Atjaunināt sīkdatņu piekrišanu

E-grāmata: How to Achieve 27001 Certification: An Example of Applied Compliance Management

3.45/5 (22 ratings by Goodreads)
,
  • Formāts: 352 pages
  • Izdošanas datums: 28-Nov-2007
  • Izdevniecība: Auerbach
  • Valoda: eng
  • ISBN-13: 9781040169230
Citas grāmatas par šo tēmu:
  • Formāts - EPUB+DRM
  • Cena: 71,37 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
How to Achieve 27001 Certification: An Example of Applied Compliance ManagementPalielināt
  • Formāts: 352 pages
  • Izdošanas datums: 28-Nov-2007
  • Izdevniecība: Auerbach
  • Valoda: eng
  • ISBN-13: 9781040169230
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

The security criteria of the International Standards Organization (ISO) provides an excellent foundation for identifying and addressing business risks through a disciplined security management process. Using security standards ISO 17799 and ISO 27001 as a basis, How to Achieve 27001 Certification: An Example of Applied Compliance Management helps an organization align its security and organizational goals so it can generate effective security, compliance, and management programs.

The authors offer insight from their own experiences, providing questions and answers to determine an organization's information security strengths and weaknesses with respect to the standard. They also present step-by-step information to help an organization plan an implementation, as well as prepare for certification and audit.

