ISO27001/ISO27002: A Pocket Guide

  • 32m
  • Alan Calder
  • IT Governance
  • 2008

ISO/IEC 27001:2005 is an international standard for information security management systems (ISMSs). Closely allied to ISO/IEC 27002:2005 (which used to be known as ISO17799), this standard (sometimes called the ISMS standard) can help organisations meet all their information-related regulatory compliance objectives and can help them prepare and position themselves for new and emerging regulations.

Information is the lifeblood of today’s organisation and, therefore, ensuring that information is simultaneously protected and available to those who need it is essential to modern business operations. Information systems are not usually designed from the outset to be secure. Technical security measures and checklists are limited in their ability to protect a complete information system. Management systems and procedural controls are essential components of any really secure information system and, to be effective, need careful planning and attention to detail.

ISO/IEC 27001 provides the specification for an information security management system and, in the related Code of Practice, ISO/IEC 27002, it draws on the knowledge of a group of experienced information security practitioners in a wide range of significant organisations across more than 40 countries to set out best practice in information security. An ISO27001-compliant system will provide a systematic approach to ensuring the availability, confidentiality and integrity of corporate information. The controls of ISO27001 are based on identifying and combating the entire range of potential risks to the organisation’s information assets.

This helpful, handy ISO27001/ISO27002 pocket guide gives a useful overview of these two important information security standards.

In this Book

  • ISO27001/ISO27002—A Pocket Guide
  • Foreword
  • Introduction
  • The ISO/IEC 27000 Family Of Information Security Standards
  • Background To The Standards
  • Specification Vs Code Of Practice
  • Certification Process
  • The ISMS And ISO27001
  • Overview Of ISO/IEC 27001:2005
  • Overview Of ISO/IEC 27002:2005
  • Documentation And Records
  • Management Responsibility
  • Process Approach And The PDCA Cycle
  • Policy And Scope
  • Risk Assessment
  • The Statement Of Applicability (SOA)
  • Implementation
  • Check And Act
  • Management Review
  • ISO27001 Annex A
  • ITG Resources
SHOW MORE
FREE ACCESS