Skip to Main Content
Important information: All physical goods sent to the EU will be liable for local tax payments. Read more
ITGP bestselling books and toolkits ISO 27001 controls – A guide to implementing and auditing
ISO 27001 controls – A guide to implementing and auditing

ISO 27001 controls – A guide to implementing and auditing

Bridget Kenyon (Author)

Details

SKU: 5404
Format: Softcover
ISBN13: 9781787781443
BIC: Network security, COMPUTER SECURITY, COMPUTING: GENERAL
BISAC: COMPUTERS / Security / General, COMPUTERS / General, COMPUTERS / Security / Network Security
Pages: 180
Published: 16 Sep 2019
Availability: In Stock

Buying option(s)

Description

A must-have resource for anyone looking to establish, implement and maintain an ISMS.

Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001.

The book covers:

  • Implementation guidance – what needs to be considered to fulfil the requirements of the controls from ISO/IEC 27001, Annex A. This guidance is aligned with ISO/IEC 27002, which gives advice on implementing the controls; 
  • Auditing guidance – what should be checked, and how, when examining the ISO/IEC 27001 controls to ensure that the implementation covers the ISMS control requirements. 

The implementation guidance gives clear descriptions covering what needs to be considered to achieve compliance against the requirements, with examples given throughout. The auditing guidance covers what evidence an auditor should look for in order to satisfy themselves that the requirement has been met. Useful for internal auditors and consultants, the auditing guidance will also be useful for information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit.

This guide is intended to be used by those involved in:

  • Designing, implementing and/or maintaining an ISMS;
  • Preparing for ISMS audits and assessments; or
  • Undertaking both internal and third-party ISMS audits and assessments

'This book provides additional background information that you can use to tailor your ISMS and make it really work for you. Its knowledge and insights will guide you in a way that makes sense of ISO 27001, and provides assurance that when implementing, you’re doing things because of the added value. Implementing an ISMS will improve your commitment to the quality of your information security environment.

The book also offers insight into auditing, simply topping it off. The guidance for both internal and external auditors provides perspective as well as a helpful insight into auditing. This is a well-rounded guide that will make your everyday ISMS-life easier.'

Marc van Delft, CISA, CRISC and ISO 27001 Lead Auditor working for a certification institution

Buy your copy today!

Authors

About the author

Bridget Kenyon (CISSP) is global CISO for Thales eSecurity. Her experience in information security started in 2000 with a role in network vulnerabilities at DERA, following which she has been a PCI Qualified Security Assessor, information security officer for Warwick University and head of information security for UCL, and has held a variety of roles in consultancy and academia.

Bridget has been contributing to international standards since 2006, when she first joined BSI Panel 1, coordinating development of information security management system standards; she is currently editor for ISO/IEC 27014. Bridget has also co-authored three textbooks on information security. She strongly believes that “information security is fundamental to reliable business operations, not a nice-to-have”. In 2018, she was named one of the top 25 women in tech by UK publication PCR.

Reviews

Customer Reviews

(Only registered customers can rate)
Table of contents

Chapter 1: General
1.1 Scope of this guide
1.2 Field of application
Chapter 2: Implementing and auditing ISMS control objectives and controls
2.1 Information security policies (ISO/IEC 27001, A.5)
2.2 Organization of information security (ISO/IEC 27001, A.6)
2.3 Human resource security (ISO/IEC 27001, A.7)
2.4 Asset management (ISO/IEC 27001, A.8)
2.5 Access control (ISO/IEC 27001, A.9)
2.6 Cryptography (ISO/IEC 27001, A.10)
2.7 Physical and environmental security (ISO/IEC 27001, A.11)
2.8 Operations security (ISO/IEC 27001, A.12)
2.9 Communications security (ISO/IEC 27001, A.13)
2.10 System acquisition, development and maintenance (ISO/IEC 27001, A.14)
2.11 Supplier relationships (ISO/IEC 27001, A.15)
2.12 Information security incident management (ISO/IEC 27001, A.16)
2.13 Information security aspects of business continuity management (ISO/IEC 27001, A.17)
2.14 Compliance (ISO/IEC 27001, A.18)
Further reading

Loading...