Mastering Information Security Compliance Management

By : Adarsh Nair, Greeshma M. R.

1 (1)

Buy this Book

Mastering Information Security Compliance Management

1 (1)

By: Adarsh Nair, Greeshma M. R.

Buy this Book

Overview of this book

ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body. The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001. By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.

Preface

Who this book is for

What this book covers

Conventions used

Get in touch

Share Your Thoughts

Download a free PDF copy of this book

Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications

Free Chapter

Chapter 1: Foundations, Standards, and Principles of Information Security

The CIA triad

Information security standards

Using an information security management system

The ISO 27000 series

Summary

Chapter 2: Introduction to ISO 27001

ISO 27001’s origin

ISO 27001’s structure and PDCA

Implementing an ISMS – a SWOT analysis

Legal and regulatory compliance

Accreditations and certifications

Summary

Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation

Chapter 3: ISMS Controls

ISO 27001 versus 27002

Annex A controls

Summary

Chapter 4: Risk Management

ISO 31000:2018

ISO 27005:2022

Summary

Chapter 5: ISMS – Phases of Implementation

Phases of ISMS implementation

Time, effort, and roles in an ISO 27001 implementation

Summary

Chapter 6: Information Security Incident Management

Understanding security incidents and incident management

Information security incidents and breaches

The incident management process

Understanding the controls related to incident management from Annex of ISO 27001:2022

Understanding the roles and responsibilities of the incident management team

ISO/IEC standards related to information security incident management

Summary

Chapter 7: Case Studies – Certification, SoA, and Incident Management

Case study #1 – ISMS implementation and ISO 27001 certification

Case study #2 – selection of controls and the Statement of Applicability

Case study #3 – information security incident management

Summary

Part 3: How to Sustain – Monitoring and Measurement

Chapter 8: Audit Principles, Concepts, and Planning

Different types of ISO audit

Seven principles of auditing

Additional guidance for auditors

Audit program

Summary

Chapter 9: Performing an Audit

An overview of the steps for performing an audit as per ISO 19011 guidelines

Initiating the audit

Preparing audit activities

Conducting audit activities

Summary

Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement

Looking at audit reporting

Completing the audit

Conducting an audit follow-up

Looking at the strategies for continual improvement

Summary

Chapter 11: Auditor Competence and Evaluation

Personal conduct

Knowledge and skills

Auditor evaluation

Maintaining and improving auditor competence

Summary

Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting

Case study 1 – audit planning

Case study 2 – reporting NCs

Case study 3 – audit reporting

Summary

Index

Why subscribe?

Other Books You May Enjoy

Packt is searching for authors like you

Share Your Thoughts

Download a free PDF copy of this book

Appendix – Terms and Definitions

Customer Reviews

1 (1)

5 star

4 star

3 star

2 star

1 star

100%

Personal conduct

Clause 4 of ISO 19011 (https://www.iso.org/) describes the principles of auditing (explained in Chapter 8). Auditors are expected to exhibit attributes that enable them to abide by these principles. The individual behavior of an auditor should be professional during the conduct of an audit. ISO 19011 lists certain desired attributes for auditors, such as the following:

Ethical: Auditors must base their findings on objective evidence and not falsify them for vested interests. Their reports should be truthful, have a defined objective, and be unbiased. Special care should be taken to refrain from unprofessional behavior, such as gossip or the disclosure of confidential information.
Open-minded: Auditors must not let their own biases get in the way of assessing a process implementation by the auditee. Ultimately, the checks should be performed on whether the requirements are met or not and how effective they are in achieving the objectives set by an organization...

Mastering Information Security Compliance Management

By : Adarsh Nair, Greeshma M. R.

Mastering Information Security Compliance Management

By: Adarsh Nair, Greeshma M. R.

Overview of this book

Related Content you might be interested in

Current Title:

Mastering Information Security Compliance Management

Cybersecurity and Privacy Law Handbook.

Information Security Handbook

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

Personal conduct