Atjaunināt sīkdatņu piekrišanu

Implementing the ISO/IEC 27001 ISMS Standard, Second Edition Unabridged edition [Hardback]

4.25/5 (7 ratings by Goodreads)
  • Formāts: Hardback, 224 pages
  • Izdošanas datums: 29-Feb-2016
  • Izdevniecība: Artech House Publishers
  • ISBN-10: 1608079309
  • ISBN-13: 9781608079308
Citas grāmatas par šo tēmu:
  • Hardback
  • Cena: 80,72 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Implementing the ISO/IEC 27001 ISMS Standard, Second Edition Unabridged editionPalielināt
  • Formāts: Hardback, 224 pages
  • Izdošanas datums: 29-Feb-2016
  • Izdevniecība: Artech House Publishers
  • ISBN-10: 1608079309
  • ISBN-13: 9781608079308
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781608079308.html
Keywords:
Authored by an internationally recognized expert in the field, this expanded, timely second edition addresses all the critical information security management issues needed to help businesses protect their valuable assets. Professionals learn how to manage business risks, governance and compliance. This updated resource provides a clear guide to ISO/IEC 27000 security standards and their implementation, focusing on the recent ISO/IEC 27001.

Papildus informācija

Chief Information Security officers and managers.
Acknowledgments xiii
Introduction xv
1 Information Security 1(10)
1.1 The Importance of Being Informed
1(2)
1.2 Globally Connected
3(1)
1.3 More Ado About Risks
4(1)
1.4 Decoding the Secret of Information Security Management
5(1)
1.5 Management and Awareness
6(1)
1.6 Legislation, Regulation and Governance
7(1)
1.7 En Route to a Certified Business Environment
8(3)
1.7.1 Processes
9(1)
1.7.2 Controls
9(2)
2 ISO/IEC 27001 ISMS Family 11(16)
2.1 ISO/IEC Standardisation
11(1)
2.1.1 Overview 1
1(11)
2.1.2 ISO/IEC JTC 1/SC 27
12(1)
2.2 Overview
12(7)
2.2.1 International Standards
12(2)
2.2.2 The 2 7001 ISMS Family
14(2)
2.2.3 Standards Interrelated to 2 7001 ISMS Family
16(3)
2.3 Evolution of the ISO/IEC 27000 Family
19(3)
2.3.1 The Weakest Link
19(1)
2.3.2 Baseline Controls
19(1)
2.3.3 Formative Years-BS 7799 Part I and Part 2
20(1)
2.3.4 Internationalization
21(1)
2.4 Overview of ISO/IEC 27001: 2013
22(3)
2.4.1 Introduction
22
2.4.2 ISMS Audience 2
3(20)
2.4.3 Mandatory Statements
23(1)
2.4.4 Processes
23(1)
2.4.5 ISMS Stages
23(1)
2.4.6 Risk-Based Approach
24(1)
2.4.7 Performance Evaluation
25(1)
2.5 Second Edition of ISO/IEC 27002
25(2)
2.5.1 Conformance with ISO/IEC 27002
25(1)
2.5.2 Applying ISO/IEC 27002
26(1)
3 ISMS Business Context 27(14)
3.1 Organisational Context
27(3)
3.1.1 Understanding the Business
27(1)
3.1.2 Internal Issues and Context
28(1)
3.1.3 External Issues and Context
29(1)
3.2 Needs and Expectations
30(5)
3.2.1 Interested Parties
30(1)
3.2.2 Requirements Relevant to the ISMS
30(4)
3.2.3 Gathering Requirements Relevant to the ISMS
34(1)
3.3 ISMS Scope
35(6)
3.3.1 What to Consider and What to Include
35(1)
3.3.2 Object of ISMS Scope
36(1)
3.3.3 Defining the ISMS Scope
37(1)
3.3.4 Scope Example
37(2)
3.3.5 External and Internal Connections
39(2)
4 Managing the ISMS Risks 41(20)
