Implementing Information Security based on ISO 27001/ISO 27002 (eBook)
90 Seiten
van Haren Publishing (Verlag)
978-90-8753-543-8 (ISBN)
Information is the currency of the information age and in many cases is the most valuable asset possessed by an organisation. Information security management is the discipline that focuses on protecting and securing these assets against the threats of natural disasters, fraud and other criminal activity, user error and system failure. Effective information security can be defined as the ‘preservation of confidentiality, integrity and availability of information.’ This book describes the approach taken by many organisations to realise these objectives. It discusses how information security cannot be achieved through technological means alone, but should include factors such as the organisation’s approach to risk and pragmatic day-to-day business operations. This Management Guide provides an overview of the implementation of an Information Security Management System that conforms to the requirements of ISO/IEC 27001:2005 and which uses controls derived from ISO/IEC 17799:2005. It covers the following: CertificationRiskDocumentation and Project Management issuesProcess approach and the PDCA cyclePreparation for an Audit
CHAPTER 1 Introduction 10
1.1 ISO/IEC 27001:2005 (‘ISO 27001’ or ‘the Standard’) 10
1.2 ISO/IEC 27002:2005 (‘ISO 27002’) 10
1.3 Definitions 11
CHAPTER 2 Information security and ISO 27001 12
2.1 Approach to information security 12
2.2 The ISMS and organizational needs 12
2.3 Reasons to implement an ISMS 13
2.4 The ISMS and regulation 14
CHAPTER 3 Certification 16
3.1 Read and study the Standards 16
3.2 ‘Badge on the wall’ debate 17
3.3 Certification 18
3.4 Qualifications and further study 18
CHAPTER 4 ISO 27001 and ISO 27002 20
4.1 ISO 27002 20
4.2 ISO 27001 20
CHAPTER 5 Frameworks and management system integration 22
5.1 ITIL 22
5.2 ISO 20000 23
5.3 ISO 27001 Annex C 23
5.4 Management system integration 25
5.5 BS25999 25
5.6 CobiT 26
CHAPTER 6 Documentation requirements and record control 28
6.1 ISO 27001 Document control requirements 28
6.2 Annex A document controls 29
6.3 Document approval 29
6.4 Contents of the ISMS documentation 30
6.5 Record control 31
6.6 Documentation process and toolkits 31
CHAPTER 7 Project team 34
7.1 Demonstrating management commitment 34
7.2 Project team/steering committee 34
7.3 Information security co-ordination 35
CHAPTER 8 Project initiation 36
8.1 Awareness 36
8.2 Awareness tools 37
CHAPTER 9 Process approach and the PDCA cycle 38
9.1 PDCA mapped to the clauses of ISO 27001 39
9.2 ISMS project roadmap 40
CHAPTER 10 Plan - establish the ISMS 42
10.1 ISMS policy 42
10.2 Policy and business objectives 42
CHAPTER 11 Scope definition 44
11.1 Scoping, boundaries and third party risk 44
11.2 Scoping in small organizations 45
11.3 Scoping in large organizations 46
11.4 Legal and regulatory frameworks 46
11.5 Network infrastructure 46
CHAPTER 12 Risk management 48
12.1 Risk treatment plans 48
12.2 Acceptable risks 48
12.3 Risk assessment 49
CHAPTER 13 Assets within scope 50
13.1 Asset classes 50
13.2 Asset owners 51
CHAPTER 14 Assessing risk 52
14.1 Threats (4.2.1.d2) 52
14.2 Vulnerabilities (4.2.1.d3) 53
14.3 Impacts (4.2.1.d4) 53
14.4 Risk assessment (likelihood and evaluation) (4.2.1.e) 54
14.5 Risk level 54
CHAPTER 15 Risk treatment plan 56
CHAPTER 16 Risk assessment tools 58
16.1 Gap analysis tools 58
16.2 Vulnerability assessment tools 59
16.3 Penetration testing 59
16.4 Risk assessment tools 60
16.5 Statement of Applicability 61
CHAPTER 17 Statement of Applicability 62
17.1 Controls (4.2.1.f.1) 62
17.2 Controls and control objectives 63
17.3 ISO 27001:2005 Annex A 64
17.4 Drafting the Statement of Applicability 65
17.5 Excluded controls 66
CHAPTER 18 Third party checklists and resources 68
18.1 Third party sources 68
18.2 Configuration checklists 68
18.3 Vulnerability databases 69
CHAPTER 19 Do - implement and operate the ISMS 70
19.1 Gap analysis 70
19.2 Implementation 71
CHAPTER 20 Check - monitor and review the ISMS 74
20.1 Audits 74
20.2 Audit programme 74
20.3 Reviews 75
CHAPTER 21 Act - maintain and improve the ISMS 76
21.1 Management review 76
CHAPTER 22 Measurement 78
22.1 NIST SP800-55 78
CHAPTER 23 Preparing for an ISMS audit 80
A APPENDIX Bibliography of related standards, guides and books 82
APPENDIX B Accredited certification and other bodies 84
| Erscheint lt. Verlag | 9.9.2011 |
|---|---|
| Reihe/Serie | A Management Guide |
| Verlagsort | Zaltbommel |
| Sprache | englisch |
| Themenwelt | Mathematik / Informatik ► Informatik |
| Sozialwissenschaften ► Pädagogik | |
| ISBN-10 | 90-8753-543-0 / 9087535430 |
| ISBN-13 | 978-90-8753-543-8 / 9789087535438 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 716 KB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
