top of page

Master the art of information security with Kris Hermans' definitive guide to the ISO27001 standard.


ISO27001, the international standard for information security management systems, is an essential tool for organizations aiming to mitigate information security risks. In "Mastering ISO27001", Kris Hermans, a leading expert in cybersecurity and resilience, provides a comprehensive guide to understanding, implementing, and auditing this crucial standard.

Mastering ISO 27001

  • 1. Introduction

    • Understanding ISO 27001
    • The Importance of Information Security

    2. ISO 27001: The Essentials

    • Key Principles
    • Information Security Management System (ISMS)
    • The PDCA Model

    3. Starting Your ISO 27001 Journey

    • Assessing Your Current Situation
    • Building an ISO 27001 Implementation Team
    • Developing an Implementation Roadmap

    4. Scope and Context of the ISMS

    • Defining the Scope
    • Understanding the Organizational Context
    • Identifying Interested Parties and Their Requirements

    5. Information Security Policy

    • Developing an Information Security Policy
    • Roles and Responsibilities
    • Policy Review and Maintenance

    6. Risk Assessment and Treatment

    • Risk Assessment Methodology
    • Identifying Risks
    • Risk Analysis and Evaluation
    • Risk Treatment Options
    • Risk Treatment Plan

    7. Statement of Applicability (SoA)

    • Understanding the SoA
    • Selecting and Justifying Controls
    • Documenting the SoA

    8. Implementing the ISO 27001 Controls

    • Overview of ISO 27001 Control Domains
    • Implementing Controls Based on Risk Assessment
    • Integrating Controls with Existing Processes

    9. Human Resources and Training

    • Security Awareness and Training Programs
    • Roles and Responsibilities
    • Managing Employee Lifecycle Security

    10. Incident Management and Business Continuity

    • Creating an Incident Response Plan
    • Incident Reporting and Escalation
    • Business Continuity Planning

    11. Legal, Regulatory, and Contractual Requirements

    • Identifying Applicable Requirements
    • Managing Compliance Obligations
    • Integrating Legal Requirements into the ISMS

    12. Monitoring and Measurement

    • Establishing Monitoring and Measurement Criteria
    • Internal Audits
    • Management Reviews

    13. Continuous Improvement

    • Identifying Opportunities for Improvement
    • Corrective and Preventive Actions
    • Updating the ISMS

    14. Certification and Accreditation

    • Selecting a Certification Body
    • Preparing for the Audit
    • Maintaining Certification

    15. Tools and Resources for ISO 27001 Implementation

    • ISMS Software Solutions
    • External ISO 27001 Consultants and Services
    • ISO 27001 Templates and Checklists

    16. Conclusion

    • Building a Security Culture
    • Beyond ISO 27001: Other Security Standards and Frameworks
    • The Future of Information Security

    17. Annex: Complete list of all ISO270001 Categories and Controls
    18. About the Author

bottom of page