An Introduction to Information Security and ISO27001

This new pocket guide will suit both individuals who need an introduction to a topic that they know little about, and also organizations implementing, or considering implementing, some sort of information security management regime, particularly if using ISO/IEC 27001. The guide furnishes readers with an understanding of the basics of information security, including: * A definition of what information security means. * How managing information security can be achieved using an approach recognised world-wide. * The sorts of factors that need to be considered in an information security regime, including how the perimeters of such a scheme can be properly defined. * How an information security management system can ensure it is maximising the effect of any budget it has. * What sort of things resources might be invested in to deliver a consistent level of assurance. * How organizations can demonstrate the degree of assurance they offer with regards to information security, how to interpret claims of adherence to the ISO 27001 standard and exactly what it means.
Corporate bodies will find this book useful at a number of stages in any information security project, including: * At the decision-making stage; to ensure that those committing to an information security project do so from a truly informed position. * At project initiation stage, as an introduction to information security for the project board, project team members and those on the periphery of the project. * As part of an on-going awareness campaign, being made available to all staff and to new starters as part of their introduction to the company. The guide is designed to be read without having to frequently break from the text, there is also a list of abbreviations along with terms and definitions in chapter 7 for easy reference.