Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Mastering Information Security Compliance Management
  • Toc
  • feedback
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

By : Adarsh Nair, Greeshma M. R.
4.7 (19)
close
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

4.7 (19)
By: Adarsh Nair, Greeshma M. R.

Overview of this book

ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body. The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001. By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.
Table of Contents (19 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
Free Chapter
2
Chapter 1: Foundations, Standards, and Principles of Information Security
chevron up
Chapter 1: Foundations, Standards, and Principles of Information Security
The CIA triad
Information security standards
Using an information security management system
The ISO 27000 series
Summary
3
Chapter 2: Introduction to ISO 27001
Chapter 2: Introduction to ISO 27001
ISO 27001’s origin
ISO 27001’s structure and PDCA
Implementing an ISMS – a SWOT analysis
Legal and regulatory compliance
Accreditations and certifications
Summary
4
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
5
Chapter 3: ISMS Controls
Chapter 3: ISMS Controls
ISO 27001 versus 27002
Annex A controls
Summary
6
Chapter 4: Risk Management
Chapter 4: Risk Management
ISO 31000:2018
ISO 27005:2022
Summary
7
Chapter 5: ISMS – Phases of Implementation
Chapter 5: ISMS – Phases of Implementation
Phases of ISMS implementation
Time, effort, and roles in an ISO 27001 implementation
Summary
8
Chapter 6: Information Security Incident Management
Chapter 6: Information Security Incident Management
Understanding security incidents and incident management
Information security incidents and breaches
The incident management process
Understanding the controls related to incident management from Annex of ISO 27001:2022
Understanding the roles and responsibilities of the incident management team
ISO/IEC standards related to information security incident management
Summary
9
Chapter 7: Case Studies – Certification, SoA, and Incident Management
Chapter 7: Case Studies – Certification, SoA, and Incident Management
Case study #1 – ISMS implementation and ISO 27001 certification
Case study #2 – selection of controls and the Statement of Applicability
Case study #3 – information security incident management
Summary
10
Part 3: How to Sustain – Monitoring and Measurement
Part 3: How to Sustain – Monitoring and Measurement
11
Chapter 8: Audit Principles, Concepts, and Planning
Chapter 8: Audit Principles, Concepts, and Planning
Different types of ISO audit
Seven principles of auditing
Additional guidance for auditors
Audit program
Summary
12
Chapter 9: Performing an Audit
Chapter 9: Performing an Audit
An overview of the steps for performing an audit as per ISO 19011 guidelines
Initiating the audit
Preparing audit activities
Conducting audit activities
Summary
13
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
Looking at audit reporting
Completing the audit
Conducting an audit follow-up
Looking at the strategies for continual improvement
Summary
14
Chapter 11: Auditor Competence and Evaluation
Chapter 11: Auditor Competence and Evaluation
Personal conduct
Knowledge and skills
Auditor evaluation
Maintaining and improving auditor competence
Summary
15
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
Case study 1 – audit planning
Case study 2 – reporting NCs
Case study 3 – audit reporting
Summary
16
Index
Index
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
Appendix – Terms and Definitions
Appendix – Terms and Definitions

Foundations, Standards, and Principles of Information Security

In today’s information-centric environment, the concept of information security is paramount and is now on par with other business functions. Irrespective of their market share, private or public status, or geographical location, businesses are being pushed to move online in order to stay relevant.

In the 21st century, we have all experienced the information revolution. Data is stimulating the information revolution in the same way that oil catalyzed the industrial revolution. In today’s environment, data is the raw resource that must be studied, interpreted, and retrieved with care in order to provide significant insights to its users.

The difference between oil and data is that the volume of oil is reducing across the world, whereas the amount of data is growing day by day. Data has become a valuable commodity and fuel source in today’s world.

On the other hand, data-related cybercrime such as data theft is expanding exponentially. A data breach occurs when a company unwittingly exposes critical information that might cause damage to a company’s reputation, brand value, and customer trust, or even result in regulatory penalties.

The average cost of a data breach was $4.35 million in the year 2022, according to IBM’s Cost of a Data Breach Report 2022. While the average cost per record was $164 in 2022, the cost per record has climbed considerably since 2020. Hackers are primarily interested in a company’s customer information because they can use it to blackmail the company or sell the information to competitors. Data has become, on average, more valuable than any other asset. Information security principles guide the entire concept of data security.

This chapter will explain the fundamentals of Information Security, including why it’s important and how security frameworks can help reduce risk and develop a mechanism to manage information security across an enterprise. The key topics covered are the following:

  • The CIA triad
  • Information security standards
  • Using an information security management system
  • The ISO 27000 series
End of Section 1
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete