ISO 27001, the international standard for implementing an ISMS (information security management), keeps going from strength to strength.
It’s used by organisations of all sizes across the globe that understand the growing threat of cyber crime and the need to keep sensitive information secure.
Unfortunately, the complexity of the Standard can be daunting for those trying to implement it – but that’s where information security expert Bridget Kenyon comes in.
Her book ISO 27001 controls – A guide to implementing and auditing provides essential advice on how to implement the Standard.
Who is Bridget Kenyon?
Bridget Kenyon has 20 years’ experience in the information security industry, and is global CISO for Thales eSecurity.
She began her career with a role in network vulnerabilities at DERA, before becoming a PCI Qualified Security Assessor, information security officer for the University of Warwick and head of information security for University College London.
Kenyon has contributed to international standards since 2006, when she joined BSI Panel 1, coordinating the development of ISMS standards.
She is the editor for ISO 27014, which provides guidance on concepts and principles for the governance of information security, and in 2018 she was named one of the top 25 women in tech by PCR magazine.
“I love ISO/IEC 27002 because it provides a good broad spectrum of security controls; but it is by design a theoretical document. My book links the world of ISO and the actual lived experience of risk management in large and small organisations by explaining the ‘how’ of implementing controls,” she told us recently.
“But it gets better! You also get to see your world from the perspective of the auditor, so you can understand what they will be looking for; and you can use this insight to fine-tune both your controls and your own internal auditing processes.
“And if you are an auditor, you get a great list of ways to look for evidence that controls are in place, based on decades of experience in a wide variety of industries.”
ISO 27001 controls – A guide to implementing and auditing
Whether you’re an information security manager, auditor or consultant, you will find value in ISO 27001 controls – A guide to implementing and auditing.
The book helps readers understand the requirements of implementing and auditing against an ISMS.
It contains clear descriptions that cover what needs to be considered to achieve ISO 27001 compliance, along with examples. Likewise, the auditing guidance explains the evidence that an auditor should look for to be satisfied that the requirements have been met.
This is not only helpful for auditors but also security managers and lead implementers who want to confirm that the measures they’ve implemented and supporting documentation are sufficient to pass an audit.
You can hear Bridget Kenyon talking more about this book on the IT Governance Publishing podcast.
ISO 27001 controls – A guide to implementing and auditing is available in physical, eBook, ePub and Kindle formats. You can find out which format is right for you with our handy guide.
Receive 15% off Bridget Kenyon’s book throughout August by ordering from the IT Governance Publishing website and entering the voucher code Kenyon15 at the checkout.
Kenyon says she will be continuing her work developing and supporting ISO standards, and consolidating security management across her organisation.
Meanwhile, she plans to indulge her interests in behavioural economics and how it can be used to support good security decisions.