Implementing ISO27001 in a Windows(R) Environment, Second Edition The best practice implementation handbook for a Microsoft(R) Windows(R) environment Brian Honan Organisations can minimise the risks to the vital information in their possession by putting in place an information security management system (ISMS). However, this can provide a significant implementation challenge for any organisation. A significant number of the controls to be applied will, of necessity, be technical and will relate to how IT hardware and software are set up and configured. Once an organisation decides to adopt ISO27001, it will be the job of the IT team to implement many of the associated controls. As a result, there is often a gulf in understanding as to what is required between the ISO27001 ISMS project manager and those responsible for implementing the technical controls. Implementing ISO27001 in a Windows(R) Environment, Second Edition, enables parties on both sides to bridge the gulf. It helps both IT managers and ISMS project managers to understand the requirements of ISO27001 and its step-by-step advice will make the road to ISO27001 implementation much easier.
Providing practical advice on how to configure and secure a Microsoft(R) environment using ISO27001 controls, the book shows IT managers how they can take advantage of the Microsoft(R) technologies at their disposal. Covering best practice implementation over a wide range of Windows(R) environments, this second edition is completely up to date for Windows(R) 7 and Server(R) 2008. The author, Brian Honan, is recognised as an industry expert on information security, in particular the ISO27001 information security standard. An independent consultant based in Dublin, Ireland, Brian provides consulting services to clients in various industry segments. He was a founding member of the Irish Corporate Windows NT(R) User Group and he also established Ireland's first ever Computer Security Incident Response Team. Make it easier to implement ISO27001 in a Windows(R) environment with this step-by-step guide!
Auflage
Sprache
Verlagsort
Zielgruppe
Editions-Typ
Produkt-Hinweis
Illustrationen
1, black & white illustrations
Maße
Höhe: 216 mm
Breite: 140 mm
Dicke: 17 mm
Gewicht
ISBN-13
978-1-84928-049-5 (9781849280495)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Klassifikation
Brian Honan, is recognised as an industry expert on information security, in particular the ISO27001 information security standard. An independent consultant based in Dublin, Ireland, Brian provides consulting services to clients in various industry segments. He was a founding member of the Irish Corporate Windows NT(R) User Group and he also established Ireland's first ever Computer Security Incident Response Team.
Introduction Chapter 1: Information and Information Security Information security concepts Other information security concepts The importance of information security Chapter 2: Using an ISMS to Counter the Threats System security versus information security The structure of an ISMS Managing exceptions to the policy Chapter 3: An Introduction to ISO27001 The ISO27000 standards family History of ISO27001 What is in the ISO27001 standard? The plan, do, check and act cycle (PDCA) What are the benefits of ISO27001? Chapter 4: Identify your Information Assets Define the scope of the ISMS Identifying your information security assets Chapter 5: Conducting a Risk Assessment What is risk? Managing risks The different types of risk analysis Risk management tools Chapter 6: An Overview of Microsoft Technologies Microsoft(R) Windows Server(R) 2008 Microsoft(R) Windows(R) 7 Microsoft(R) Forefront Microsoft(R) Systems Center Microsoft(R) Windows Server(R) Update Services Microsoft(R) Baseline Security Analyzer Contents Microsoft Security Risk Management Guide Microsoft(R) Threat Analysis and Modeling Enterprise Edition Microsoft(R) CAT.NET Microsoft(R) Source Code Analyzer for SQL Injection Chapter 7: Implementing ISO27001 in a Microsoft environment Section 4 Information security management system Section A.5 Security policy Section A.6 Organisational security Section A.7 Asset management Section A.8 Human resource security Section A.9 Physical and environmental security Section A.10 Communications and operations management Section A.11 Access control Section A.12 Information systems acquisition development and maintenance Section A.13 Information security incident management Section A.14 Business continuity management Section A.15 Compliance Chapter 8: Securing the Windows(R) environment Windows Server(R) 2008 architecture Domain user accounts naming standards Chapter 9: Securing the Microsoft(R) Windows Server(R) platform Recommended settings Chapter 10: Auditing and Monitoring Configuring auditing of file and resource access Event log settings Events to record Chapter 11: Securing your Servers Contents Protecting files and directories Appendix 1: Overview of security settings for Windows Server(R) 2008 servers and domain controllers Service pack and hotfixes Account and audit policies Event log settings Security settings Service settings User rights Registry permissions File and registry auditing Appendix 2: Bibliography, Reference and Further Reading ISO27001 resources Microsoft resources Microsoft products Other resources ITG Resources
