ISO 27001 audit in Windows server environment

Information and cyber security practically in the Windows environment according to the requirements of the ISO / IEC 27001 and ISO / IEC 27002 standards is the basic building block for the development of applications and services in this environment. You will also appreciate this knowledge when preparing for the certification of your products and services according to ISO 27001.

Virtual Training or e-Learning?

We offer flexibility. You can choose from our selection of in-class courses as well as online courses.

Try a live virtual course

Target audience

Auditors, managers, security consultants, developers, IT administrators, and others who work in or implement products and services subject to ISO / IEC 27001 and ISO / IEC 27002 standards. 

The course is also suitable for those who want to learn practical security for the right management decisions and justification of measures in the Windows environment, Active Directory and networks in general.

Target audience

Aims of the course

You will learn:

  • How to certify products and services over Windows
  • How to secure a Win environment according to ISO 2700x
  • How to perform a security audit in a Windows environment
  • Practical measure of ISO 2700x standards on Windows + Active Directory
  • Preparation of internal and certification audit only after defense before auditors


Windows PCs, laptops, servers, and especially domain controllers, AD DS (Active Directory Domain Services) are exposed to a number of potential security risks.

From the point of view of safety, it is necessary to identify risks (risk analysis), monitor and evaluate. For these cases, Windows uses event logs, resp. Event Logs. Here you will find valuable information about all situations.

But how to work with these logs? We will teach you to analyze Event logs, evaluate them, set the basic principles of auditing, and we will go much further. You will master automated storage, sorting and processing. Throughout the plethora of information, you can choose the important ones and take fundamental measures.

ISMS vs. Windows server vs Cyber Security

Why Windows and ISO 27001

The ISO 27000 series standards are a pillar of information and cyber security. A number of modifications have emerged from these standards, such as the Cyber Security Act, the EU GDPR Regulation, or the security of PCI DSS payment cards.

While the ISO 27001 standard specifies requirements for the implementation and certification of the ISMS (Information Security Management System).

The ISO 27002 standard contains a detailed overview (catalog) of safety measures that must be used to meet the requirements of the ISO 27001 standard.

ISO 27001


Day 1
Hide agenda
Open agenda

09:00 - 17:00

ISMS Introduction

  • ISO/IEC 27001 and ISO 27002
  • Information Security Management System

ISO 27001 Audit

  • Audit principles
  • Requirements and practical examples

ISO 27002 Requirements

  • Windows + Active Directory
  • ISO 2700x standards in Win environment

Day 2
Hide agenda
Open agenda

09:00 - 17:00

Information Security Policies

  • practical example in a virtual Windows lab

System Acquisition, Development and Maintenance

  • practical example in a virtual Windows lab

Supplier Relationships

  • practical example in a virtual Windows lab

Day 3
Hide agenda
Open agenda

09:00 - 17:00

Human Resource Security

  • practical example in a virtual Windows lab

Access Control

  • practical example in a virtual Windows lab

Asset Management

  • practical example in a virtual Windows lab

Day 4
Hide agenda
Open agenda

09:00 - 17:00

Communications Security

  • practical example in a virtual Windows lab


  • practical example in a virtual Windows lab

Information Security Incident Management

  • practical example in a virtual Windows lab

Day 5
Hide agenda
Open agenda

09:00 - 17:00

Physical & Environmental Security

  • practical example in a virtual Windows lab

Operations Security

  • practical example in a virtual Windows lab

Information Security Aspects of Business Continuity Management

  • practical example in a virtual Windows lab


  • summary
  • exam tips

Windows Server and Security according to the ISO 2700x standard. All this is demonstrated from a practical point of view in a Windows environment (PC, Laptops, Networks, Servers). You will learn techniques that no security manager can do without today.

  • Block duration 90 minutes
  • Hours 40 hours
  • Refreshments Yes
  • Exam Yes
  • Prerequisites

    Passive knowledge of ISO standards is recommended, especially ISO 2700x, Win environment, TCP / IP and DNS. However this course can be tailored to the organization, so it does not require any specific knowledge.

Vladimír Rab

Vladimír has more than 15 years of experience in the position of the second and third level of customer care support. He deals with computer security and the transfer of experience to students of professional courses.


April 2020 – present


June 2019 – present


January 2015 – present

Martin Tobolka

Jan Cuřín

Graduate of ČVUT FEL, subsequently a consultant with an international dimension in the field of implementation and optimization of the information management system (ITSM) and cyber (ISMS) security. He applies the acquired experience from the position of an accredited Lead Auditor in the areas of IT Service Management, ISMS and GDPR.

  • Cyber Security standard author
  • Lead Auditor ITSM ISO 20000, ISMS ISO/IEC 27001
  • Approved Trainer & Lead Auditor GDPR (EU 2016/679) dle ISO/IEC 17067

Marek Mitáček

Accredited trainer, Workshop Leader, Coach, co-author of methodologies and TAYLLORCOX Toolkits (sets of templates and sample forms) for IT Service Management ITSM, Project Management PRINCE2 and cyber security according to ISMS ISO / IEC 27001 and ZoKB.

One of the very first IT auditors in the Czech Republic. His rich practice began in 1996 in the company. GiTyFurtherly spent almost 10 years as an ITIL implementer at Český Telekom and since 2007 he has been a key auditor, accredited trainer at the TAYLLORCOX certification body

  • Český Telekom
  • GiTy - Interní Auditor / Consultant



The content of the course is minimized in theory. Each chapter is closed by a separate exercise in a virtual environment.

This environment is licensed by Cyber Security iLabs, special testing labs that are available to each participant and its price is part of the course.

metodika auditování dle iso 27001

Graduate ratings

What makes our references exceptional? They are not one-off events. Clients come back to us regularly.

View the full list of reference clients.

Your rating

Not sure if this is the right courese for you? Get in touch!

For assistance please give us a call.

We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.

*items marked with an asterisk are mandatory

Would you like a gift for your birtday?