IT Governance

"This book is to ISO27002 what ISO27002 is to ISO27001 - it is the guidance to the standard's guidance. As such, it is the most impressively comprehensive guide to implementing ISO27001-level InfoSec in your organisation. It gives detailed understanding and insight about the motivation and purpose of the different controls that will help build a fit-for-purpose ISMS. Because of this, I chose it as the set book for the very popular Open University Introduction to InfoSec module." * Dr Jon Hall, Open University InfoSec Module Chair and Author * "A well-structured and informative book that deserves a place on the bookshelf of any ISMS lead implementer and an invaluable reference for organisations seeking accredited third-party certification." * Alastair Hunter - UKAS Information Assurance Technical Focus *

Alan Calder is Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.. He led the world's first successful implementation of BS 7799 (now ISO 27001) and was involved in developing a wide range of information security management training courses, accredited by the International Board for IT Governance Qualifications (IBITGQ). Steve Watkins is Executive Director at GRC International Group plc, chair of the UK ISO/IEC 27001 User Group and contracted technical assessor for UKAS. He is a member of the international technical committee responsible for the ISO 27000 family of standards, and chairs the UK National Standards Body's technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it.

Chapter - 01: Why is information security necessary?; Chapter - 02: The UK combined code, the FRC risk guidance and SarbanesOxley; Chapter - 03: ISO27001; Chapter - 04: Organizing information security; Chapter - 05: Information security policy and scope; Chapter - 06: The risk assessment and Statement of Applicability; Chapter - 07: Mobile devices; Chapter - 08: Human resources security; Chapter - 09: Asset management; Chapter - 10: Media handling; Chapter - 11: Access control; Chapter - 12: User access management; Chapter - 13: System and application access control; Chapter - 14: Cryptography; Chapter - 15: Physical and environmental security; Chapter - 16: Equipment security; Chapter - 17: Operations security; Chapter - 18: Controls against malicious software (malware); Chapter - 19: Communications management; Chapter - 20: Exchanges of information; Chapter - 21: System acquisition, development and maintenance; Chapter - 22: Development and support processes; Chapter - 23: Supplier relationships; Chapter - 24: Monitoring and information security incident management; Chapter - 25: Business and information security continuity management; Chapter - 26: Compliance; Chapter - 27: The ISO27001 audit