IT Governance: A Manager's Guide To Data Security And BS 7799/ISO 17799 - Rilegato

Informazioni sugli autori

Alan Calder is a founder-director of IT Governance Ltd, which provides IT governance and information security services through its website www.itgovernance.co.uk. He is the author of Corporate Governance, IT Governance and International IT Governance, all published by Kogan Page.

Steve Watkins is Corporate Services Manager of HMCPSI and was Head of Quality and Operations at Focus Central London and was, before that, Quality Manager at Business Link. Alan Calder and Steve Watkins were responsible for one of the first companies (BLLCP) to achieve BS 7799 registration when the standard was first promulgated in 1996. They have aided other organisations since then to implement effective information security management systems, and have been involved in the development of both the accredited certification scheme and related training standards.

Steve Watkins is also director at IT Governance, Chair of the ISO/IEC 27001 User Group - the UK Chapter of the ISMS International User Group - and contracted Technical Assessor for UKAS, assessing certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He sits on the UK national standards body's technical committees RM/1 (risk management), IST/33 (information technology - security techniques) and sub-committee IST/33/1 (information security management systems), and is Chair of IST/33/1 Panel 2 (certification and audits), which is responsible for the UK's contributions to standards including ISO 27006, 27007, 27008 and 27021.

Estratto. © Ristampato con autorizzazione. Tutti i diritti riservati.

Why is information security necessary? The Combined Code and the Turnbull Report. BS7799. Information security management. Information security policy and scope. The risk assessment and statement applicability. Security of third party access and outsourcing. Asset classification and control. Personnel security. Physical and environmental security. Equipment security. General security controls. Communications and operations management. Controls against malicious software. Housekeeping, network management and media handling. Exchanges of information and software. E-mail and Internet use. Access control. Network access control. Operating system access control. Application access control. Mobile computing and teleworking. Systems development and maintenance. Cryptographic controls. Security in development and support process. Business continuity management. Compliance. The BS7799 audit.