Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Information Security Compliance Management
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

By : Adarsh Nair, Greeshma M. R.
4.7 (19)
Buy this Book
close
close
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

4.7 (19)
By: Adarsh Nair, Greeshma M. R.
Buy this Book

Overview of this book

ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body. The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001. By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.
Table of Contents (19 chapters)
close
close
Preface
In Progress | 0 / 7 sections completed | 0%
chevron up
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
In Progress | 0 / 1 sections completed | 0%
Icon
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
Free Chapter
2
Chapter 1: Foundations, Standards, and Principles of Information Security
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 1: Foundations, Standards, and Principles of Information Security
Icon
The CIA triad
Icon
Information security standards
Icon
Using an information security management system
Icon
The ISO 27000 series
Icon
Summary
3
Chapter 2: Introduction to ISO 27001
In Progress | 0 / 7 sections completed | 0%
Icon
Chapter 2: Introduction to ISO 27001
Icon
ISO 27001’s origin
Icon
ISO 27001’s structure and PDCA
Icon
Implementing an ISMS – a SWOT analysis
Icon
Legal and regulatory compliance
Icon
Accreditations and certifications
Icon
Summary
4
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
In Progress | 0 / 1 sections completed | 0%
Icon
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
5
Chapter 3: ISMS Controls
In Progress | 0 / 4 sections completed | 0%
Icon
Chapter 3: ISMS Controls
Icon
ISO 27001 versus 27002
Icon
Annex A controls
Icon
Summary
6
Chapter 4: Risk Management
In Progress | 0 / 4 sections completed | 0%
Icon
Chapter 4: Risk Management
Icon
ISO 31000:2018
Icon
ISO 27005:2022
Icon
Summary
7
Chapter 5: ISMS – Phases of Implementation
In Progress | 0 / 4 sections completed | 0%
Icon
Chapter 5: ISMS – Phases of Implementation
Icon
Phases of ISMS implementation
Icon
Time, effort, and roles in an ISO 27001 implementation
Icon
Summary
8
Chapter 6: Information Security Incident Management
In Progress | 0 / 8 sections completed | 0%
Icon
Chapter 6: Information Security Incident Management
Icon
Understanding security incidents and incident management
Icon
Information security incidents and breaches
Icon
The incident management process
Icon
Understanding the controls related to incident management from Annex of ISO 27001:2022
Icon
Understanding the roles and responsibilities of the incident management team
Icon
ISO/IEC standards related to information security incident management
Icon
Summary
9
Chapter 7: Case Studies – Certification, SoA, and Incident Management
In Progress | 0 / 5 sections completed | 0%
Icon
Chapter 7: Case Studies – Certification, SoA, and Incident Management
Icon
Case study #1 – ISMS implementation and ISO 27001 certification
Icon
Case study #2 – selection of controls and the Statement of Applicability
Icon
Case study #3 – information security incident management
Icon
Summary
10
Part 3: How to Sustain – Monitoring and Measurement
In Progress | 0 / 1 sections completed | 0%
Icon
Part 3: How to Sustain – Monitoring and Measurement
11
Chapter 8: Audit Principles, Concepts, and Planning
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 8: Audit Principles, Concepts, and Planning
Icon
Different types of ISO audit
Icon
Seven principles of auditing
Icon
Additional guidance for auditors
Icon
Audit program
Icon
Summary
12
Chapter 9: Performing an Audit
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 9: Performing an Audit
Icon
An overview of the steps for performing an audit as per ISO 19011 guidelines
Icon
Initiating the audit
Icon
Preparing audit activities
Icon
Conducting audit activities
Icon
Summary
13
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
Icon
Looking at audit reporting
Icon
Completing the audit
Icon
Conducting an audit follow-up
Icon
Looking at the strategies for continual improvement
Icon
Summary
14
Chapter 11: Auditor Competence and Evaluation
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 11: Auditor Competence and Evaluation
Icon
Personal conduct
Icon
Knowledge and skills
Icon
Auditor evaluation
Icon
Maintaining and improving auditor competence
Icon
Summary
15
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
In Progress | 0 / 5 sections completed | 0%
Icon
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
Icon
Case study 1 – audit planning
Icon
Case study 2 – reporting NCs
Icon
Case study 3 – audit reporting
Icon
Summary
16
Index
In Progress | 0 / 2 sections completed | 0%
Icon
Index
Icon
Why subscribe?
17
Other Books You May Enjoy
In Progress | 0 / 4 sections completed | 0%
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
Appendix – Terms and Definitions
In Progress | 0 / 1 sections completed | 0%
Icon
Appendix – Terms and Definitions

Preface

In the rapidly expanding digital age, data has gained the moniker of the “new oil,” highlighting its immense significance. Consequently, the security and management of this invaluable resource have emerged as a paramount concern. In response, international standards have been established to guide organizations in implementing and maintaining robust Information Security Management Systems (ISMSs). Mastering Information Security Compliance Management, offers an in-depth, comprehensive exploration of these standards, specifically ISO/IEC 27001 and 27002.

From foundational principles to intricate processes, this book covers the entire spectrum of information security through 12 detailed chapters. Beginning with a broad overview of information security and the role of standards, it then delves into the specifics of ISO 27001 and its applications. It discusses the implementation of an ISMS, provides insight into the intricate details of ISO 27001 and 27002 control references, and navigates the crucial stages of risk assessment and management. Moreover, it illuminates the complexities of developing an ISMS tailored to unique business contexts and tackles the crucial aspect of information security incident management.

You will be guided through a series of real-life case studies highlighting the practical application of the concepts discussed, along with a thorough examination of audit principles, planning, performance, and reporting. The final chapters explore strategies for continual improvement of an ISMS, the evaluation of auditor competence, and the ethics of the auditing profession.

The goal of this handbook is to equip you with a nuanced understanding of ISO/IEC 27001/27002 standards, enabling you to effectively implement, audit, and enhance an ISMS in your organization, ensuring data security, regulatory compliance, and overall organizational resilience. This book is an essential resource for all professionals engaged in the world of information security.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY