IT Governance: A Manager's Guide to Data Security and ISO27001/ISO 27002, 4th Edition

  • 7h 12m
  • Alan Calder, Steve Watkins
  • Kogan Page
  • 2008

Information is widely regarded as the lifeblood of modern business, but organizations are facing a flood of threats to such “intellectual capital” from hackers, viruses, and online fraud. Directors must respond to increasingly complex and competing demands regarding data protection, privacy regulations, computer misuse, and investigatory regulations. IT Governance will be valuable to board members, executives, owners and managers of any business or organization that depends on information.

Covering the Sarbanes-Oxley Act (in the US) and the Turnbull Report and the Combined Code (in the UK), the book examines standards of best practice for compliance and data security. Written for companies looking to protect and enhance their information security management systems, it allows them to ensure that their IT security strategies are coordinated, coherent, comprehensive and cost effective.

About the Authors

Alan Calder is a founder-director of IT Governance Ltd. He is also the author of Corporate Governance and International IT Governance (both Kogan Page).

Steve Watkins is a recognized expert in the field of management system standards. He has authored several books on the topic and provides training and consulting services in this area.

In this Book

  • IT—Governance—A Manager’s Guide to Data Security and ISO27001/ISO 27002, 4th edition
  • Introduction
  • Why is information security necessary?
  • The Combined Code, the Turnbull Report and Sarbanes–Oxley
  • ISO27001
  • Organizing information security
  • Information security policy and scope
  • The risk assessment and statement of applicability
  • External parties
  • Asset management
  • Human resources security
  • Physical and environmental security
  • Equipment security
  • Communications and operations management
  • Controls against malicious software (malware) and back-ups
  • Network security management and media handling
  • Exchanges of information
  • Electronic commerce services
  • E-mail and internet use
  • Access control
  • Network access control
  • Operating system access control
  • Application access control and teleworking
  • Systems acquisition, development and maintenance
  • Cryptographic controls
  • Security in development and support processes
  • Monitoring and information security incident management
  • Business continuity management
  • Compliance
  • The ISO27001 audit
SHOW MORE
FREE ACCESS