Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Mastering Information Security Compliance Management
  • Toc
  • feedback
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

By : Adarsh Nair, Greeshma M. R.
4.7 (19)
close
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

4.7 (19)
By: Adarsh Nair, Greeshma M. R.

Overview of this book

ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body. The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001. By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.
Table of Contents (19 chapters)
close
close
Preface
chevron up
Preface
Who this book is for
What this book covers
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
Free Chapter
2
Chapter 1: Foundations, Standards, and Principles of Information Security
Chapter 1: Foundations, Standards, and Principles of Information Security
The CIA triad
Information security standards
Using an information security management system
The ISO 27000 series
Summary
3
Chapter 2: Introduction to ISO 27001
Chapter 2: Introduction to ISO 27001
ISO 27001’s origin
ISO 27001’s structure and PDCA
Implementing an ISMS – a SWOT analysis
Legal and regulatory compliance
Accreditations and certifications
Summary
4
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
5
Chapter 3: ISMS Controls
Chapter 3: ISMS Controls
ISO 27001 versus 27002
Annex A controls
Summary
6
Chapter 4: Risk Management
Chapter 4: Risk Management
ISO 31000:2018
ISO 27005:2022
Summary
7
Chapter 5: ISMS – Phases of Implementation
Chapter 5: ISMS – Phases of Implementation
Phases of ISMS implementation
Time, effort, and roles in an ISO 27001 implementation
Summary
8
Chapter 6: Information Security Incident Management
Chapter 6: Information Security Incident Management
Understanding security incidents and incident management
Information security incidents and breaches
The incident management process
Understanding the controls related to incident management from Annex of ISO 27001:2022
Understanding the roles and responsibilities of the incident management team
ISO/IEC standards related to information security incident management
Summary
9
Chapter 7: Case Studies – Certification, SoA, and Incident Management
Chapter 7: Case Studies – Certification, SoA, and Incident Management
Case study #1 – ISMS implementation and ISO 27001 certification
Case study #2 – selection of controls and the Statement of Applicability
Case study #3 – information security incident management
Summary
10
Part 3: How to Sustain – Monitoring and Measurement
Part 3: How to Sustain – Monitoring and Measurement
11
Chapter 8: Audit Principles, Concepts, and Planning
Chapter 8: Audit Principles, Concepts, and Planning
Different types of ISO audit
Seven principles of auditing
Additional guidance for auditors
Audit program
Summary
12
Chapter 9: Performing an Audit
Chapter 9: Performing an Audit
An overview of the steps for performing an audit as per ISO 19011 guidelines
Initiating the audit
Preparing audit activities
Conducting audit activities
Summary
13
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement
Looking at audit reporting
Completing the audit
Conducting an audit follow-up
Looking at the strategies for continual improvement
Summary
14
Chapter 11: Auditor Competence and Evaluation
Chapter 11: Auditor Competence and Evaluation
Personal conduct
Knowledge and skills
Auditor evaluation
Maintaining and improving auditor competence
Summary
15
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting
Case study 1 – audit planning
Case study 2 – reporting NCs
Case study 3 – audit reporting
Summary
16
Index
Index
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
Appendix – Terms and Definitions
Appendix – Terms and Definitions

What this book covers

In Mastering Information Security Compliance Management: A comprehensive handbook on ISO/IEC 27001:2022 compliance, each chapter contributes to building a holistic understanding of the ISO/IEC 27001/27002 standards and their implementation.

Chapter 1, Foundations, Standards, and Principles of Information Security, establishes the groundwork, explaining the core principles of information security and the role of ISO/IEC 27000 standards, specifically ISO/IEC 27001, to develop a robust ISMS.

Chapter 2, Introduction to ISO 27001, provides an in-depth exploration of ISO 27001, its operational model, the benefits, and the processes involved in achieving accreditation from recognized bodies.

Chapter 3, ISMS Controls, focuses on the controls outlined in ISO 27001/27002, detailing their interpretation and application based on the specific business context.

Chapter 4, Risk Management, dives into the integral components of the ISO 27001 framework, emphasizing the role of risk assessment, management, and the necessity of a risk register.

Chapter 5, ISMS – Phases of Implementation, takes you through the various stages involved in developing an ISMS, illustrating how to tailor control implementation to the specific context of a business.

Chapter 6, Information Security Incident Management, covers the essential aspects of incident management, highlighting the importance of comprehensive incident management plans.

Chapter 7, Case Studies – Certification, SoA, and Incident Management, offers practical insights through real-world case studies, focusing on certification, the Statement of Applicability (SoA), and incident management.

Chapter 8, Audit Principles, Concepts, and Planning, delves into the principles of auditing, introducing different types of audits and outlining the processes involved in planning for audits.

Chapter 9, Performing an Audit, guides you through the audit process, from data collection and system effectiveness assessment to the formulation of reports and recommendations.

Chapter 10, Audit Reporting, Follow-Up, and Strategies for Continual Improvement, discusses the importance of audit reporting, follow-up processes, and strategies for the continual improvement of an ISMS.

Chapter 11, Auditor Competence and Evaluation, focuses on the competencies, responsibilities, and ethical conduct required of auditors in the auditing process.

Chapter 12, Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting, concludes the book with practical examples and real-world scenarios, focusing on audit planning, reporting nonconformities, and audit reporting.

The entire book offers a comprehensive understanding of the ISO/IEC 27001/27002 standards, presenting both theoretical knowledge and practical application, aiding you in implementing, auditing, and enhancing an ISMS in your organization.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete