- English
- PDF
- Available on iOS & Android
Implementing Information Security based on ISO 27001/ISO 27002
About This Book
Information is the currency of the information age and in many cases is the most valuable asset possessed by an organisation. Information security management is the discipline that focuses on protecting and securing these assets against the threats of natural disasters, fraud and other criminal activity, user error and system failure.Effective information security can be defined as the 'preservation of confidentiality, integrity and availability of information.' This book describes the approach taken by many organisations to realise these objectives. It discusses how information security cannot be achieved through technological means alone, but should include factors such as the organisation's approach to risk and pragmatic day-to-day business operations.This Management Guide provides an overview of the implementation of an Information Security Management System that conforms to the requirements of ISO/IEC 27001: 2005 and which uses controls derived from ISO/IEC 17799: 2005. It covers the following: CertificationRiskDocumentation and Project Management issuesProcess approach and the PDCA cyclePreparation for an Audit
Frequently asked questions
Information
Table of contents
- CHAPTER 1 Introduction
- CHAPTER 2 Information security and ISO 27001
- CHAPTER 3 Certification
- CHAPTER 4 ISO 27001 and ISO 27002
- CHAPTER 5 Frameworks and management system integration
- CHAPTER 6 Documentation requirements and record control
- CHAPTER 7 Project team
- CHAPTER 8 Project initiation
- CHAPTER 9 Process approach and the PDCA cycle
- CHAPTER 10 Plan - establish the ISMS
- CHAPTER 11 Scope definition
- CHAPTER 12 Risk management
- CHAPTER 13 Assets within scope
- CHAPTER 14 Assessing risk
- CHAPTER 15 Risk treatment plan
- CHAPTER 16 Risk assessment tools
- CHAPTER 17 Statement of Applicability
- CHAPTER 18 Third party checklists and resources
- CHAPTER 19 Do - implement and operate the ISMS
- CHAPTER 20 Check - monitor and review the ISMS
- CHAPTER 21 Act - maintain and improve the ISMS
- CHAPTER 22 Measurement
- CHAPTER 23 Preparing for an ISMS audit