging, and NDAs. The organization should have appropriate procedures, policies, and documented information in place to maintain the security of information while it is being handled by various parties. These guidelines can be legally enforceable and are a useful tool, especially when dealing with external parties.
Also, electronic messaging plays an important role in sharing information across an organization and is vulnerable to attacks and being mishandled. Therefore, it’s important to create procedures and policies that guide and direct people with regards to what channels of communication to use and how to protect data while doing so.
You’ll learn about all this and more in this course.
What you’ll learn
- Annex 13 Communication Security Overview
- Understand the need for Network Security
- Understand Segregation of Network Services
- Familiarize yourself with common Network Attacks
- Understand different Control Types
- Understand what a defensive strategy may comprise of
- Understand the security of Information Transfer
- Understand policies and procedures related to electronic messgeing
- Understand the need for Agreements of Information Transfer & Confidentiality and NDA Agreements
- Basic understanding of ISO 27001:2013
Who this course is for:
- This course is about ISO 27001:2013, Annex 13. It’s for people who have an overview of the ISO and would like more knowledge on this specific area.