Nine Steps to Success - Alan Calder

Nine Steps to Success

An ISO 27001 Implemenation Overview

Alan Calder (Autor)

85 Seiten
2006
IT Governance Publishing (Hersteller)
978-1-905356-10-2 (ISBN)
31,10 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
ISO 27001:2005 replaced the information security standard BS7799-2 from October 2005. This book provides guidance on achieving ISO 27001 certification and the 9 steps to an ISMS implementation. It includes coverage of topics such as how to get management and board buy-in; how to get cross-organizational, and others.
ISO 27001:2005 replaced the information security standard BS7799-2 from October 2005. Read the world's first practical guidance on achieving ISO 27001 certification and the 9 essential steps to an effective ISMS implementation - 9 critical steps that are the absolute difference between project success and abject failure. The contents of this book include: how to get management and board buy-in; how to get cross-organizational, cross functional buy-in; the gap analysis: how much do you really need to do? how to integrate with ISO9001 and other management systems; use consultants or do it youself? the PDCA cycle; risk assessment methodologies and tools; and, the documentation challenges. Alan Calder, the author of "IT Governance: a Manager's Guide to Data Protection and BS7799/ISO17799", led one of the first successful BS7799 certification efforts in the world. He also belongs to the committee of experts of a global certification body. This book contains the experience and secrets drawn from many successful BS7799 implementations.

Alan Calder is the founder director of IT Governance Ltd (www.itgovernance.co.uk), an information, advice and consultancy firm that helps company boards tackle governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors. The company operates a website that distributes a range of books, tools and other publications on governance, risk management, compliance and information security.

INTRODUCTION13 CHAPTER 1: INITIAL APPROACH21 Information risk and regulatory risk24 The 'fear list'25 ISO27001/ISO1779927 Background to the standard29 ISO/IEC 1779929 Links to other standards30 CHAPTER 2: MANAGEMENT SUPPORT33 Strategic alignment33 Prioritization and endorsement35 Change management35 The CEO's role37 The CEO's commitment38 Senior management support40 CHAPTER 3: SCOPING43 Endpoint security44 Defining boundaries45 Phased approach48 Network mapping48 Cutting corners50 CHAPTER 4: PLANNING53 Structured approach to implementation54 Plan54 Do55 Check55 Act55 Integration with existing security management systems56 Gap Analysis57 Quality system integration57 Project management59 Project team chair60 Project plan61 Costs and project monitoring63 Consultants64 Information security manager67 Specialist information security advice68 Functional specialists69 CHAPTER 5: COMMUNICATION71 Staff buy-in73 Information security policy74 CHAPTER 6: RISK ASSESSMENT77 Introduction to risk management78 Risk assessment80 Who conducts the risk assessment?80 Risk analysis81 Threats82 Vulnerabilities82 Impacts83 Controls83 Risk assessment tools84 CHAPTER 7: CONTROL SELECTION87 Nature of controls87 Control selection criteria90 Statement of applicability92 CHAPTER 8: DOCUMENTATION95 Four levels of documentation97 Documentation approaches98 Trial and error98 External expertise99 Third party Documentation Toolkit plus guidance100 CHAPTER 9: TESTING103 CHAPTER 10: SUCCESSFUL CERTIFICATION107 USEFUL WEBSITES113

Verlagsort Ely
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
Wirtschaft Betriebswirtschaft / Management Unternehmensführung / Management
ISBN-10 1-905356-10-2 / 1905356102
ISBN-13 978-1-905356-10-2 / 9781905356102
Zustand Neuware
Haben Sie eine Frage zum Produkt?