ISO/IEC 27001:2005 is an international standard for information security management systems (ISMSs). Closely allied to ISO/IEC 27002:2005 (which used to be known as ISO17799), this standard (sometimes called the ISMS standard) can help organisations meet all their information-related regulatory compliance objectives and can help them prepare and position themselves for new and emerging regulations. Information is the lifeblood of today s organis-ation and, therefore, ensuring that information is simultaneously protected and available to those who need it is essential to modern business operations. Information systems are not usually designed from the outset to be secure. Technical security measures and checklists are limited in their ability to protect a complete information system. Management systems and procedural controls are essential components of any really secure information system and, to be effective, need careful planning and attention to detail.
ISO/IEC 27001 provides the specification for an information security management system and, in the related Code of Practice, ISO/IEC 27002, it draws on the knowledge of a group of experienced information security practitioners in a wide range of significant organisations across more than 40 countries to set out best practice in information security. An ISO27001-compliant system will provide a systematic approach to ensuring the availability, confidentiality and integrity of corporate information. The controls of ISO27001 are based on identifying and combating the entire range of potential risks to the organisation s information assets. This helpful, handy ISO27001/ISO27002 pocket guide gives a useful overview of these two important information security standards. Key features include: The ISO/IEC 27000 Family of Information Security Standards Background to the Standards Specification vs Code of Practice Certification process The ISMS and ISO27001 Overview of ISO/IEC 27001:2005 Documentation & Records Management Responsibility Policy & Scope Risk Assessment Implementation
Sprache
Verlagsort
ISBN-13
978-1-905356-70-6 (9781905356706)
Copyright in bibliographic data is held by Nielsen Book Services Limited or its licensors: all rights reserved.
Schweitzer Klassifikation
Alan Calder is a leading author on IT governance and information security issues. He is chief executive of IT Governance Limited, the one stopA(c)\shop for books, tools, training and consultancy on governance, risk management and compliance.Alan is an international authority on information security management and on ISO27001 (formerly BS7799), the international security standard, about which he wrote with colleague Steve Watkins the definitive compliance guide, IT Governance: A Manager AZs Guide to Data Security and ISO27001/ISO27002, the 4th edition of which was published in May 2008. This work is based on his experience of leading the world AZs first successful implementation of BS7799 (the forerunner of ISO27001) and is the basis for the UK Open University AZs postgraduate course on information security.Other books written by Alan include The Case for ISO27001 and ISO27001 A C Nine Steps to Success, as well as books on corporate governance and IT governance, and several pocket guides in this series.Alan is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
IntroductionChapter 1: The ISO/IEC 27000 Family of Information Security Standards Chapter 2: Background to the StandardsChapter 3: Specification vs Code of PracticeChapter 4: Certification ProcessChapter 5: The ISMS and ISO27001Chapter 6: Overview of ISO/IEC 27001:2005Chapter 7: Overview of ISO/IEC 27002:2005Chapter 8: Documentation and RecordsChapter 9: Management ResponsibilityChapter 10: Process Approach and the PDCA Cycle Chapter 11: Policy and ScopeChapter 12: Risk AssessmentChapter 13: The Statement of Applicability (SoA) Chapter 14: ImplementationChapter 15: Check and ActChapter 16: Management ReviewChapter 17: ISO27001 Annex AITG Resources
