Implementing Information Security based on ISO 27001/ISO 27002

Name: Implementing Information Security based on ISO 27001/ISO 27002
Brand: van Haren Publishing
Price: 26.78 EUR
Availability: OnlineOnly

Alan Calder(Author)

van Haren Publishing

1st Edition

Published on 9. September 2011

90 pages

E-Book

PDF with Adobe-DRM

System requirements

978-90-8753-543-8 (ISBN)

€26.78incl. 7% vat

System requirements

for PDF with Adobe-DRM

E-Book Single Licence

Available for download

Description

More details

Other editions

Content

1 - CHAPTER 1 Introduction [Seite 10]
1.1 - 1.1 ISO/IEC 27001:2005 ('ISO 27001' or 'the Standard') [Seite 10]
1.2 - 1.2 ISO/IEC 27002:2005 ('ISO 27002') [Seite 10]
1.3 - 1.3 Definitions [Seite 11]
2 - CHAPTER 2 Information security and ISO 27001 [Seite 12]
2.1 - 2.1 Approach to information security [Seite 12]
2.2 - 2.2 The ISMS and organizational needs [Seite 12]
2.3 - 2.3 Reasons to implement an ISMS [Seite 13]
2.4 - 2.4 The ISMS and regulation [Seite 14]
3 - CHAPTER 3 Certification [Seite 16]
3.1 - 3.1 Read and study the Standards [Seite 16]
3.2 - 3.2 'Badge on the wall' debate [Seite 17]
3.3 - 3.3 Certification [Seite 18]
3.4 - 3.4 Qualifications and further study [Seite 18]
4 - CHAPTER 4 ISO 27001 and ISO 27002 [Seite 20]
4.1 - 4.1 ISO 27002 [Seite 20]
4.2 - 4.2 ISO 27001 [Seite 20]
5 - CHAPTER 5 Frameworks and management system integration [Seite 22]
5.1 - 5.1 ITIL [Seite 22]
5.2 - 5.2 ISO 20000 [Seite 23]
5.3 - 5.3 ISO 27001 Annex C [Seite 23]
5.4 - 5.4 Management system integration [Seite 25]
5.5 - 5.5 BS25999 [Seite 25]
5.6 - 5.6 CobiT [Seite 26]
6 - CHAPTER 6 Documentation requirements and record control [Seite 28]
6.1 - 6.1 ISO 27001 Document control requirements [Seite 28]
6.2 - 6.2 Annex A document controls [Seite 29]
6.3 - 6.3 Document approval [Seite 29]
6.4 - 6.4 Contents of the ISMS documentation [Seite 30]
6.5 - 6.5 Record control [Seite 31]
6.6 - 6.6 Documentation process and toolkits [Seite 31]
7 - CHAPTER 7 Project team [Seite 34]
7.1 - 7.1 Demonstrating management commitment [Seite 34]
7.2 - 7.2 Project team/steering committee [Seite 34]
7.3 - 7.3 Information security co-ordination [Seite 35]
8 - CHAPTER 8 Project initiation [Seite 36]
8.1 - 8.1 Awareness [Seite 36]
8.2 - 8.2 Awareness tools [Seite 37]
9 - CHAPTER 9 Process approach and the PDCA cycle [Seite 38]
9.1 - 9.1 PDCA mapped to the clauses of ISO 27001 [Seite 39]
9.2 - 9.2 ISMS project roadmap [Seite 40]
10 - CHAPTER 10 Plan - establish the ISMS [Seite 42]
10.1 - 10.1 ISMS policy [Seite 42]
10.2 - 10.2 Policy and business objectives [Seite 42]
11 - CHAPTER 11 Scope definition [Seite 44]
11.1 - 11.1 Scoping, boundaries and third party risk [Seite 44]
11.2 - 11.2 Scoping in small organizations [Seite 45]
11.3 - 11.3 Scoping in large organizations [Seite 46]
11.4 - 11.4 Legal and regulatory frameworks [Seite 46]
11.5 - 11.5 Network infrastructure [Seite 46]
12 - CHAPTER 12 Risk management [Seite 48]
12.1 - 12.1 Risk treatment plans [Seite 48]
12.2 - 12.2 Acceptable risks [Seite 48]
12.3 - 12.3 Risk assessment [Seite 49]
13 - CHAPTER 13 Assets within scope [Seite 50]
13.1 - 13.1 Asset classes [Seite 50]
13.2 - 13.2 Asset owners [Seite 51]
14 - CHAPTER 14 Assessing risk [Seite 52]
14.1 - 14.1 Threats (4.2.1.d2) [Seite 52]
14.2 - 14.2 Vulnerabilities (4.2.1.d3) [Seite 53]
14.3 - 14.3 Impacts (4.2.1.d4) [Seite 53]
14.4 - 14.4 Risk assessment (likelihood and evaluation) (4.2.1.e) [Seite 54]
14.5 - 14.5 Risk level [Seite 54]
15 - CHAPTER 15 Risk treatment plan [Seite 56]
16 - CHAPTER 16 Risk assessment tools [Seite 58]
16.1 - 16.1 Gap analysis tools [Seite 58]
16.2 - 16.2 Vulnerability assessment tools [Seite 59]
16.3 - 16.3 Penetration testing [Seite 59]
16.4 - 16.4 Risk assessment tools [Seite 60]
16.5 - 16.5 Statement of Applicability [Seite 61]
17 - CHAPTER 17 Statement of Applicability [Seite 62]
17.1 - 17.1 Controls (4.2.1.f.1) [Seite 62]
17.2 - 17.2 Controls and control objectives [Seite 63]
17.3 - 17.3 ISO 27001:2005 Annex A [Seite 64]
17.4 - 17.4 Drafting the Statement of Applicability [Seite 65]
17.5 - 17.5 Excluded controls [Seite 66]
18 - CHAPTER 18 Third party checklists and resources [Seite 68]
18.1 - 18.1 Third party sources [Seite 68]
18.2 - 18.2 Configuration checklists [Seite 68]
18.3 - 18.3 Vulnerability databases [Seite 69]
19 - CHAPTER 19 Do - implement and operate the ISMS [Seite 70]
19.1 - 19.1 Gap analysis [Seite 70]
19.2 - 19.2 Implementation [Seite 71]
20 - CHAPTER 20 Check - monitor and review the ISMS [Seite 74]
20.1 - 20.1 Audits [Seite 74]
20.2 - 20.2 Audit programme [Seite 74]
20.3 - 20.3 Reviews [Seite 75]
21 - CHAPTER 21 Act - maintain and improve the ISMS [Seite 76]
21.1 - 21.1 Management review [Seite 76]
22 - CHAPTER 22 Measurement [Seite 78]
22.1 - 22.1 NIST SP800-55 [Seite 78]
23 - CHAPTER 23 Preparing for an ISMS audit [Seite 80]
23.1 - A APPENDIX Bibliography of related standards, guides and books [Seite 82]
23.2 - APPENDIX B Accredited certification and other bodies [Seite 84]

System requirements

Save as PDF Copy link into clipboard

Schweitzer Fachinformationen

Implementing Information Security based on ISO 27001/ISO 27002

Description

More details

Other editions

Additional editions

Content

System requirements