Aligned with the latest iteration of the Standard – ISO 27001:2013 – this new edition of the original no-nonsense guide to successful ISO 27001 certification is ideal for anyone tackling ISO 27001 for the first time, and covers each element of the ISO 27001 project in simple, non-technical language
Cover
Title
Copyright
Contents
Introduction
The ISO 27000 family
Before you start
Chapter 1: Project Mandate
Strategic alignment
Prioritisation and endorsement
Change management
The CEO’s role
The Project Mandate
Chapter 2: Project Initiation
Objectives
Project management
Project leadership
Senior management support
Project team
Project plan
Structured approach to implementation
Phased approach
The project plan
Integration with existing security management systems
Quality system integration
Looking ahead
Costs and project monitoring
Risk register
Chapter 3: ISMS Initiation
Continual improvement
Security improvement plan
Expanding the RACI matrix
Documentation
Four levels of documentation
Documentation approaches
Chapter 4: Management Framework
Scoping
Endpoint security
Defining boundaries
Network mapping
Cutting corners
Formalise key arrangements
Information security policy
Communication strategy
Staff buy-in
Chapter 5: Baseline Security Criteria
Chapter 6: Risk Management
Introduction to risk management
Baseline security controls
Risk assessment
Five-step risk assessment process
Risk workshop
Impacts
Controls
Risk assessment tools
Controls
Nature of controls
Control selection criteria
Statement of applicability
Risk treatment plan
Chapter 7: Implementation
Competencies
The ‘all persons’ requirement
Staff awareness
Outsourced processes
Chapter 8: Measure, Monitor and Review
Internal audit, and testing
Management review
Chapter 9: Certification
ISO 27001 Resources
ISO 27001:2013 ISMS Documentation Toolkit
vsRisk™
(UK) IT Legal Compliance Database
ISO 27001 staff awareness e-learning
ISO27001 Do It Yourself packaged consultancy
ISO 27001 Get A Little Help packaged consultancy
ISO 27001 Get A Lot Of Help packaged consultancy
ISO 27001 bespoke consultancy
ISO 27001 Certified ISMS Lead Implementer Training Course
ISO 27001 Certified ISMS Lead Auditor Training Course
ISO 27005 Certified Risk Management Training Course
Aligned with the latest iteration of the Standard – ISO 27001:2013 – this new edition of the original no-nonsense guide to successful ISO 27001 certification is ideal for anyone tackling ISO 27001 for the first time, and covers each element of the ISO 27001 project in simple, non-technical language
Table of contents
Cover
Title
Copyright
Contents
Introduction
The ISO 27000 family
Before you start
Chapter 1: Project Mandate
Strategic alignment
Prioritisation and endorsement
Change management
The CEO’s role
The Project Mandate
Chapter 2: Project Initiation
Objectives
Project management
Project leadership
Senior management support
Project team
Project plan
Structured approach to implementation
Phased approach
The project plan
Integration with existing security management systems
Quality system integration
Looking ahead
Costs and project monitoring
Risk register
Chapter 3: ISMS Initiation
Continual improvement
Security improvement plan
Expanding the RACI matrix
Documentation
Four levels of documentation
Documentation approaches
Chapter 4: Management Framework
Scoping
Endpoint security
Defining boundaries
Network mapping
Cutting corners
Formalise key arrangements
Information security policy
Communication strategy
Staff buy-in
Chapter 5: Baseline Security Criteria
Chapter 6: Risk Management
Introduction to risk management
Baseline security controls
Risk assessment
Five-step risk assessment process
Risk workshop
Impacts
Controls
Risk assessment tools
Controls
Nature of controls
Control selection criteria
Statement of applicability
Risk treatment plan
Chapter 7: Implementation
Competencies
The ‘all persons’ requirement
Staff awareness
Outsourced processes
Chapter 8: Measure, Monitor and Review
Internal audit, and testing
Management review
Chapter 9: Certification
ISO 27001 Resources
ISO 27001:2013 ISMS Documentation Toolkit
vsRisk™
(UK) IT Legal Compliance Database
ISO 27001 staff awareness e-learning
ISO27001 Do It Yourself packaged consultancy
ISO 27001 Get A Little Help packaged consultancy
ISO 27001 Get A Lot Of Help packaged consultancy
ISO 27001 bespoke consultancy
ISO 27001 Certified ISMS Lead Implementer Training Course
ISO 27001 Certified ISMS Lead Auditor Training Course
ISO 27005 Certified Risk Management Training Course
Facebook
Twitter
Linkedin
Whatsapp