ISO 27001/ISO 27002 – A guide to information security management systems ISO 27001 is one of the leading information security standards. It offers an internationally recognised route for organisations of all sizes and industries to adopt and demonstrate effective, independently verified information security. Information is the lifeblood of the modern world. It is at the heart of our personal and working lives, yet all too often control of that information is in the hands of organisations, not individuals. As a result, there is ever-increasing pressure on those organisations to ensure the information they hold is adequately protected. Demonstrating that an organisation is a responsible custodian of information is not simply a matter of complying with the law – it has become a defining factor in an organisation’s success or failure. The negative publicity and loss of trust associated with data breaches and cyber attacks can seriously impact customer retention and future business opportunities, while an increasing number of tender opportunities are only open to those with independently certified information security measures. Understand how information security standards can improve your organisation’s security and set it apart from competitors with this introduction to the 2022 updates of ISO 27001 and ISO 27002.  

• Cover
• Title
• Copyright
• Contents
• About the Author
• Acknowledgements
• Introduction
  • A brief history of ISO 27001
  • The ISO 27000 family
  • Implementing an ISMS
  • Plan-Do-Check-Act
  • A brief note on Annex SL
  • Shall and should
• Chapter 1: Accredited certification
• Chapter 2: Terms and definitions
• Chapter 3: ISO 27001 requirements
  • 4 – Context of the organisation
  • 5 – Leadership
  • 6 – Planning
  • 7 – Support
  • 8 – Operational planning and control
  • 9 – Performance evaluation
  • 10 – Continual improvement
  • Annex A – Information security controls
• Chapter 4: ISO 27002
  • Introduction
  • Annexes
• Further reading