+44 2034320618

contact_us@cognicert.com

Enquire
Courses

ISO 27100 Lead Auditor

📚 Course Overview:

This ISO 27100 Lead Auditor course is designed to develop the knowledge, skills, and confidence required to audit and assess cybersecurity management systems based on the guidance provided in ISO/IEC TS 27100:2020. The training provides an overview of cybersecurity concepts, threat modeling, risk analysis, and practical auditing techniques tailored to cybersecurity governance.

Participants will gain an in-depth understanding of the structure and intent of ISO/IEC TS 27100 and how it interfaces with other standards such as ISO/IEC 27001, ISO/IEC 27005, and ISO/IEC 27032. Emphasis is placed on performing first-party, second-party, and third-party audits in accordance with ISO 19011 and ISO/IEC 17021-1 principles.

🎯 Course Objectives:

By the end of the course, participants will be able to:

  • Understand the key concepts and framework of ISO/IEC TS 27100:2020
  • Assess the effectiveness of cybersecurity governance in an organization
  • Plan, conduct, report, and follow up on cybersecurity audits
  • Evaluate an organization’s response to threats and vulnerabilities
  • Demonstrate compliance with ISO/IEC TS 27100 in the context of ISO 27001 audits
  • Lead an audit team using ISO 19011 audit techniques

🎯 Target Audience:

This course is ideal for:

  • Cybersecurity professionals and risk managers
  • Information Security Managers (ISMs)
  • Lead Auditors or Internal Auditors
  • IT/IS Consultants
  • Professionals involved in GRC (Governance, Risk, and Compliance)
  • Those seeking to qualify as ISO/IEC TS 27100 Lead Auditors

📖 Reference Standards:

  • ISO/IEC TS 27100:2020 – Cybersecurity – Overview and Concepts
  • ISO/IEC 27001:2022 – Information Security Management
  • ISO/IEC 27032:2012 – Cybersecurity Guidelines
  • ISO/IEC 27005:2022 – Information Security Risk Management
  • ISO 19011:2018 – Guidelines for Auditing
  • ISO/IEC 17021-1:2015 – Conformity Assessment Requirements for Auditing Bodies

🧠 Expected Outcomes:

After successful completion, participants will:

  • Understand cybersecurity fundamentals, including threat types and actors
  • Conduct effective audits of cybersecurity controls and governance
  • Evaluate compliance with ISO/IEC TS 27100 concepts
  • Lead an audit team and manage audit programs
  • Receive a Lead Auditor Certificate (exam-based)

Course Structure:

📅 Day 1 – Introduction to Cybersecurity & ISO/IEC TS 27100

  • Cybersecurity scope and principles
  • Introduction to ISO/IEC TS 27100:2020
  • Relationship to ISO/IEC 27001 and other frameworks
  • Cybersecurity domains and terminology
  • Threat actors, attack vectors, and vulnerabilities
  • Cybersecurity lifecycle and control categories

Activities:

  • Case study review of recent cyber incidents
  • Group exercise: Identify gaps in cyber coverage

📅 Day 2 – Cybersecurity Risk & Governance Frameworks

  • Risk management in cybersecurity (ISO/IEC 27005 approach)
  • Cyber governance vs. IT governance
  • Regulatory & legal landscape overview (NIS, GDPR, etc.)
  • Integrating TS 27100 into ISMS (ISO 27001)
  • Maturity models and cybersecurity capability assessments

Activities:

  • Risk identification and mitigation workshop
  • Interactive group discussion: Applying 27100 in different sectors

📅 Day 3 – Audit Process, Planning & Execution

  • Overview of ISO 19011 auditing guidelines
  • Audit planning: scope, objectives, and team roles
  • Document review and audit checklist development
  • Conducting opening meetings and interviews
  • Evidence collection, audit techniques (sampling, triangulation)
  • Managing audit findings and nonconformities

Activities:

  • Role-play simulation: Audit interviews and observations
  • Workshop: Drafting audit plan and checklist

📅 Day 4 – Audit Reporting, Nonconformities & Exam

  • Audit reporting: structure and key content
  • Follow-up and corrective action verification
  • Presenting findings professionally
  • Auditor code of ethics and behavior
  • Final written Lead Auditor Examination
  • Course wrap-up and Q&A

Activities:

  • Final practical audit simulation (team-based)
  • Multiple-choice and scenario-based certification exam

📅 Day 5 –Examination

  • Final course review
  • Final exam: multiple-choice and scenario-based questions

🧪 Training Methodologies:

  • Interactive lectures with real-world examples
  • Workshops and breakout sessions
  • Case studies based on real cyber incidents
  • Mock audits and team simulations
  • Quizzes & review sessions for exam readiness
  • Final day proctored exam and certification

Duration: 5 Days

Delivery Options: 

Frequently Asked Questions: https://cognicert.com/faqs/

 Enquire Now

Enquire

Enquire Now

Tell us what you need and our business development team will follow up.

More Posts

Continue Reading

Course Registration Form
Uncategorized

Course Registration Form

Please complete the form below to reserve you seat. We would send you a payment link or details after reviewing your application for eligibility.