Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Information Security Compliance Management
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

By : Adarsh Nair, Greeshma M. R.
4.7 (19)
Buy this Book
close
close
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

4.7 (19)
By: Adarsh Nair, Greeshma M. R.
Buy this Book

Overview of this book

ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body. The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001. By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.
Table of Contents (19 chapters)
close
close
close
Preface
Preface
Who this book is for
What this book covers
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
Free Chapter
2
Chapter 1: Foundations, Standards, and Principles of Information Security
Chapter 1: Foundations, Standards, and Principles of Information Security
The CIA triad
Information security standards
Using an information security management system
The ISO 27000 series
Summary
3
Chapter 2: Introduction to ISO 27001
Chapter 2: Introduction to ISO 27001
ISO 27001’s origin
ISO 27001’s structure and PDCA
Implementing an ISMS – a SWOT analysis
Legal and regulatory compliance
Accreditations and certifications
Summary
4
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
5
Chapter 3: ISMS Controls
Chapter 3: ISMS Controls
ISO 27001 versus 27002
Annex A controls
Summary
6
Chapter 4: Risk Management
Chapter 4: Risk Management
ISO 31000:2018
ISO 27005:2022
Summary
7
Chapter 5: ISMS – Phases of Implementation
Chapter 5: ISMS – Phases of Implementation
Phases of ISMS implementation
Time, effort, and roles in an ISO 27001 implementation
Summary
8
Chapter 6: Information Security Incident Management
chevron up
Chapter 6: Information Security Incident Management
Understanding security incidents and incident management
Information security incidents and breaches
The incident management process
Understanding the controls related to incident management from Annex of ISO 27001:2022
Understanding the roles and responsibilities of the incident management team
ISO/IEC standards related to information security incident management
Summary
9
Chapter 7: Case Studies – Certification, SoA, and Incident Management
Chapter 7: Case Studies – Certification, SoA, and Incident Management
Case study #1 – ISMS implementation and ISO 27001 certification
Case study #2 – selection of controls and the Statement of Applicability
Case study #3 – information security incident management
Summary
10
Part 3: How to Sustain – Monitoring and Measurement
Part 3: How to Sustain – Monitoring and Measurement
11
Chapter 8: Audit Principles, Concepts, and Planning
Chapter 8: Audit Principles, Concepts, and Planning
Different types of ISO audit
Seven principles of auditing
Additional guidance for auditors
Audit program
Summary
12
Chapter 9: Performing an Audit
Chapter 9: Performing an Audit
An overview of the steps for performing an audit as per ISO 19011 guidelines
Initiating the audit
Preparing audit activities
Conducting audit activities
Summary
13
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
Looking at audit reporting
Completing the audit
Conducting an audit follow-up
Looking at the strategies for continual improvement
Summary
14
Chapter 11: Auditor Competence and Evaluation
Chapter 11: Auditor Competence and Evaluation
Personal conduct
Knowledge and skills
Auditor evaluation
Maintaining and improving auditor competence
Summary
15
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
Case study 1 – audit planning
Case study 2 – reporting NCs
Case study 3 – audit reporting
Summary
16
Index
Index
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
Appendix – Terms and Definitions
Appendix – Terms and Definitions

Understanding security incidents and incident management

Figure 6.1 shows the representation of an occurrence of an incident. ISO 27000 defines a security incident as “a single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security” (https://www.iso.org/). There can be different sources of incidents, such as employees, clients, and third-party vendors. When an incident occurs or a weakness is discovered in a system or service, a mechanism must be established to ensure that an organization can respond quickly and effectively. The first thing that needs to be done to accomplish this goal is to devise a plan to handle any security problems that may arise.

ISO 27035 is the standard that talks in detail about information security incident management. Information security incidents and vulnerabilities can be identified, documented, assessed, responded to...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 2
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY