How to Achieve 27001 Certification: An Example of Applied Compliance Management, 1st Edition (Hardback) book cover

How to Achieve 27001 Certification

An Example of Applied Compliance Management, 1st Edition

By Sigurjon Thor Arnason, Keith D. Willett

Auerbach Publications

352 pages | 12 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9780849336485
pub: 2007-11-28
SAVE ~$18.00
$120.00
$102.00
x
eBook (VitalSource) : 9780429133039
pub: 2007-11-28
from $28.98


FREE Standard Shipping!

Description

The security criteria of the International Standards Organization (ISO) provides an excellent foundation for identifying and addressing business risks through a disciplined security management process. Using security standards ISO 17799 and ISO 27001 as a basis, How to Achieve 27001 Certification: An Example of Applied Compliance Management helps an organization align its security and organizational goals so it can generate effective security, compliance, and management programs.

The authors offer insight from their own experiences, providing questions and answers to determine an organization's information security strengths and weaknesses with respect to the standard. They also present step-by-step information to help an organization plan an implementation, as well as prepare for certification and audit.

Security is no longer a luxury for an organization, it is a legislative mandate. A formal methodology that helps an organization define and execute an ISMS is essential in order to perform and prove due diligence in upholding stakeholder interests and legislative compliance. Providing a good starting point for novices, as well as finely tuned nuances for seasoned security professionals, this book is an invaluable resource for anyone involved with meeting an organization's security, certification, and compliance needs.

Table of Contents

INTRODUCTION

ISO SECURITY STANDARDS

INTERNATIONAL SECURITY ORGANIZATION (ISO) SECURITY STANDARD CERTIFICATION

GOALS

OUTLINE AND FLOW

COMMENTARY

INTRODUCTION TO ISO SECURITY STANDARDS

OBJECTIVES

CORNERSTONES OF INFORMATION SECURITY

THE HISTORY OF ISO INFORMATION SECURITY STANDARDS

INFORMATION SECURITY STANDARDS ROADMAP AND

NUMBERING

INTERNATIONAL SECURITY MANAGEMENT STANDARDS

OTHER PROPOSED INFORMATION SECURITY STANDARDS

INTRODUCTION TO THE ISO/IEC 27001 STANDARD

INTRODUCTION TO THE ISO 17799 STANDARD

RELATIONSHIP BETWEEN ISO 27001 AND THE ISO 17799

RELATIONSHIP TO OTHER MANAGEMENT STANDARDS

PDCA AND SECURITY STANDARDS CROSS REFERENCE

INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)

OBJECTIVES

ISMS INTRODUCTION

SECURITY MANAGEMENT FRAMEWORK (SMF)

INTRODUCTION

ISMS ESTABLISHMENT PROCESS…TO-BE OR PDCA

FOUNDATIONAL CONCEPTS AND TOOLS FOR AN ISMS

OBJECTIVES

SMF APPLICATIONS

ISMS INITIAL PLANNING AND IMPLEMENTATION

ESTABLISHING CURRENT STATUS OF ORGANIZATIONAL SECURITY MANAGEMENT (ASSESSMENT PROCESS)

ANALYSIS OF DISCOVERY RESULTS

AN INITIAL VIEW OF DEVELOPING AN ISMS

IMPLEMENTING AN INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS) - PDCA

OBJECTIVES

ISMS DEFINITION

PDCA MODEL

PLAN PHASE

DO PHASE

CHECK PHASE

ACT PHASE

SUMMARY OF IMPLEMENTING THE ISMS

AUDIT AND CERTIFICATION

OBJECTIVES

CERTIFICATION PROCESS OVERVIEW

SELECTING AN ACCREDITED CERTIFICATION BODY

CERTIFICATION PREPARATION CHECKLIST

THE AUDIT STAGE PROCESS

COMPLIANCE MANAGEMENT

OBJECTIVES

INTRODUCTION TO COMPLIANCE MANAGEMENT

IA COMPLIANCE MANAGEMENT PROGRAM

CONCLUSION AND COMMENTARY

APPENDIX A: ISMS ASSESSMENT DISCOVERY QUESTION SET

APPENDIX B: SAMPLE STATEMENT OF APPLICABILITY (SOA)

APPENDIX C: PDCA GUIDELINE DOCUMENTS - OUTLINES

ISMS - PLAN PHASE GUIDELINES-DOCUMENT OUTLINE

ISMS - DO PHASE GUIDELINES-DOCUMENT OUTLINE

ISMS - CHECK PHASE GUIDELINES-DOCUMENT OUTLINE

ISMS - ACT PHASE GUIDELINES-DOCUMENT OUTLINE

APPENDIX D: POLICY, STANDARD, AND PROCEDURE SAMPLE TEMPLATES

SAMPLE POLICY TEMPLATE

SAMPLE STANDARD TEMPLATE

SAMPLE PROCEDURE TEMPLATE

APPENDIX E: ISMS POLICY AND RISK TREATMENT TEMPLATES

ISMS POLICY TEMPLATE

RISK TREATMENT TEMPLATE

APPENDIX F: PROJECT DEFINITION TEMPLATE

USEFUL BITS OF KNOWLEDGE (UBOKS)

GLOSSARY

REFERENCES

INDEX

Subject Categories

BISAC Subject Codes/Headings:
COM032000
COMPUTERS / Information Technology
COM053000
COMPUTERS / Security / General