4.1 The Importance of Risk and Opportunity
41(4)
4.1.1 Definition of Risk
41(1)
4.1.2 Opportunity
42(1)
4.1.3 Risk Attitude, Tolerance and Appetite
42(1)
4.1.4 Information Security Risk Appetite and Tolerance
43(1)
4.1.5 ISMS Risks
44(1)
4.2 Risk Management Process
45(13)
4.2.1 Changes in the Process
45(1)
4.2.2 Risk Assessment
45(7)
4.2.3 Risk Treatment
52(5)
4.2.4 Determine the Controls
57(1)
4.2.5 Statement of Applicability
58(1)
4.2.6 Risk Treatment Plan
58(1)
4.2.7 Risk Owners' Duties
58(1)
4.3 Ongoing Reassessment of Risk
58(3)
4.3.1 Risk Reviews and Reassessments
58(1)
4.3.2 Risk Monitoring
59(1)
4.3.3 Updating the Risk Treatment
59(2)
5 ISMS Leadership and Support 61(10)
5.1 Management Policy
61(2)
5.1.1 Approval, Communication and Awareness
62(1)
5.1.2 Policy Review
63(1)
5.1.3 Management Policy Sets the Scene
63(1)
5.2 Leadership
63(1)
5.3 Roles and Responsibilities
64(1)
5.4 Resources
65(1)
5.5 Training and Awareness
66(5)
5.5.1 When Should Training Take Place?
67(1)
5.5.2 Training Methods
67(1)
5.5.3 ISMS-Related Topics
68(3)
6 Controls to Modify the Risks 71(30)
6.1 Determining the Controls
71(2)
6.1.1 Control Framework
71(1)
6.1.2 Process of Determining a Control Set
72(1)
6.1.3 Existing Control Sets
73(1)
6.2 System of Controls
73(3)
6.2.1 Control Framework
73(1)
6.2.2 System of Controls
74(2)
6.3 Policies and Procedures
76(3)
6.3.1 General
76(2)
6.3.2 Approval, Communications and Awareness
78(1)
6.3.3 Review
78(1)
6.4 Example controls
79(19)
6.4.1 Overview
79(1)
6.4.2 Acceptable Use Policy
79(3)
6.4.3 Information Handling Policy and Procedures
82(10)
6.4.4 Access Control Policy, Procedures and Processes
92(4)
6.4.5 Human Resource Policies, Procedures and Processes
96(2)
6.5 Sector-Specific Controls
98(2)
6.6 Benchmarking with ISO/IEC 27001:2013 Annex A
100(1)
7 ISMS Operations 101(40)
7.1 Operational ISMS Procedures
101(2)
7.1.1 General
101(1)
7.1.2 Example Procedures
101(1)
7.1.3 Training, Awareness and Usage
102(1)
7.2 Ongoing Risk Management
103(1)
7.3 Operational Threats
104(8)
7.3.1 Malware
104(2)
7.3.2 Unauthorised Access
106(1)
7.3.3 Insider Threat
107(2)
7.3.4 System Availability
109(2)
7.3.5 Social Engineering
111(1)
7.4 Operational Processes
112(7)
7.4.1 Protecting Information in the Operational Environment
112(1)
7.4.2 Backups
113(3)
7.4.3 Capacity Planning
116(1)
7.4.4 Change Management
117(1)
7.4.5 Third-Party Services
117(2)
7.5 Incident Management
119(10)
7.5.1 Events That Compromise
119(1)
7.5.2 Use Cases
120(1)
7.5.3 Processes
121(6)
7.5.4 Incident Management Team
127(1)
7.5.5 Standards
128(1)
7.6 ISMS Availability and Business Continuity
129(3)
7.6.1 Value and Importance
129(1)
7.6.2 Business Impact
130(1)
7.6.3 Plans
131(1)
7.6.4 Processes
131(1)
7.6.5 Standards
132(1)
7.7 ISMS Use Examples
132(9)
7.7.1 SME Design Services
132(1)
7.7.2 Legal Services
133(2)
7.7.3 Electronic Accounting System
135(1)
7.7.4 Government Payment System
136(1)
7.7.5 Outsourcing Call Centre Operations
137(1)
7.7.6 Manufacturing Systems
138(2)
7.7.7 Supply Chain Management
140(1)
8 Performance Evaluation 141(36)
8.1 Performance, Change and Improvement
141(6)
