• SELECT SITE CURRENCY
Select a currency for use throughout the site
An Introduction to Information Security and ISO27001
IT Governance, October 2008, Pages: 46
The main international standard that deals with information security is ISO27001. If your organisation is looking to raise employee awareness of information security, then you will find this book especially useful. The pocket guide explains the concept of information security management within the framework of ISO27001. Introduce your employees to the basics of ISO27001 – buy multi-packs of this pocket guide here and distribute them to your staff!
Benefits to business include:
- Make informed decisions
Information security matters to the whole of your organisation, not just to your IT people. By providing a clear, concise overview of the subject, this book will enable the key people in your organisation to make better decisions before embarking on an information security project.
Ensure everyone is up to speed
Once you have decided to implement an information security project, you can use this book to give the non-specialists on the project board and in the project team a clearer understanding of what the project involves.
- Raise awareness among staff
An information security management system will make demands of the overall corporate culture within your organisation. You need to make sure your people know what is at stake with regard to information security, so that they understand what is expected of them.
- Enhance your competitiveness
Your customers need to know that the information you hold about them is being managed and protected appropriately. And to retain your competitive edge, you will want the identity of your suppliers and the products you are currently developing to stay under wraps. With an effective knowledge management strategy, you can preserve smooth customer relations and protect your trade secrets.
- IS027001 ISMS
In order to achieve compliance with IS027001, the standard for an information security management system, your organisation will first of all have to work out what is required of the ISMS. The main aim of an ISMS is to manage all risks to a consistent level of control. This book outlines the essential requirements of an information security risk assessment under ISO27001, and offers a rough guide to the main categories of control.
The standard will require your organisation to work out its information security policy, stating its commitments and objectives regarding information security. Under ISO27001, your organisation will also need to define where responsibilities for information security lie. By raising awareness of information security among staff, your company will be in a better position to react to any potential problem that may arise. Compliance with ISO27001 can also facilitate outsourcing contracts by offering assurance to partners as regards information security practices. For your organisation to be able to demonstrate the robustness of its ISMS, it will need to subject itself to an external audit and obtain certification.
Alan Calder, chief executive of IT Governance, commented, “As infosecurity and governance become increasingly mainstream topics, so a wider range of professionals are being drawn into their ambit. These pocket books are ideal for people who need a quick overview of the main issues, either to work effectively with colleagues or to identify any areas for more detailed reading.”
Start understanding ISO27001 and information security and purchase this essential pocket guide today!
About the author:
Steve G. Watkins leads the consultancy and training services of IT Governance Ltd. In his various roles in both the public and private sectors, he has been responsible for most support disciplines. He has over 20 years' experience of managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. As well as being a ISO27001 and ISO9000 lead auditor, Steve is a trained EFQM Assessor and holds diplomas in safety and financial management. He is Chair of the ISO/IEC27001 User Group, the UK Chapter of the ISMS International User Group and was recently invited to become, and is now, an ISMS Technical Expert for UKAS, advising on their assessments of Certification Bodies offering ISO27001 accredited certification. Steve sits on the Management Committee of the British Standards Society, where he chairs the Corporate Governance Group and is an active member of the committee responsible for writing BS31100, the British Standard for Risk Management (Code of Practice).
*This report is only available in Adobe ebook format
Chapter 1: Information Security – What's That?
Chapter 2: It's Not IT
Chapter 3: ISO27001 and the Management System Requirements
Chapter 4: Information Assets and the Information Security Risk Assessment
Chapter 5: Information Security Controls
Chapter 6: Certification
Chapter 7: Signposting