万本电子书0元读

万本电子书0元读

顶部广告

Secure & Simple – A Small-Business Guide to Implementing ISO 27001 On Your Own电子书

售       价:¥

45人正在读 | 0人评论 9.8

作       者:Dejan Kosutic

出  版  社:Advisera Expert Solutions Ltd

出版时间:2017-12-18

字       数:41.9万

所属分类: 进口书 > 外文原版书 > 法律/政治/宗教

温馨提示:此类商品不支持退换货,不支持下载打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Secure Simple Dejan Kosutic, an author and experienced information security consultant, is giving away all his practical know-how on successful ISO 27001 implementation. Whether you’re new or experienced in the field, this book gives you everything you will ever need to implement ISO 27001 on your own. Dejan provides examples of implementing the standard in small and medium-sized organizations (i.e. companies with up to 500 employees). It is written primarily for beginners in the field and for people with moderate knowledge of ISO 27001. Even if you do have experience with the standard, but feel that there are gaps in your knowledge, you’ll find this book very helpful. Secure Simple is the definitive guide for implementing and maintaining the most popular information security standard in the world. The author leads you, step-by-step, from an introduction to ISO 27001 to the moment your company passes the certification audit. During that journey you will learn: The most common ISO 27001 myths, like “The standard requires xyz;” “We’ll let the IT department handle it;” “We’ll implement it in a couple of months;” and others.How to convince your top management to implement ISO 27001. “If you think that your management loves to listen to your great idea about a new firewall, or the perfect tool you've discovered for handling incidents, you're wrong – they just don't care.” This book will help you speak the language they want to hear.How to write the Risk Assessment Methodology plus other policies and procedures.How to identify potential risks.“Employees (and the organization as a whole) are usually aware of only 25 to 40% of risks – therefore, a thorough and systematic process needs to be carried out…” Learn how to identify all potential risks that could endanger the confidentiality, integrity, and availability of organization’s information.What are the most important steps in order to prepare a company for the certification, and much more. Written in plain English with a lot of practical examples, charts and diagrams, it is the only book you’ll need on the subject of ISO 27001 implementation.
目录展开

