ISO27001 in a Windows Environment

Most ISO27001 implementations will involve a Windows® environment at some level. The two approaches to security, however, mean that there is often a knowledge gap between those trying to implement ISO27001 and the IT specialists trying to put the necessary best practice controls in place while using Microsoft®’s technical controls. ISO27001 in a Windows® Environment bridges the gap and gives essential guidance to everyone involved in a Windows®-based ISO27001 project.

• Cover
• Title
• Copyright
• Foreword
• Preface
• About the Author
• Acknowledgements
• Contents
• Introduction
• Chapter 1: Information and Information Security
  • Information security concepts
  • Other information security concepts
  • The importance of information security
• Chapter 2: Using an ISMS to Counter the Threats
  • System security versus information security
  • The structure of an ISMS
  • Managing exceptions to the policy
• Chapter 3: An Introduction to ISO27001
  • The ISO27000 standards family
  • History of ISO27001
  • What is in the ISO27001 standard?
  • Continual improvement
  • What are the benefits of ISO27001?
• Chapter 4: Identify your Information Assets
  • Define the scope of the ISMS
  • Identifying your information security assets
• Chapter 5: Conducting a Risk Assessment
  • What is risk?
  • Managing risks
  • The different types of risk analysis
  • Risk management tools
• Chapter 6: An Overview of Microsoft Technologies
  • Microsoft® Windows Server® 2008
  • Microsoft® Windows Server® 2012
  • Microsoft® Windows® 7
  • Microsoft® Windows® 8
  • Microsoft® Forefront™
  • Microsoft® Systems Center
  • Microsoft® Windows Server® Update Services
  • Microsoft® Baseline Security Analyzer
  • Microsoft Security Risk Management Guide
  • Microsoft® Threat Analysis and Modeling
  • Microsoft® CAT.NET
  • Microsoft® Source Code Analyzer for SQL Injection
• Chapter 7: Implementing ISO27001 in a Microsoft environment
  • Section 4 Information security management system
  • Section A.6 Organisation of information security
  • Section A.7 Human resource security
  • Section A.8 Asset management
  • Section A.9 Access control
  • Section A.10 Cryptography
  • Table 22: A.11.2 Equipment
  • Table 24: A.12.2 Protection from malware
  • Table 26: A.12.4 Logging and monitoring
  • Table 27: A.12.5 Control of operational software
  • Table 29: A.12.7 Information systems audit considerations
  • Section A.13 Communications security
  • Table 31: A.13.2 Information transfer
  • Section A.14 System acquisition, development and maintenance
  • Table 33: A.14.2 Security in development and support processes
  • Section A.15 Supplier relationships
  • Table 36: A.15.2 Supplier service delivery management
  • Section A.16 Information security incident management
  • Section A.18 Compliance
• Chapter 8: Securing the Windows® environment
  • Windows Server® 2008 and 2012 architecture
  • Domain user accounts naming standards
• Chapter 9: Securing the Microsoft® Windows Server® platform
  • Recommended settings
• Chapter 10: Auditing and Monitoring
  • Configuring auditing of file and resource access
  • Event log settings
  • Events to record
• Chapter 11: Securing your Servers
  • Protecting files and directories
• Appendix 1: Overview of security settings for Windows Server® 2008 and 2012 servers and domain controllers
  • Service pack and hotfixes
  • Account and audit policies
  • Event log settings
  • Security settings
  • Service settings
  • User rights
  • Registry permissions
  • File and registry auditing
• Appendix 2: Bibliography, Reference and Further Reading
  • ISO27001 resources
  • Microsoft resources
  • http://blogs.technet.com/b/msrc/
  • Microsoft products
  • www.microsoft.com/en-us/download/details.aspx?id=24659
  • Other resources
• ITG Resources