ISO 27001 defines how to organize information security in an organisation. It is safe to say that this standard is the foundation of information security management. ISO 27001 is for information security the same thing that ISO 9001 is for quality. It is a standard written by the world’s best experts in the field of information security and aims to provide a methodology for the implementation of information security in an organisation. It also enables an organisation to get certified, which means that an independent certification body has confirmed that information security has been implemented in the best possible way in the organisation. Given the importance of ISO 27001, many legislatures have taken this standard as a basis for drawing up different regulations in the field of personal data protection, protection of confidential information, protection of information systems, management of operational risks in financial institutions, etc. ISO 27001 prescribes how to manage information security through a system of information security management. Such a management system, just like ISO 9001 or ISO 14001, consists of four phases that should be continuously implemented in order to minimize risks to the confidentiality, integrity and availability of information. The phases are the following: ·The Plan Phase – This phase serves to plan the basic organisation of information security, set objectives for information security and choose the appropriate security controls (the standard contains a catalogue of 133 possible controls) ·The Do Phase – this phase includes carrying out everything that was planned during the previous phase ·The Check Phase – the purpose of this phase is to monitor the functioning of the ISMS through various “channels”, and check whether the results meet the set objectives ·The Act Phase – the purpose of this phase is to improve everything that was identified as non-compliant in the previous phase The cycle of these four phases never ends, and all the activities must be implemented cyclically in order to keep the ISMS effective. In this course on ISO 27001, we will be covering all the phases comprehensively. At the end of this course, a participant would actually start working on ISO 27001.