2 minute read

IT Governance

An International Guide to Data Security and ISO 27001/ISO 27002

Edition: 7 Date: 03/10/2019 Price: £49.99 ISBN Paperback: 9780749496951 ISBN Ebook: 9780749496968 Pages: 408 Format (mm): 233x157 Product Category: Supplementary Text/

Professional

Subject: Information, Knowledge

& Data Management

Author Information

Alan Calder is Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.. He led the world’s first successful implementation of BS 7799 (now ISO 27001) and was involved in developing a wide range of information security management training courses, accredited by the International Board for IT Governance Qualifications (IBITGQ).

Steve Watkins is Executive Director at GRC International Group plc, chair of the UK ISO/IEC 27001 User Group and contracted technical assessor for UKAS. He is a member of the international technical committee responsible for the ISO 27000 family of standards, and chairs the UK National Standards Body’s technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it. « Advises on the development and implementation of an information security management system that will meet the ISO 27001 specification « Outlines IT governance best practice for international organizations of all sizes and across sectors « New to this edition: changes in global regulation (including GDPR) and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) and the latest standards on auditing « Covers topics such as risk assessment, asset management, controls, security, supplier relationships and compliance

Description

Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice. IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security.

Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.

Table of Contents

1 Why is information security necessary? 2 The UK combined code, the FRC risk guidance and

Sarbanes–Oxley 3 ISO27001 4 Organizing information security 5 Information security policy and scope 6 The risk assessment and

Statement of Applicability 7 Mobile devices 8 Human resources security 9 Asset management 10 Media handling 11 Access control 12 User access management 13 System and application access control 14 Cryptography 15 Physical and environmental security 16 Equipment security 17 Operations security 18 Controls against malicious software (malware) 19 Communications management 20 Exchanges of information 21 System acquisition, development and maintenance 22 Development and support processes 23 Supplier relationships 24 Monitoring and information security incident management 25 Business and information security continuity management 26 Compliance 27 The ISO27001 audit

This article is from: