Nine Steps to Success
IT Governance Publishing (Verlag)
978-1-905356-12-6 (ISBN)
- Titel erscheint in neuer Auflage
- Artikel merken
This book is the ideal guide for anyone tackling - or about to tackle - ISO27001 for the first time. It gives a clear overview of: * how to get management and board buy-in; * how to get cross-organizational, cross functional buy-in; * the gap analysis: how much do you really need to do? * the relationship between ISO27001 and ISO17799; * how to integrate with ISO9001 and other management systems; * how to structure and resource your project; * use consultants or do it youself? * the PDCA cycle; * the timetable and project plan; * risk assessment methodologies and tools; * the documentation challenges; * how to choose a certification body; * and much more.
Alan Calder is the founder director of IT Governance Ltd (www.itgovernance.co.uk), an information, advice and consultancy firm that helps company boards tackle governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors. The company operates a website that distributes a range of books, tools and other publications on governance, risk management, compliance and information security.
CONTENTS9 INTRODUCTION13 CHAPTER 1: INITIAL APPROACH21 Information risk and regulatory risk24 The 'fear list'25 ISO27001/ISO1779927 Background to the standard29 ISO/IEC 1779929 Links to other standards30 CHAPTER 2: MANAGEMENT SUPPORT33 Strategic alignment33 Prioritization and endorsement35 Change management35 The CEO's role37 The CEO's commitment38 Senior management support40 CHAPTER 3: SCOPING43 Endpoint security44 Defining boundaries45 Phased approach48 Network mapping48 Cutting corners50 CHAPTER 4: PLANNING53 Structured approach to implementation54 Plan54 Do55 Check55 Act55 Integration with existing security management systems56 Gap Analysis57 Quality system integration57 Project management59 Project team chair60 Project plan61 Costs and project monitoring63 Consultants64 Information security manager67 Specialist information security advice68 Functional specialists69 CHAPTER 5: COMMUNICATION71 Staff buy-in73 Information security policy74 CHAPTER 6: RISK ASSESSMENT77 Introduction to risk management78 Risk assessment80 Who conducts the risk assessment?80 Risk analysis81 Threats82 Vulnerabilities82 Impacts83 Controls83 Risk assessment tools84 CHAPTER 7: CONTROL SELECTION87 Nature of controls87 Control selection criteria90 Statement of applicability92 CHAPTER 8: DOCUMENTATION95 Four levels of documentation97 Documentation approaches98 Trial and error98 External expertise99 Third party Documentation Toolkit plus guidance100 CHAPTER 9: TESTING103 CHAPTER 10: SUCCESSFUL CERTIFICATION107 USEFUL WEBSITES113
| Erscheint lt. Verlag | 1.1.2006 |
|---|---|
| Verlagsort | Ely |
| Sprache | englisch |
| Maße | 140 x 216 mm |
| Gewicht | 162 g |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Informatik ► Theorie / Studium ► Kryptologie | |
| Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
| ISBN-10 | 1-905356-12-9 / 1905356129 |
| ISBN-13 | 978-1-905356-12-6 / 9781905356126 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
