This package consists of the two ISO27001/ ISO 27002 (ISO17799) management guides written for van Haren Publishers by information security expert Alan Calder. The two management guides are:
- Information Security based on ISO 27001 and ISO 17799: A Management Guide, and
- Implementing Information Security based on ISO 27001 and ISO 17799: A Management Guide.
Information Security based on ISO 27001 and ISO 17799: A Management Guide.
- Covers cultural and organizational issues that are key for successful adoption and certification;
- Covers strategic business decision-making and makes recommendations as to Board input
- Notes that the design and implementation of the ISMS should be directly influenced by the organization’s ‘needs and objectives, security requirements, the processes employed and the size and structure of the organisation.’
This book provides detailed coverage of ISO27001, the ISMS specification, as well as the history of the standard, details and discussion of its content, and information about links to other standards and frameworks.
Implementing Information Security based on ISO 27001 and ISO 17799: A Management
This book provides a step-by-step high level overview of how to go about implementing an ISMS, or Information Security Management System. An ISMS is defined as ‘that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. The management system includes organisational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources.
Effective information security is defined in the ISO27001 as the ‘preservation of confidentiality, integrity and availability of information.’ It cannot be achieved through technological means alone, and should never be implemented in a way that is either out of line with the organization’s approach to risk or which undermines or creates difficulties for its business operations.
The ISMS includes ‘organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources’ and is a structured, coherent management approach to information security. It should be designed to ensure the effective interaction of the three key attributes of information security:
- process (or procedure)
- technology
- behaviour.
'These two books, taken together, provide a unique and thorough overview of the two international information security standards, set in the context of today's information threats and risk management requirements, together with a practical overview of implementation issues'.
Availability: Ex Stock
Order both these books online today!
