万本电子书0元读

万本电子书0元读

顶部广告

ISO 27001 Risk Management in Plain English电子书

售       价:¥

7人正在读 | 0人评论 9.8

作       者:Dejan Kosutic

出  版  社:Advisera Expert Solutions Ltd

出版时间:2017-09-15

字       数:6.2万

所属分类: 进口书 > 外文原版书 > 法律/政治/宗教

温馨提示:此类商品不支持退换货,不支持下载打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
“Risk management is the central idea of ISO 27001. And, the way ISO 27001 tells you to achieve this tailor-made suit is to perform risk assessment and risk treatment.” This book, ISO 27001 Risk Management in Plain English, is a quick read for people who are focused solely on risk management. It has one aim in mind: to give you the knowledge and practical step-by-step process you need to successfully implement ISO 27001 risk assessment and treatment – without struggle, stress, or headaches. ISO 27001 Risk Management in Plain English is written primarily for beginners in this field and for people with moderate knowledge about risk assessment and treatment. It is structured in such a way that someone with no prior experience or knowledge about information security can quickly understand what it is all about, and how to implement the whole risk management project. However, if you do have experience with ISO 27001, but feel that you still have gaps in your knowledge, you’ll also find this book very helpful. This book will give you a complete overview of risk management according to ISO 27001. It will also explain the differences between risk management in ISO 27001 and other risk-oriented standards, such as ISO 27005 and ISO 31000. You will learn the five main steps in the risk management process, the purpose of risk assessment, and how to perform it. “In my experience, the employees (and the organization as a whole) are usually aware of only 25 to 40% of risks,” says author Dejan Kosutic. “Therefore, a thorough and systematic process needs to be carried out to find out everything that could endanger the confidentiality, integrity, and availability of their information.” This book will serve as your complete guide to ISO 27001 risk management. From the simple explanation of requirements, steps in risk management, development of methodology, and which documents are required for risk management – you will quickly see that this is the only book you’ll ever need on the subject.
目录展开

COVER

ABOUT THE AUTHOR

TABLE OF CONTENTS

PREFACE

1 INTRODUCTION

1.1 Who should read this book?

1.2 How to read this book?

1.3 What this book is not

1.4 Why is risk management the central philosophy in ISO 27001?

1.5 Relationship between enterprise risk management and information security management

1.6 ISO 27001 vs. ISO 27005 vs. ISO 31000

1.7 Additional resources

2 STEPS IN THE RISK MANAGEMENT

2.1 Addressing risks and opportunities (clause 6.1.1)

2.2 Five steps in the risk management process (clause 6.1)

2.3 Writing the risk assessment methodology (clause 6.1.2)

2.4 Risk assessment part I: Identifying the risks (clauses 6.1.2 and 8.2)

2.5 Risk assessment part II: Analyzing and evaluating the risks (clauses 6.1.2 and 8.2)

2.6 Performing risk treatment (clauses 6.1.3 and 8.3)

2.7 Statement of Applicability: The central document of the whole ISMS (clause 6.1.3 d)

2.8 Developing the Risk treatment plan (clauses 6.1.3, 6.2, and 8.3)

2.9 Regular review of the risk assessment and treatment (clause 8.2)

2.10 Success factors

3 MINI CASE STUDY: PERFORMING RISK ASSESSMENT IN A SMALL HOSPITAL

APPENDIX - Catalog of threats and vulnerabilities

BIBLIOGRAPHY

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部