Overview

This book is the ideal guide for anyone tackling - or about to tackle - ISO27001 for the first time. It gives a clear overview of: * how to get management and board buy-in; * how to get cross-organizational, cross functional buy-in; * the gap analysis: how much do you really need to do? * the relationship between ISO27001 and ISO17799; * how to integrate with ISO9001 and other management systems; * how to structure and resource your project; * use consultants or do it youself? * the PDCA cycle; * the timetable and project plan; * risk assessment methodologies and tools; * the documentation challenges; * how to choose a certification body; * and much more.

Full Product Details

Author:   Alan Calder
Publisher:   IT Governance Publishing
Imprint:   IT Governance Publishing
Dimensions:   Width: 14.00cm , Height: 0.70cm , Length: 21.60cm
Weight:   0.162kg
ISBN:  

9781905356126

ISBN 10:   1905356129
Pages:   115
Publication Date:   01 January 2006
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Paperback
Publisher's Status:   Out of Print
Availability:   Out of print, replaced by POD  
We will order this item for you from a manufatured on demand supplier.

Table of Contents

CONTENTS 9 INTRODUCTION 13 CHAPTER 1: INITIAL APPROACH 21 Information risk and regulatory risk 24 The 'fear list' 25 ISO27001/ISO17799 27 Background to the standard 29 ISO/IEC 17799 29 Links to other standards 30 CHAPTER 2: MANAGEMENT SUPPORT 33 Strategic alignment 33 Prioritization and endorsement 35 Change management 35 The CEO's role 37 The CEO's commitment 38 Senior management support 40 CHAPTER 3: SCOPING 43 Endpoint security 44 Defining boundaries 45 Phased approach 48 Network mapping 48 Cutting corners 50 CHAPTER 4: PLANNING 53 Structured approach to implementation 54 Plan 54 Do 55 Check 55 Act 55 Integration with existing security management systems 56 Gap Analysis 57 Quality system integration 57 Project management 59 Project team chair 60 Project plan 61 Costs and project monitoring 63 Consultants 64 Information security manager 67 Specialist information security advice 68 Functional specialists 69 CHAPTER 5: COMMUNICATION 71 Staff buy-in 73 Information security policy 74 CHAPTER 6: RISK ASSESSMENT 77 Introduction to risk management 78 Risk assessment 80 Who conducts the risk assessment? 80 Risk analysis 81 Threats 82 Vulnerabilities 82 Impacts 83 Controls 83 Risk assessment tools 84 CHAPTER 7: CONTROL SELECTION 87 Nature of controls 87 Control selection criteria 90 Statement of applicability 92 CHAPTER 8: DOCUMENTATION 95 Four levels of documentation 97 Documentation approaches 98 Trial and error 98 External expertise 99 Third party Documentation Toolkit plus guidance 100 CHAPTER 9: TESTING 103 CHAPTER 10: SUCCESSFUL CERTIFICATION 107 USEFUL WEBSITES 113

Reviews

Author Information

Alan Calder is the founder director of IT Governance Ltd (www.itgovernance.co.uk), an information, advice and consultancy firm that helps company boards tackle governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors. The company operates a website that distributes a range of books, tools and other publications on governance, risk management, compliance and information security.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions