ISO/IEC 27001:2013 focuses on specific recommendations to help you establish your own Information Security Management System (ISMS), monitor its performance and implement necessary improvements where necessary.
The new standard has been written using the high level structure that will be common to all new management system standards. This will allow easier integration when implementing more than one management system within your organization.
This standard is less prescriptive, allowing greater flexibility on how requirements are satisfied, thereby giving organizations greater freedom to implement requirements in a manner best suited to them.
This book serves as a basic introduction to ISO/IEC 27001:2013 and acts as a straight-forward guide to implementation. It includes a practical, easy to use assessment/risk treatment method that delivers results directly expressed in business meaningful terms.
The book is aimed primarily at people are looking for straight-forward overview of the standard and how to implement it. You can be new to the sector, new to the job, or new to the standard – this useful pocket guide has all the information you need to get you started.
The guidance in this book is applicable to a wide range of differing ISMS implementations appropriate to SMEs as well as much larger organisations
Dr. David Brewer was one of the first consultants to advise the British Government on information security matters, providing assistance to establish the first ever computer security evaluation facilities and evaluation criteria, and is a a co-author of the original ISMS standard, BS 7799 Part 2.
He is now an active member of the UK delegation to ISO JTC 1 SC27 WG1, which is responsible for the IS27000 family of standards; and is co-editor for the revision of ISO/IEC 27004 (Measurements). He is well known for his work in rolling out ISO/IEC 27001 to the whole of the Civil Service in Mauritius, which is an exemplar of his ISMS implementation methodology, and his ability to train people to train others.
Introduction - Preface, What this book is about, How to use this book, Benefits
Chapter 1 – Information Security Management SystemsIntroduction, Purpose and benefits, Understanding management system standards, Structure of the ISO/IEC 27001 standard, Management system versus information security specific requirements, Relation with other standards
Chapter 2 - Management system-specific requirementsIntroduction, Continuous improvement, Scope, organisation and context, Policy and objectives, Risks and opportunities, Operation, Performance evaluation and actions, Management and support
Chapter 3 – Information security-specific requirements, Introduction, Risk assessment and risk treatment, Identifying controlsThe Statement of Applicability, Evaluating effectiveness
Chapter 4 - Implementation guidance, Introduction, Implementation strategies, Preparation and project planning, Choice of documentation media, Risk assessment/risk treatment methods, Identifying controls in practice, Management system process examples, Dos and don’ts
Other information security books you might be interested in...
From a more detailed understanding of the new standard to guidelines on implementation, certification and audits, we have a number of books to help you make your transition.