Information is an ASSET that, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected. An ISMS is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security.

ISO 27001 is the internationally recognized best practice framework for an Information Security Management System (ISMS). ISO/IEC 27001 is the only audit able international standard that defines the requirements for an Information Security Management System (ISMS).

The training explains how implementing a security program based on the framework can help organizations mitigate security risk and consider the appropriate level of rigor for their cybersecurity program. It explains to employees how their organization can move from their current state to their target state with the ability to identify gaps and prioritize gaps based on risk assessment. The course includes a security framework knowledge test as users progress through the training.