8.1.1 How Effective, Adequate and Suitable Is the ISMS?
141(1)
8.1.2 Change and the Certainty of Change
142(1)
8.1.3 Change Management
143(2)
8.1.4 Tracking and Reviewing Ongoing Change
145(1)
8.1.5 Informed Decision Making
146(1)
8.2 Monitoring and Operational Reviews
147(9)
8.2.1 Monitoring
147(1)
8.2.2 Monitoring and Review of Staff Awareness, Competency and Use of the ISMS
148(3)
8.2.3 Monitoring and Review of Information Security Processes
151(1)
8.2.4 Monitoring and Review of Information Security Controls
152(1)
8.2.5 Monitoring and Review of IT and Network Services and Infrastructure
153(1)
8.2.6 Monitoring and Reviewing Third Party Contracts and Services
153(2)
8.2.7 Monitoring and Review of Legal and Contractual Compliance
155(1)
8.3 ISMS Measurements Programme
156(12)
8.3.1 ISMS Metrics and Measurements
156(3)
8.3.2 Measurement Programme
159(9)
8.4 Ongoing Risk Management
168(3)
8.4.1 Risk Responsiveness and Commitment
168(1)
8.4.2 Regular Risk Assessments
169(1)
8.4.3 Risk Measurements and Metrics
170(1)
8.5 ISMS Internal Audits
171(1)
8.6 Management Reviews of the ISMS
172(3)
8.6.1 Management Review
172(1)
8.6.2 Input for the Management Review
173(1)
8.6.3 Output of the Management Review
174(1)
8.7 Awareness and Communications
175(2)
9 Improvements to the ISMS 177(8)
9.1 Continual Improvement
177(3)
9.1.1 Improvement
177(1)
9.1.2 Maintaining Effectiveness, Suitability and Adequacy
178(1)
9.1.3 Holistic Effectiveness
179(1)
9.2 Conformance and Nonconformance
180(3)
9.2.1 Nonconformity
180(1)
9.2.2 Corrections
180(1)
9.2.3 Corrective Actions and Root Causes
180(1)
9.2.4 Some Common Causes of Nonconformity
181(1)
9.2.5 Case Study One
182(1)
9.2.6 Case Study 7tvo
182(1)
9.2.7 Case Study Three
182(1)
9.3 Making Improvements
183(2)
9.3.1 Planning and Implementing Improvements
183(1)
9.3.2 Improvements to Processes
184(1)
9.3.3 Improvements to Policies and Procedures
184(1)
9.3.4 Implementing Improvements to Awareness and Training
184(1)
10 Accredited ISMS Certification 185(14)
10.1 Overview
185(1)
10.2 International Certification
185(3)
10.2.1 Global Take Up
185(1)
10.2.2 Motivation
186(1)
10.2.3 Costs and Resources
187(1)
10.3 Certification and Accreditation
188(1)
10.3.1 Interested Parties
188(1)
10.3.1 Accreditation
188(1)
10.3.3 Certification
189(1)
10.4 Standards Involved
189(2)
10.4.1 Accreditation
189(1)
10.4.2 Certification
190(1)
10.4.3 End-User Organisations (ISMS Owners)
190(1)
10.5 ISMS Audits
191(8)
10.5.1 Certification Scope
191(1)
10.5.2 Audit Process
191(2)
10.5.3 Nonconformities
193(1)
10.5.4 Audit Report
193(1)
10.5.5 Surveillance Audits
194(1)
10.5.6 Recertification
194(1)
10.5.7 Audit Trails
195(2)
10.5.8 Competence
197(2)
11 Epilogos 199(8)
11.1 The ISMS-A Living System
199(4)
11.2 ISMS: The Business Enabler
203(4)
Bibliography 207(4)
About the Author 211(2)
Index 213
Edward Humphreys is a visiting professor across Europe and Asia for short courses in ISMS, cyber resilience, risk management and risk psychology. He is the convener of the ISO/IEC JTC 1/SC 27 responsible for the development and maintenance of the family of ISO/IEC 27001 ISMS standards.