An introduction to ISO/IEC 27001:2013 - Brossura

Sinossi

ISO/IEC 27001:2013 is the requirements specification standard for an information security management system , or ISMS for short. With more than 17,000 registrations worldwide, it defines the internationally accepted way to manage information security in your organization. You can use it to manage your exposure to information security risk, which is good governance, and to give confidence to others that you do, which is called market assurance.Since the standard was first published as an ISO standard in 2005, sweeping changes have been made, as all new and revised management system standards have to conform to new ISO directives concerning layout and content. The standard has also been updated to align it with new ISO risk management principles, and to reflect the lessons learnt worldwide in using ISMSs. However, whilst the new standard is very clear about specifying what must be done to create and use an ISMS, implementation is beyond the remit of the document. To compensate for this, this book is full of practical how-to guidance.It explains the new requirements and provides fresh insights into understanding management systems in general and ISMSs in particular. It gives advice on risk assessment and risk treatment, a clear explanation of the purpose of the ‘Statement of Applicability’ (SOA ) and advice on determining controls in practice. There is also guidance on assessing information security performance and the effectiveness of the ISMS processes.This book has been designed so that you can read it from cover to cover to gain a comprehensive understanding of the new standard, and then later use it as a reference book.I have more than 18 years’ worldwide experience in working with ISMSs as a standards maker, consultant, auditor, tutor and management system administrator, my first involvement being with the development of the preceding British ISMS standards, BS 7799-2:1998, BS 7799-2:1999 and BS 7799-2:2002. The advice that I have given in this book is derived from this practical experience, supplemented by the insights afforded by being a member of the international ISO/IEC 27001:2013 development team.The advice that I offer here has been tried and tested over many years and has met with the approbation of many organizations and certification bodies. It has also been incorporated in other standards, such as BS 7799-3:2017. This book is a ‘must-have’ for organizations and individuals keen on having a straightforward overview of the new ISMS standard and practical guidance on how to implement it.

Le informazioni nella sezione "Riassunto" possono far riferimento a edizioni diverse di questo titolo.