Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Mastering Information Security Compliance Management
  • Toc
  • feedback
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

By : Adarsh Nair, Greeshma M. R.
4.7 (19)
close
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

4.7 (19)
By: Adarsh Nair, Greeshma M. R.

Overview of this book

ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body. The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001. By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.
Table of Contents (19 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
Free Chapter
2
Chapter 1: Foundations, Standards, and Principles of Information Security
Chapter 1: Foundations, Standards, and Principles of Information Security
The CIA triad
Information security standards
Using an information security management system
The ISO 27000 series
Summary
3
Chapter 2: Introduction to ISO 27001
Chapter 2: Introduction to ISO 27001
ISO 27001’s origin
ISO 27001’s structure and PDCA
Implementing an ISMS – a SWOT analysis
Legal and regulatory compliance
Accreditations and certifications
Summary
4
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
5
Chapter 3: ISMS Controls
chevron up
Chapter 3: ISMS Controls
ISO 27001 versus 27002
Annex A controls
Summary
6
Chapter 4: Risk Management
Chapter 4: Risk Management
ISO 31000:2018
ISO 27005:2022
Summary
7
Chapter 5: ISMS – Phases of Implementation
Chapter 5: ISMS – Phases of Implementation
Phases of ISMS implementation
Time, effort, and roles in an ISO 27001 implementation
Summary
8
Chapter 6: Information Security Incident Management
Chapter 6: Information Security Incident Management
Understanding security incidents and incident management
Information security incidents and breaches
The incident management process
Understanding the controls related to incident management from Annex of ISO 27001:2022
Understanding the roles and responsibilities of the incident management team
ISO/IEC standards related to information security incident management
Summary
9
Chapter 7: Case Studies – Certification, SoA, and Incident Management
Chapter 7: Case Studies – Certification, SoA, and Incident Management
Case study #1 – ISMS implementation and ISO 27001 certification
Case study #2 – selection of controls and the Statement of Applicability
Case study #3 – information security incident management
Summary
10
Part 3: How to Sustain – Monitoring and Measurement
Part 3: How to Sustain – Monitoring and Measurement
11
Chapter 8: Audit Principles, Concepts, and Planning
Chapter 8: Audit Principles, Concepts, and Planning
Different types of ISO audit
Seven principles of auditing
Additional guidance for auditors
Audit program
Summary
12
Chapter 9: Performing an Audit
Chapter 9: Performing an Audit
An overview of the steps for performing an audit as per ISO 19011 guidelines
Initiating the audit
Preparing audit activities
Conducting audit activities
Summary
13
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
Looking at audit reporting
Completing the audit
Conducting an audit follow-up
Looking at the strategies for continual improvement
Summary
14
Chapter 11: Auditor Competence and Evaluation
Chapter 11: Auditor Competence and Evaluation
Personal conduct
Knowledge and skills
Auditor evaluation
Maintaining and improving auditor competence
Summary
15
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
Case study 1 – audit planning
Case study 2 – reporting NCs
Case study 3 – audit reporting
Summary
16
Index
Index
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
Appendix – Terms and Definitions
Appendix – Terms and Definitions

Summary

ISO 27002 is a code of practice for the controls of an ISMS, and it goes into far more detail than ISO 27001’s Annex A controls. The list of 93 controls, divided into 4 control sets, is expanded in clauses A.5 to A.8 of ISO 27002:2022.

While ISO 27002 is not a certifiable standard in and of itself, following its information security management principles will help the company satisfy ISO 27001 certification requirements. It explains how to comply with the ISO 27001 standard and how to implement it.

Because there is no one-size-fits-all information security solution, the appropriate information security controls must be decided on based on their risk assessment and appropriate controls. The CIA triad can be used to define information security in this context.

In the upcoming chapter, we will see one of the most significant aspects of the entire information security auditing process – risk management. The important steps of identifying, analyzing, measuring...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Chapter 5
Next Chapter
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete