The ideal primer for anyone implementing an Information Security Management System Written by an acknowledged expert on the new ISO27001 standard, An Introduction to information security and ISO27001:2013 is the ideal resource for anyone wanting a clear, concise and easy-to-read primer on information security. It will ensure the systems you put in place are effective, reliable and auditable. This pocket guide will help you to: - Make informed decisions. Use this guide will enable the key people in your organisation to make better decisions before embarking on an information security project.
- Ensure everyone is up to speed. Use this guide to give the non-specialists on the project board and in the project team a clearer understanding of what the project involves.
- Raise awareness among staff. Use this guide to make sure your people know what is at stake with regard to information security and understand what is expected of them.
- Enhance your competitiveness Use this guide to let your customers know that the information you hold about them is managed and protected appropriately. Buy this pocket guide and learn how you can keep your information assets secure.
About the author:
Steve G. Watkins leads the consultancy and training services of IT Governance Ltd. In his various roles in both the public and private sectors, he has been responsible for most support disciplines. He has over 20 years' experience of managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. As well as being a ISO27001 and ISO9000 lead auditor, Steve is a trained EFQM Assessor and holds diplomas in safety and financial management. He is Chair of the ISO/IEC27001 User Group, the UK Chapter of the ISMS International User Group and was recently invited to become, and is now, an ISMS Technical Expert for UKAS, advising on their assessments of Certification Bodies offering ISO27001 accredited certification. Steve sits on the Management Committee of the British Standards Society, where he chairs the Corporate Governance Group and is an active member of the committee responsible for writing BS31100, the British Standard for Risk Management (Code of Practice).
Chapter 1: Information Security – What's That?
Chapter 2: It's Not IT
Chapter 3: ISO27001 and the Management System Requirements
Chapter 4: Information Assets and the Information Security Risk Assessment
Chapter 5: Information Security Controls
Chapter 6: Certification
Chapter 7: Signposting