IT Governance - An international guide to data security and ISO 27001/ISO 27002, Eighth edition

  • 7h 20m
  • Alan Calder, Steve Watkins
  • IT Governance
  • 2024

Recommended textbook for the Open University’s postgraduate information security course and the recommended text for all IBITGQ ISO 27001 courses

In this updated edition, renowned ISO 27001/27002 experts Alan Calder and Steve Watkins:

  • Discuss the ISO 27001/27002:2022 updates;
  • Provide guidance on how to establish a strong IT governance system and an ISMS (information security management system) that complies with ISO 27001 and ISO 27002;
  • Highlight why data protection and information security are vital in our ever-changing online and physical environments;
  • Reflect on changes to international legislation, e.g. the GDPR (General Data Protection Regulation); and
  • Review key topics such as risk assessment, asset management, controls, security, supplier relationships and compliance.

Fully updated to align with ISO 27001/27002:2022

IT Governance – An international guide to data security and ISO 27001/ISO 27002, Eighth edition provides:

  • Expert information security management and governance guidance based on international best practice;
  • Guidance on how to protect and enhance your organisation with an ISO 27001:2022-compliant ISMS; and
  • Discussion around the changes to international legislation, including ISO 27001:2022 and ISO 27002:2022.

As cyber threats continue to increase in prevalence and ferocity, it is more important than ever to implement a secure ISMS to protect your organisation. Certifying your ISMS to ISO 27001 and ISO 27002 demonstrates to customers and stakeholders that your organisation is handling data securely.

About the Author

Alan Calder

Alan Calder founded IT Governance Ltd in 2002 and began working full time for the company in 2007. He is now Group CEO of GRC International Group PLC, the AIM-listed company that owns IT Governance Ltd. Before this, Alan had a number of roles including CEO of Business Link London City Partners (a government agency focused on helping growing businesses to develop) from 1995 to 1998, CEO of Focus Central London (a training and enterprise council) from 1998 to 2001, and CEO of Wide Learning (a supplier of elearning) from 2001 to 2003 and the Outsourced Training Company (2005). He was also chairman of CEME (a public–private-sector skills partnership) from 2006 to 2011.

Alan is an acknowledged international cybersecurity guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.

Steve Watkins

Steve is a Director of Kinsnall Consulting Ltd (https://kinsnall.com) providing strategic and tactical advice and training on cybersecurity, information security, and privacy standards and certification schemes.

He is a contracted technical assessor for UKAS, conducting assessments of certification bodies offering ISO 27001, ISO 27701 and ISO 20000-1 accredited certification. He also undertakes information security assessments of forensic science laboratories seeking accreditation to the Forensic Science Regulator’s codes of practice and conduct.

He is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cybersecurity and privacy protection standards, where he is a co-editor of ISO/IEC 27006-1. He chairs IST 33, the UK National Standards Body’s technical committee that mirrors SC 27, and is a member of the European Commission’s Stakeholder Cybersecurity Certification Group (SCCG).

Steve first started working with information security management system (ISMS) standards in 1997. He has since supported a wide range of training and consultancy clients working with ISO 27001, including globally recognized brands, public-sector organisations and a wide selection of SMEs. He was a director of IT Governance Limited from 2008 and on the board of GRC International Group PLC through to May 2021.

In this Book

  • Introduction
  • Why is Information Security Necessary?
  • The Corporate Governance Code, the FRC Guidance on Risk Management, and Sarbanes–Oxley
  • ISO 27001
  • Organizing Information Security
  • Information Security Policy and Scope
  • The Risk Assessment and Statement of Applicability
  • Mobile and Remote Working
  • Human Resources Security
  • Asset Management
  • Exchanges of Information
  • Access Control
  • User Access Management
  • Supplier Relationships
  • Physical and Environmental Security
  • Equipment Security
  • System and Application Access Control
  • Cryptography
  • Operations Security
  • Controls Against Malicious Software (Malware)
  • Networks Security
  • System Acquisition, Development, and Maintenance
  • Development and Support Processes
  • Monitoring and Information Security Incident Management
  • Business and Information Security Continuity Management
  • Compliance
  • The ISO 27001 Audit
SHOW MORE
FREE ACCESS