Normal view MARC view ISBD view

ISO27001 / ISO27002 : a Pocket Guide.

By: Calder, Alan.
Material type: TextTextSeries: JSTOR eBooks.Publisher: Ely : IT Governance Publishing, 2013Edition: 2nd ed.Description: 1 online resource (78 pages).Content type: text Media type: computer Carrier type: online resourceISBN: 9781849285230; 1849285233; 9781849285223; 1849285225.Subject(s): Data protection -- Standards | Data protection -- EvaluationAdditional physical formats: Print version:: ISO27001 / ISO27002 : A Pocket Guide.DDC classification: 005.8 LOC classification: QA76.9.A25 .C384 2013Online resources: Click here to view this ebook.
Contents:
Foreword; About the Author; Acknowledgements; contents; Introduction; Risks to information assets; Information Security Management System; Chapter 1: The ISO/IEC 27000 Family of Information Security Standards; ISO/IEC 27001:2013 (ISO27001); ISO/IEC 27002:2013 (ISO27002); ISO/IEC 27003; ISO/IEC 27004; ISO/IEC 27005:2011; ISO/IEC 27006:2011; Definitions; Chapter 2: Background to the Standards; BS7799-2; ISO27001:2005; Correspondence between ISO27001 and ISO27002; Use of the Standards; Chapter 3: Specification vs Code of Practice; Chapter 4: Certification Process; Certification bodies.
Chapter 5: The ISMS and ISO27001Definition of information security; The ISMS; Chapter 6: Overview of ISO/IEC 27001:2013; Chapter 7: Overview of ISO/IEC 27002:2013; The security categories; Chapter 8: Documentation and Records; Document control requirements; Contents of the ISMS documentation; Annex A document controls; Chapter 9: Management Responsibility; Management direction; Management-related controls; Requirement for management review; Chapter 10: Process Approach and the PDCA Cycle; PDCA and ISO27001; The PDCA cycle and the clauses of ISO27001; Chapter 11: CONTEXT, Policy and Scope.
The scoping exerciseLegal and regulatory framework; Policy definition; Policy and business objectives; Chapter 12: Risk Assessment; Link to ISO/IEC 27005; Objectives of risk treatment plans; Risk assessment process; Identify risks (6.1.2.c.1); Threats; Vulnerabilities; Identify risk owners (6.1.2.c.2); Assess the consequences of the risk (6.1.2.d.1); Likelihood (6.1.2.d.2); Levels of risk (6.1.2.d.3); Comparing the risk analysis with the risk criteria (6.1.2.e.1); Prioritise the risks (6.1.2.e.2); Risk treatment plan; Chapter 13: The Statement of Applicability (SoA); SoA and external parties.
Controls and Annex AControls (6.1.3.b); Residual risks; Control objectives; Plan for security incidents; Chapter 14: Implementation; Chapter 15: Check and Act; Monitoring; Auditing; Reviewing; Act -- maintain and improve the ISMS; Chapter 16: Management Review; Chapter 17: ISO27001 Annex A; Annex A control areas and controls; Clause A5: Information security policies; Clause A6: Organisation of information security; Clause A7: Human resource security; Clause A8: Asset management; Clause A9: Access control; Clause A10: Cryptography; ITG Resources.
Summary: Information is one of your organisation's most important resources. Keeping it secure is therefore vital to your business. This handy pocket guide is an essential overview of two key information security standards that cover the formal requirements (ISO27001:2013) for creating an Information Security Management System (ISMS), and the best-practice recommendations (ISO27002:2013) for those responsible for initiating, implementing or maintaining it.
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
QA76.9.A25 .C384 2013 (Browse shelf) https://ezproxy.uttyler.edu/login?url=http://www.jstor.org/stable/10.2307/j.ctt5hh4qg Available ocn860626137
Browsing UT Tyler Online Shelves , Shelving location: Online Close shelf browser
QA76.9.A25 C35 2016 PCI DSS : QA76.9.A25 .C353 2014 Cyber essentials : QA76.9.A25 .C384 2013 Nine steps to success : QA76.9.A25 .C384 2013 ISO27001 / QA76.9.A25 C454 2002b Checkpoint Next Generation Security Administration. QA76.9.A25 C527 2010 Computer forensics : QA76.9.A25 C6145 2010 Collaborative computer security and trust management /

Print version record.

Includes bibliographical references.

Foreword; About the Author; Acknowledgements; contents; Introduction; Risks to information assets; Information Security Management System; Chapter 1: The ISO/IEC 27000 Family of Information Security Standards; ISO/IEC 27001:2013 (ISO27001); ISO/IEC 27002:2013 (ISO27002); ISO/IEC 27003; ISO/IEC 27004; ISO/IEC 27005:2011; ISO/IEC 27006:2011; Definitions; Chapter 2: Background to the Standards; BS7799-2; ISO27001:2005; Correspondence between ISO27001 and ISO27002; Use of the Standards; Chapter 3: Specification vs Code of Practice; Chapter 4: Certification Process; Certification bodies.

Chapter 5: The ISMS and ISO27001Definition of information security; The ISMS; Chapter 6: Overview of ISO/IEC 27001:2013; Chapter 7: Overview of ISO/IEC 27002:2013; The security categories; Chapter 8: Documentation and Records; Document control requirements; Contents of the ISMS documentation; Annex A document controls; Chapter 9: Management Responsibility; Management direction; Management-related controls; Requirement for management review; Chapter 10: Process Approach and the PDCA Cycle; PDCA and ISO27001; The PDCA cycle and the clauses of ISO27001; Chapter 11: CONTEXT, Policy and Scope.

The scoping exerciseLegal and regulatory framework; Policy definition; Policy and business objectives; Chapter 12: Risk Assessment; Link to ISO/IEC 27005; Objectives of risk treatment plans; Risk assessment process; Identify risks (6.1.2.c.1); Threats; Vulnerabilities; Identify risk owners (6.1.2.c.2); Assess the consequences of the risk (6.1.2.d.1); Likelihood (6.1.2.d.2); Levels of risk (6.1.2.d.3); Comparing the risk analysis with the risk criteria (6.1.2.e.1); Prioritise the risks (6.1.2.e.2); Risk treatment plan; Chapter 13: The Statement of Applicability (SoA); SoA and external parties.

Controls and Annex AControls (6.1.3.b); Residual risks; Control objectives; Plan for security incidents; Chapter 14: Implementation; Chapter 15: Check and Act; Monitoring; Auditing; Reviewing; Act -- maintain and improve the ISMS; Chapter 16: Management Review; Chapter 17: ISO27001 Annex A; Annex A control areas and controls; Clause A5: Information security policies; Clause A6: Organisation of information security; Clause A7: Human resource security; Clause A8: Asset management; Clause A9: Access control; Clause A10: Cryptography; ITG Resources.

Information is one of your organisation's most important resources. Keeping it secure is therefore vital to your business. This handy pocket guide is an essential overview of two key information security standards that cover the formal requirements (ISO27001:2013) for creating an Information Security Management System (ISMS), and the best-practice recommendations (ISO27002:2013) for those responsible for initiating, implementing or maintaining it.

Author notes provided by Syndetics

<p>Alan Calder is the Founder and Executive Chairman of IT Governance Ltd, an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors.</p> <p> </p>

There are no comments for this item.

Log in to your account to post a comment.