What do you think?
Rate this book
Implementing an Information Security Management System: Security Management Based on ISO 27001 Guidelines
Chapter 1 - Need for Information Security
Information security in simple terms refers to securing your information. The question arises; who would you need to secure it from? Any person who is not authorized to access and use information. This chapter will provide reader an introduction on information security and its importance. We will talk about various industries / domains example which will give readers an understanding of information security related to industries / domain they are working in or are about to implement information security in their specific industry / organization.
• What is Information Security?• Information Security Management - ISO 27001• Why it is important to safeguard the information? • How will ISO 27001 be applicable to you?
Chapter 2 - Step 1: Assessing Needs and Scope
When starting an ISO 27001 - information security implementation, a doubt arises on the first step to be taken. This chapter will give reader an understanding as how to start implementation process and what are the important aspects to cover.
• Assessing Business Needs• Scope & High level timeframe to achieve implementation• Senior Management Support
Chapter 3 - Step 2: Project Kick-off
When we formally start a project, kick off is important with stakeholders. This chapter will give reader an understanding on conducting ISO 27001 implementation kick off with required stakeholders and gain their commitment on the project / set timeline.
• Presenting a High Level Plan• Setting up Project Task Force• Getting Commitment
Chapter 4 - Step 3: Initial Risk Assessment
The term Risk Assessment means identification of the risks related to information security. This chapter will give reader an understanding as how to conduct risk assessment exercise, which involved all teams/stakeholders. You will also learn the importance of preparing findings report & its presentation.
• Meeting Teams• Preparing Analysis Report• Presenting Report to Management / Teams Chapter 5 - Step 4: Risk Management Approach
This chapter will give reader an understanding on the approach to be identified / followed for managing the risks identified during the risk assessment exercise. Our focus will be on identifying assets and applying security controls.
• Define / Finalize Risk Assessment Framework• Identifying Assets• Managing Risks• Identifying Security Controls• Statement of Applicability (SOA)
Chapter 6 - Step 5: Execution
Till now our focus was on identifying the gaps and approaches to be adopted. This chapter will provide you the steps to be taken during the execution process. We will cover identifying risks for each team / areas / stakeholders keeping the requirements of ISO 27001 security controls in mind.
• Information security awareness• Need of Policies / Procedure• Understanding & Implementing Controls• Assessing Progress
Chapter 7 - Step 6: Audit
This chapter will give you an understanding on the audit (internal) requirements, conduct of audit / audit finding reports / closure of findings / improvement & communication with respect to ISO 27001 implementation.
• Preparing Audit Team (Internal)• Conducting Audits• Close findings / gaps• Planning Improvement• Comm
Information security in simple terms refers to securing your information. The question arises; who would you need to secure it from? Any person who is not authorized to access and use information. This chapter will provide reader an introduction on information security and its importance. We will talk about various industries / domains example which will give readers an understanding of information security related to industries / domain they are working in or are about to implement information security in their specific industry / organization.
• What is Information Security?• Information Security Management - ISO 27001• Why it is important to safeguard the information? • How will ISO 27001 be applicable to you?
Chapter 2 - Step 1: Assessing Needs and Scope
When starting an ISO 27001 - information security implementation, a doubt arises on the first step to be taken. This chapter will give reader an understanding as how to start implementation process and what are the important aspects to cover.
• Assessing Business Needs• Scope & High level timeframe to achieve implementation• Senior Management Support
Chapter 3 - Step 2: Project Kick-off
When we formally start a project, kick off is important with stakeholders. This chapter will give reader an understanding on conducting ISO 27001 implementation kick off with required stakeholders and gain their commitment on the project / set timeline.
• Presenting a High Level Plan• Setting up Project Task Force• Getting Commitment
Chapter 4 - Step 3: Initial Risk Assessment
The term Risk Assessment means identification of the risks related to information security. This chapter will give reader an understanding as how to conduct risk assessment exercise, which involved all teams/stakeholders. You will also learn the importance of preparing findings report & its presentation.
• Meeting Teams• Preparing Analysis Report• Presenting Report to Management / Teams Chapter 5 - Step 4: Risk Management Approach
This chapter will give reader an understanding on the approach to be identified / followed for managing the risks identified during the risk assessment exercise. Our focus will be on identifying assets and applying security controls.
• Define / Finalize Risk Assessment Framework• Identifying Assets• Managing Risks• Identifying Security Controls• Statement of Applicability (SOA)
Chapter 6 - Step 5: Execution
Till now our focus was on identifying the gaps and approaches to be adopted. This chapter will provide you the steps to be taken during the execution process. We will cover identifying risks for each team / areas / stakeholders keeping the requirements of ISO 27001 security controls in mind.
• Information security awareness• Need of Policies / Procedure• Understanding & Implementing Controls• Assessing Progress
Chapter 7 - Step 6: Audit
This chapter will give you an understanding on the audit (internal) requirements, conduct of audit / audit finding reports / closure of findings / improvement & communication with respect to ISO 27001 implementation.
• Preparing Audit Team (Internal)• Conducting Audits• Close findings / gaps• Planning Improvement• Comm
294 pages, Paperback
Published December 12, 2019
1 person is currently reading
5 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
No one has reviewed this book yet.