Security is no longer a luxury for an organization, it is a legislative mandate. A formal methodology that helps an organization define and execute an ISMS is essential in order to perform and prove due diligence in upholding stakeholder interests and legislative compliance. Providing a good starting point for novices, as well as finely tuned nuances for seasoned security professionals, this book is an invaluable resource for anyone involved with meeting an organization's security, certification, and compliance needs.
Preface xi
Introduction xiii
Introduction to International Standards Organization Security Standards
1(12)
Objectives
1(1)
Cornerstones of Information Security
2(1)
The History of ISO Information Security Standards
3(1)
Information Security Standards Road Map and Numbering
4(1)
International Security Management Standards
4(1)
Other Proposed Information Security Standards
5(1)
Introduction to the ISO/IEC 27001 Standard
5(2)
Introduction to the ISO 27002 Standard
7(2)
Relationship between ISO 27001 and ISO 27002
9(1)
Relationship to Other Management Standards
9(1)
PDCA and Security Standards Cross-Reference
10(3)
Standards to Assist in the Plan Phase
10(1)
Standards to Assist in the Do Phase
11(1)
Standards to Assist in the Check Phase
11(1)
Standards to Assist in the Act Phase
12(1)
Information Security Management System
13(6)
Objectives
13(1)
ISMS Introduction
14(1)
Security Management Framework Introduction
14(1)
ISMS Establishment Process: To-Be or PDCA
15(4)
To-Be
16(1)
As-Is
17(1)
Transition Plan
17(1)
Operations and Maintenance
18(1)
Foundational Concepts and Tools for an Information Security Management System
19(78)
Objectives
19(1)
SMF Applications
20(47)
Interpretation Guide
22(45)
ISMS Initial Planning and Implementation
67(1)
Establishing Current Status of Organizational Security Management (Assessment Process)
68(8)
Background Discovery
68(1)
Organization Background Information
69(1)
General Information Security Posture Questionnaire
70(1)
Security Arrangements
71(4)
Information Security Infrastructure
75(1)
Findings and Report
75(1)
Compliance Level Discovery
76(4)
Sample Interview Guide
78(2)
Analysis of Discovery Results
80(1)
Reporting Templates
81(1)
An Initial View of Developing an ISMS
81(16)
Establish Governance
83(1)
Plan for Management
84(1)
Framework for Operations
84(1)
Institute a Methodology for Continual Review and Improvement
84(1)
SMF Baseline---An ISO 27002 Foundation
85(8)
ISMS --- Policy, Standard, and Procedure Development and Maintenance Tracking
93(4)
Implementing an Information Security Management System---Plan-Do-Check-Act
97(66)
Objectives
97(1)
ISMS Definition
98(1)
PDCA Model
99(2)
Accountability
101(1)
Plan Phase
101(30)
Process and Products of the Plan Phase
102(1)
Defining the Scope
103(1)
Information Security Policy
104(2)
Organization of the Information Security Policy
106(5)
ISMS Policy
111(1)
Risk Management
112(17)
Prepare the Statement of Applicability
129(2)
Documentation Summary of the Plan Phase
131(1)
Do Phase
131(20)
Risk Treatment Plan
132(1)
Writing Policies and Procedures
132(2)
Metrics and Measurements
134(11)
Selecting and Implementing Controls
145(1)
Awareness, Training, and Education
146(1)
Managing Operation and Resources
147(1)
Managing Security Incident
148(1)
Monitoring
148(1)
Detection
148(1)
Notification
148(1)
Triage
149(1)
Escalation
149(1)
Response
149(1)
Isolation
149(1)
Restoration
149(1)
Root Cause Analysis
150(1)
Organizational Feedback
150(1)
Documentation Summary of the Do Phase
150(1)
Check Phase
151(7)
Execute Operational Plan
151(1)
Review of the Effectiveness of the ISMS
151(3)
Review the Level of Residual Risk
154(1)
Conduct an Internal ISMS Audit
155(1)
Regular Management Review of the ISMS
156(1)
Record Action and Events That Impact the ISMS
157(1)
Documentation Summary of Check Phase
157(1)
Act Phase
158(2)
Implement Identified Improvements
158(1)
Apply Lessons Learned: Empirical and Vicarious
158(1)
Empirical
158(1)
Vicarious
159(1)
Communicate the Results: Organizational Outreach
159(1)
Ensure the Objective
159(1)
Continue the Process
159(1)
Documentation Summary of the Act Phase
160(1)
Summary of Implementing the ISMS
160(3)
Audit and Certification
163(10)
Objectives
163(1)
Certification Process Overview
164(1)
Selecting an Accredited Certification Body
165(1)
Certification Preparation Checklist
165(2)
The Audit Stage Process
167(6)
Stage 1: Engaging the Certifier and Audit Kickoff
167(1)
Stage 2: Document Review
168(1)
Stage 3: On-Site Audit
169(2)
Stage 4: Delivery of Findings
171(2)
Compliance Management
173(40)
Objectives
174(1)
Introduction to Compliance Management
174(1)
IA CMP
174(31)
Compliance Management Framework
175(2)
Security Management Framework
177(2)
Compliance Management Requirements Engineering
179(7)
Requirements Traceability Example
186(1)
Security Compliance Assessment Methodology
186(3)
Project Management
189(2)
Pre-Engagement
191(1)
Engagement
192(2)
Post-Engagement
194(1)
Compliance Management Tools
194(1)
Team Management
195(1)
Project Management
195(1)
Pre-Engagement
196(1)
Engagement
196(1)
Post-Engagement
197(1)
Delivery and Sign-Off
197(1)
Compliance Metrics
197(1)
Compliance Levels
198(3)
Policy, Standard, and Procedure Management
201(1)
Dissemination
202(1)
Mitigation/Remediation Tracking
202(1)
Benefits of Metrics and Measures
203(1)
ISO Certification: An Instance of IA CMP
204(1)
Conclusion and Commentary
205(8)
PDCA Overview
207(1)
Plan
207(1)
Do
207(1)
Check
207(1)
Act
208(1)
Melding Compliance Management with PDCA
208(1)
Identify
208(1)
Establish
208(1)
Plan
209(1)
Implement
210(1)
Monitor
211(1)
Maintain
211(1)
Improve
212(1)
ISO 27001 Certification: An Instance of Compliance Management
212(1)
Appendix A ISMS Assessment Discovery Question Set 213(44)
Appendix B Sample Statement of Applicability 257(12)
Appendix C PDCA Guideline Documents---Outlines 269(4)
Appendix D Policy, Standard, and Procedure Sample Templates 273(8)
Appendix E ISMS Policy and Risk Treatment Templates 281(8)
Appendix F Project Definition Template 289(6)
Useful Bits of Knowledge 295(6)
Glossary 301(6)
References 307(2)
Index 309


Arnason, Sigurjon Thor; Willett, Keith D.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97810401692306e.html
Keywords: