Quick Critique of the Mastermind ISO 27001 Course

I follow Cybersecurity Girl Caitlin Sarian who recommended this Mastermind Assurance course ISO/IEC 27001:2022 Lead Auditor.

Here is a quick overview of my thoughts on the course:

Positives:

-        Very quick! Only 5 modules.

-        The instructor, David Forman, is very experienced and knowledgeable.

-        The final exam is 75 questions and informs you whether your answer is right or wrong right after you submit your choice.

-        The final exam is not timed.

Suggestions for course improvement:

-        Google Certificate courses have a ‘thumbs up / thumbs’ down option and a comment link so that students can provide immediate feedback. After each presentation, I wanted to express certain critiques (I can’t help it, my QA background kicks in.)

Note: I didn’t document my critiques because I wanted to get through the course as fast as possible.

-        Documentation such as a transcript, and separating out key information would have been helpful. For example, many reference standards and guidelines were mentioned such as ISO 19011 and IAF MD4. Having a separate section that lists these important resources and where to find them for more information would have been useful.

I think overall this course is very informative and beneficial. If you have ever done / observed / been a part of audits, you may very well breeze through this course.

I took this course mainly for knowledge. Audits give insight into the cybersecurity requirements organizations should follow.

And now, the cons (for me):

Unfortunately, I found myself zoning out throughout the presentations. This is my personal problem as I cannot sit still during long meetings.

What works for me: seeing practical application.

Theory itself for me is not enough. I prefer seeing how things are applied. I found this video ISO27001:2022 Implementation: From Start to Finish with Case Study by Prabh Nair to be extremely informative.

I will be going through his ISO 27001 Series videos which includes titles such as “How to Conduct Gap Assessment in ISO 27001” and “How to Build an ISO 27001 SoA from Scratch – All You Need to Know.”

Two tips for passing the certification exam:

-        Pay attention to the other ISO and MD standards that are mentioned throughout the course. They will come up during the exam.

-        If you cannot remember all the clauses, get a copy of the ISO 27001 standards to use as a reference guide.

Overall, I found most of the questions on the exam were based on common sense and they were quite straightforward to answer.

In summary, this was a good course. However, if you want to do a deep dive into more practical application and knowledge, there are other sources.

 

Comments

Post a Comment

Popular posts from this blog

Resources, Tips, and Techniques that Helped Me Pass the CompTIA Security+ Exam

Image
After completing the Google Cybersecurity Certificate program, the next step on my to-do list was to pass the CompTIA Security+ Exam. Exam Prep Time How long does it take to study and prep for the exam? It depends on your knowledge, experience, and background. It also depends on how quickly you can study and learn. I have seen Reddit comments that give the range from 1-2 weeks to several months.  ​ My Background I am going to be upfront and say that the Google cybersecurity program was NOT enough to pass the Security+ exam. Don’t get me wrong, it was a very informative course with lots of practical knowledge. However, the CompTIA Security+ exam covers A LOT! Also, I did not do the Network+ certification nor did I have two years of network admin experience. My background in software development and IT has mainly been in technical writing, manual QA testing, and doing computer troubleshooting and fixing for myself and friends and family. I decided to set two goals:    ...
Read more

Protecting Our Elders: A Comprehensive Look at Social Engineering Threats and Proactive Steps for Families

Image
As our parents get older we will often find our roles reversed. Us (adult) kids aren’t just tech support, now it’s our responsibility to parent our parents through monitoring their online activity and protecting them from scams. Social Engineering Scams It’s not just tech. Criminals know it is easier to trick a person than to hack a computer. From the age old ‘ don’t talk to (internet) strangers ’ to ‘ don’t click suspicious ’ links, here are the seven social engineering psychology principles scammers will use (which I learned from studying for the CompTIA Security+ Exam), the possible scams they’ll try to pull, and how to thwart or prevent the scams. Psychology Principle Scam Example (Targeting Senior Citizens) How to Thwart or Prevent the Scam Authority IRS or Social Security Impersonation: Attacker calls claiming to be from the IRS or Social Security Administration (SSA).  They state the victim owes back taxes or that...
Read more

Network+ Deep Dive: Where Firewalls, Load Balancers, and APs Fit in the OSI Model

Image
OSI Model or Open Systems Interconnect model: It is important to remember that this is a theoretical framework, meaning that it is just one way of thinking about networking. What happens at each layer? The table below shows examples of what exists at each layer, mainly hardware at the physical layer and protocols on the other layers. OSI Layers Which Headers Can Be Added at this Layer What happens on these layers Application SMTP, HTTP, FTP, HTTPS, P2P, DNS, etc. Header is added to the data (whether it is an HTTP header, SMTP, etc.) Presentation   Handles data formatting, encryption, and compression to ensure data is in a usable format for the application layer. Session   Managing and controlling connections between devices, including establishing, maintaining, and terminating sessions. Transport TCP, UDP, etc. ...
Read more