Your shopping cart is currently empty.
ISO 27001 controls – A guide to implementing and auditing
Details
SKU: 5404
Format: Softcover
ISBN13: 9781787781443
BIC: Network security, COMPUTING: GENERAL, COMPUTER SECURITY
BISAC: COMPUTERS / General, COMPUTERS / Security / General, COMPUTERS / Security / Networking
Format: Softcover
ISBN13: 9781787781443
BIC: Network security, COMPUTING: GENERAL, COMPUTER SECURITY
BISAC: COMPUTERS / General, COMPUTERS / Security / General, COMPUTERS / Security / Networking
Pages: 180
Published: 16 Sep 2019
Availability: Out Of Stock
Published: 16 Sep 2019
Availability: Out Of Stock
Buying Option(s)
Description
A must-have resource for anyone looking to establish, implement and maintain an ISMS.
Available to pre-order now!
Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001.
The book covers:
- Implementation guidance – what needs to be considered to fulfil the requirements of the controls from ISO/IEC 27001, Annex A. This guidance is aligned with ISO/IEC 27002, which gives advice on implementing the controls;
- Auditing guidance – what should be checked, and how, when examining the ISO/IEC 27001 controls to ensure that the implementation covers the ISMS control requirements.
The implementation guidance gives clear descriptions covering what needs to be considered to achieve compliance against the requirements, with examples given throughout. The auditing guidance covers what evidence an auditor should look for in order to satisfy themselves that the requirement has been met. Useful for internal auditors and consultants, the auditing guidance will also be useful for information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit.
This guide is intended to be used by those involved in:
- Designing, implementing and/or maintaining an ISMS;
- Preparing for ISMS audits and assessments; or
- Undertaking both internal and third-party ISMS audits and assessments
Pre-order your copy today!
About the author
Reviews
Customer Reviews
stars out of 5 Table Of Contents
1.1 Scope of this guide
1.2 Field of application
1.2.1 Usage
1.2.2 Compliance
1.3 Meeting ISO/IEC 27001 requirements
2 Implementing and auditing ISMS control objectives and controls
2.1 Information security policies (ISO/IEC 27001, A.5)
2.1.1 Management direction for information security (ISO/IEC 27001, A.5.1)
2.2 Organization of information security (ISO/IEC 27001, A.6)
2.2.1 Internal organization (ISO/IEC 27001, A.6.1)
2.2.2 Mobile devices and teleworking (ISO/IEC 27001, A.6.2)
2.3 Human resource security (ISO/IEC 27001, A.7)
2.3.1 Prior to employment (ISO/IEC 27001, A.7.1)
2.3.2 During employment (ISO/IEC 27001, A.7.2)
2.3.3 Termination and change of employment (ISO/IEC 27001, A.7.3)
2.4 Asset management (ISO/IEC 27001, A.8)
2.4.1 Responsibility for assets (ISO/IEC 27001, A.8.1)
2.4.2 Information classification (ISO/IEC 27001, A.8.2)
2.4.3 Media handling (ISO/IEC 27001, A.8.3)
2.5 Access control (ISO/IEC 27001, A.9)
2.5.1 Business requirements of access control (ISO/IEC 27001, A.9.1)
2.5.2 User access management (ISO/IEC 27001, A.9.2)
2.5.3 User responsibilities (ISO/IEC 27001, A.9.3)
2.5.4 System and application access control (ISO/IEC 27001, A.9.4)
2.6 Cryptography (ISO/IEC 27001, A.10)
2.6.1 Cryptographic controls (ISO/IEC 27001, A.10.1)
2.7 Physical and environmental security (ISO/IEC 27001, A.11)
2.7.1 Secure areas (ISO/IEC 27001, A.11.1)
2.7.2 Equipment (ISO/IEC 27001, A.11.2)
2.8 Operations security (ISO/IEC 27001, A.12)
2.8.1 Operational procedures and responsibilities (ISO/IEC 27001, A.12.1)
2.8.2 Protection from malware (ISO/IEC 27001, A.12.2)
2.8.3 Backup (ISO/IEC 27001, A.12.3)
2.8.4 Logging and monitoring (ISO/IEC 27001, A.12.4)
2.8.5 Control of operational software (ISO/IEC 27001, A.12.5)
2.8.6 Technical vulnerability management (ISO/IEC 27001, A.12.6)
2.8.7 Information systems audit considerations (ISO/IEC 27001, A.12.7)
2.9 Communications security (ISO/IEC 27001, A.13)
2.9.1 Network security management (ISO/IEC 27001, A.13.1)
2.9.2 Information transfer (ISO/IEC 27001, A.13.2)
2.10 System acquisition, development and maintenance (ISO/IEC 27001, A.14)
2.10.1 Security requirements of information systems (ISO/IEC 27001, A.14.1)
2.10.2 Security in development and support processes (ISO/IEC 27001, A.14.2)
2.10.3 Test data (ISO/IEC 27001, A.14.3)
2.11 Supplier relationships (ISO/IEC 27001, A.15)
2.11.1 Information security in supplier relationships (ISO/IEC 27001, A.15.1)
2.11.2 Supplier service delivery management (ISO/IEC 27001, A.15.2)
2.12 Information security incident management (ISO/IEC 27001, A.16)
2.12.1 Management of information security incidents and improvements (ISO/IEC 27001, A.16.1)
2.13 Information security aspects of business continuity management (ISO/IEC 27001, A.17)
2.13.1 Information security continuity (ISO/IEC 27001, A.17.1)
2.13.2 Redundancies (ISO/IEC 27001, A.17.2)
2.14 Compliance (ISO/IEC 27001, A.18)
2.14.1 Compliance with legal and contractual requirements (ISO/IEC 27001, A.18.1)
2.14.2 Information security reviews (ISO/IEC 27001, A.18.2)