COVER

ABOUT THE AUTHOR

TABLE OF CONTENTS

PREFACE

ACKNOWLEDGMENTS

1 INTRODUCTION

1.1 Why information security? Why ISO 27001?

1.2 Basic information security principles

1.3 ISO 27001 puts it all together

1.4 Who should read this book?

1.5 How to read this book

1.6 What this book is not

1.7 Additional resources

2 WHAT EXACTLY IS ISO 27001?

2.1 The most popular information security standard worldwide

2.2 Information security vs. IT security

2.3 How does ISO 27001 work?

2.4 What ISO 27001 is not – 7 most common myths

2.5 Where does information security belong?

2.6 For which type and size of companies is ISO 27001 intended?

2.7 Short history of ISO 27001

2.8 What does the standard look like? The structure and main clauses

2.9 Introduction to the Information Security Management System

3 GETTING THE BUY-IN FROM YOUR MANAGEMENT AND OTHER EMPLOYEES

3.1 How to convince your top management to implement ISO 27001

3.2 How to present the benefits to your top management

3.3 Is it possible to calculate the Return on Security Investment (ROSI)?

3.4 Dealing with line managers and other employees

3.5 Bridging the gap between IT and the business

3.6 Success factors

4 PREPARING FOR THE IMPLEMENTATION

4.1 ISO 27001 strategy: Three options for the implementation

4.2 How to choose a consultant

4.3 Should you use Gap analysis?

4.4 Sequence of implementing ISO 27001 & relationship with PDCA cycle

4.5 Setting up an ISO 27001 implementation project

4.6 Who should be the project manager

4.7 How long does it take?

4.8 How much does it cost?

4.9 Using tools and templates

4.10 Decide on your documentation strategy

4.11 Success factors

5 FIRST STEPS IN THE PROJECT

5.1 Understanding the context of your company (clause 4.1)

5.2 Listing interested parties and their requirements (clause 4.2)

5.3 Defining the ISMS scope (clause 4.3)

5.4 What is required of the top management (clause 5.1)

5.5 Writing the Information Security Policy (clause 5.2)

5.6 Defining top-level ISMS objectives (clauses 5.2 b and 6.2)

5.7 Roles and responsibilities, and how to document them (clause 5.3)

5.8 Success factors

6 NON-SECURITY THINGS NECESSARY FOR SECURITY MANAGEMENT

6.1 Managing documents and records (clause 7.5)

6.2 Providing resources for the ISMS (clause 7.1)

6.3 Providing security training (clause 7.2)

6.4 Making your people aware of why information security is important (clause 7.3)

6.5 How to communicate and with whom (clause 7.4)

6.6 Success factors

7 RISK MANAGEMENT

7.1 Addressing risks and opportunities (clause 6.1.1)

7.2 Five steps in the risk management process (clause 6.1)

7.3 Writing the risk assessment methodology (clause 6.1.2)

7.4 Risk assessment part I: Identifying the risks (clauses 6.1.2 and 8.2)

7.5 Risk assessment part II: Analyzing and evaluating the risks (clauses 6.1.2 and 8.2)

7.6 Performing risk treatment (clauses 6.1.3 and 8.3)

7.7 Statement of Applicability: The central document of the whole ISMS (clause 6.1.3 d)

7.8 Developing the Risk treatment plan (clauses 6.1.3, 6.2, and 8.3)

7.9 Success factors

8 IMPLEMENTING SECURITY CONTROLS; OPERATIONAL PLANNING AND CONTROL

8.1 Setting the objectives for security controls and processes (clause 6.2)

8.2 Where to start with the documentation

8.3 Deciding which policies and procedures to write

8.4 Writing documentation that will be accepted by the employees

8.5 Operating the ISMS on a daily basis (clause 8.1)

8.6 Managing changes in the ISMS (clause 8.1)

8.7 Maintenance of the documentation (clause 7.5.2)

8.8 Managing outsourced services (clause 8.1)

8.9 Regular review of the risk assessment and treatment (clause 8.2)

8.10 Success factors

9 OVERVIEW OF ANNEX A CONTROLS

9.1 Introduction to ISO 27001 Annex A

9.2 Structure of Annex A

9.3 Structuring the documentation for Annex A

9.4 Information security policies (A.5)

9.5 Organization of information security (A.6)

9.6 Human resources security (A.7)

9.7 Asset management (A.8)

9.8 Access control (A.9)

9.9 Cryptography (A.10)

9.10 Physical and environmental security (A.11)

9.11 Operational security (A.12)

9.12 Communications security (A.13)

9.13 System acquisition, development and maintenance (A.14)

9.14 Supplier relationships (A.15)

9.15 Information security incident management (A.16)

9.16 Information security aspects of business continuity management (A.17)

9.17 Compliance (A.18)

9.18 Success factors

10 MAKING SURE YOUR ISMS WILL WORK AS EXPECTED

10.1 Monitoring, measurement, analysis, and evaluation of the ISMS (clause 9.1)

10.2 Internal audit part I: Preparation (clause 9.2)

10.3 Internal audit part II: Steps in the audit & preparing the checklist

10.4 Management review that makes sense (clause 9.3)

10.5 Practical use of nonconformities and corrective actions (clause 10.1)

10.6 Constant improvement of the ISMS (clause 10.2)

10.7 Success factors

11 ENSURING YOUR COMPANY PASSES THE CERTIFICATION AUDIT

11.1 Do you really need the certificate?

11.2 Certification vs. registration vs. accreditation

11.3 Final preparations before the certification

11.4 How to choose a certification body

11.5 Steps in the company certification and how to prepare

11.6 Which questions will the ISO 27001 certification auditor ask?

11.7 How to talk to the auditors to benefit from the audit

11.8 What the auditor can and cannot do

11.9 Nonconformities and how to resolve them

11.10 Success factors

12 BONUS CHAPTER I: CAREER OPPORTUNITIES WITH ISO 27001

12.1 Most popular courses to attend

12.2 What do the Lead Auditor Course and Lead Implementer Course look like?

12.3 How to become a certification auditor

12.4 How to become a consultant

13 BONUS CHAPTER II: RELATED STANDARDS, CONCEPTS, AND FRAMEWORKS

13.1 The most important standards from the ISO 27k series

13.2 ISO 27001 vs. ISO 27002

13.3 ISO 27001 vs. ISO 27005 vs. ISO 31000

13.4 ISO 27001 vs. ISO 27017 vs. cloud security

13.5 ISO 27001 vs. ISO 27018 vs. privacy in the cloud

13.6 ISO 27001 vs. ISO 27032 vs. cybersecurity

13.7 Relationship with ISO 22301, ISO 20000, ISO 9001, ISO 14001, and ISO 45001

13.8 Using ISO 22301 for the implementation of business continuity in ISO 27001

13.9 ISO 27001 and COBIT, PCI DSS, NIST SP800, Cybersecurity Framework and ITIL

13.10 ISO 27001 as a compliance platform for various frameworks

14 BONUS CHAPTER III: ISO 27001 MINI CASE STUDIES

14.1 Defining an ISMS scope in a small cloud provider

14.2 Applying secure engineering principles in a software development company

14.3 Awareness raising in a government agency

14.4 Getting the top management commitment in a state-owned company

14.5 Listing the interested parties and their requirements in a European bank

14.6 Writing the information security policies in a manufacturing company

14.7 Preparing a telecom company for a certification

14.8 Performing risk assessment in a small hospital

14.9 Setting security objectives and measurement in a service company

14.10 Implementing ISO 27001 in data centers – An interview

15 GOOD LUCK!

APPENDIX A – CHECKLIST OF MANDATORY DOCUMENTATION REQUIRED BY ISO 27001:2013

APPENDIX B – DIAGRAM OF ISO 27001:2013 IMPLEMENTATION

APPENDIX C – APPLICABILITY OF ISO 27001 DIVIDED BY INDUSTRY

APPENDIX D – INFOGRAPHIC: ISO 27001 2013 REVISION – WHAT HAS CHANGED?

APPENDIX E – ISO 27001 VS ISO 20000 MATRIX

APPENDIX F – PROJECT PROPOSAL FOR ISO 27001 IMPLEMENTATION TEMPLATE

APPENDIX G – PROJECT CHECKLIST FOR ISO 27001 IMPLEMENTATION

APPENDIX H – PROJECT PLAN TEMPLATE FOR ISO 27001 IMPLEMENTATION

APPENDIX I – LIST OF QUESTIONS TO ASK YOUR ISO 27001 CONSULTANT

APPENDIX J – LIST OF QUESTIONS TO ASK AN ISO 27001 CERTIFICATION BODY

APPENDIX K – INFOGRAPHIC: THE BRAIN OF AN ISO AUDITOR – WHAT TO EXPECT AT A CERTIFICATION AUDIT

APPENDIX L – WHAT IS THE JOB OF CHIEF INFORMATION SECURITY OFFICER (CISO) IN ISO 27001?

APPENDIX M – CATALOG OF THREATS AND VULNERABILITIES

GLOSSARY

BIBLIOGRAPHY

累计评论(0条) 0个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部