Information Security Risk Management Handbook: Handbook for ISO/IEC 27001 - Brossura

Humphreys, Ted

 
9780580607455: Information Security Risk Management Handbook: Handbook for ISO/IEC 27001
Brossura
ISBN 10: 0580607453 ISBN 13: 9780580607455
Casa editrice: BSI British Standards Institution, 2010

Sinossi

This book is a practical handbook for the use and application of ISO/IEC 27005. It provides guidance and advice to specifically support the implementation of those requirements specified in ISO/IEC 27001:2005 that relate to risk management processes and associated activities. The focus of this book is based around the concept of having an information security management system (ISMS) as a framework for achieving the effective management of information security risks. International standard ISO/IEC 27001 is a world recognised standard for establishing, implementing, monitoring and reviewing, updating and improving an ISMS. ISO/IEC 27005 is an ISMS risk management standard that supports the implementation of ISO/IEC 27001. This book is aimed at those business managers and staff involved in ISMS risk management activities. It is a practical handbook for the use and application of ISO/IEC 27005. It provides guidance and advice to specifically support the implementation of those requirements specified in ISO/IEC 27001:2005 that relate to risk management processes and associated activities. Contents include: Introduction, Nature of the Information Security Risk Landscape, Risk Management Framework, Risk Assessment, Risk Treatment, System of Risk Controls, Risk Monitoring and Reviews, Risk Control Improvements, Documentation System, Audits and Reviews, Standards, Definitions, Examples of legal and regulatory compliance, Examples of assets, threats, vulnerabilities and risk assessment methods.

Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.

Recensione

How to manage the risks of insider trading, and disgruntled staff hacking into computer systems and stealing? This well laid out book takes you through the risk assessment, and controls (a measure that is modifying risk), and not forgetting monitoring and reviews (all documented). This way you can address every risk from acceptable use of email and company computers to student placements and the contract cleaners. --www.professionalsecurity.co.uk

L'autore

Edward Humphreys (Chartered Fellow of the BCS - FBCS CITP, CISM) is Director of XiSEC Consultants Ltd, a UK company providing Information Security Management consultancy services around the world. He has been an expert in the field of information security and risk management for more than 35 years. During this time he has worked for major international companies (in Europe, North America and Asia), as well organisations such as the European Commission and the OECD. He is the editor of BS 7799 Part 1:1999, ISO/IEC 17799:2000, the 1999 and 2002 editions of BS 7799 Part 2 the ISMS standard and the EA 7/03 the ISMS accreditation guidelines. He is the Founder and Director of the ISMS International User Group and is responsible for the International Register of BS 7799/ISMS Certificates. In 2002 he was honoured with the Secure Computing Lifetime Achievement Award.

Le informazioni nella sezione "Su questo libro" possono far riferimento a edizioni diverse di questo titolo.

Editore
BSI British Standards Institution
Data di pubblicazione
2010
Lingua
Inglese
ISBN 10 
0580607453
ISBN 13 
9780580607455
Rilegatura
Copertina flessibile
Numero di pagine
143
Contatto del produttore
non disponibile
Persona responsabile
non disponibile