ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body.
The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001.
By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.
publication date
2023-08-11
what you will learn
Develop a strong understanding of the core principles underlying information security
Gain insights into the interpretation of control requirements in the ISO 27001/27002:2022 standard
Understand the various components of ISMS with practical examples and case studies
Explore risk management strategies and techniques
Develop an audit plan that outlines the scope, objectives, and schedule of the audit
Explore real-world case studies that illustrate successful implementation approaches
key features
Familiarize yourself with the clauses and control references of ISO/IEC 27001:2022 * Define and implement an information security management system aligned with ISO/IEC 27001/27002:2022 * Conduct management system audits to evaluate their effectiveness and adherence to ISO/IEC 27001/27002:2022
approach
The initial section of the book establishes the groundwork by elucidating fundamental concepts of information security, namely confidentiality, integrity, and availability. The subsequent part delves into the clauses and control references of ISO/IEC 27001:2022, elucidating the standards and organisational-level management of information security.
audience
This book is for information security professionals, including information security managers, consultants, auditors, officers, risk specialists, business owners, and individuals responsible for implementing, auditing, and administering information security management systems. Basic knowledge of organization-level information security management, such as risk assessment, security controls, and auditing, will help you grasp the topics in this book easily.
short description
This concise book equips you with the knowledge and practices needed to establish and maintain an effective information security management system. The chapters provide insights into ISO/IEC 27001/27002:2022, risk management, ISMS development, incident management, audit processes, and strategies for continuous improvement.
subtitle
A comprehensive handbook on ISO/IEC 27001:2022 compliance
keywords
management information systems, risk assessment book, infosec, isms book, iso/iec 27001 2022, iso/iec 27001, iso 27001 2022
Product ISBN
9781803231174
