LEADER 04559nam 2200625 450 001 9910787785403321 005 20210617082743.0 010 $a1-84928-523-3 035 $a(CKB)2670000000432496 035 $a(EBL)1463579 035 $a(OCoLC)860626137 035 $a(SSID)ssj0001139699 035 $a(PQKBManifestationID)11666970 035 $a(PQKBTitleCode)TC0001139699 035 $a(PQKBWorkID)11183310 035 $a(PQKB)11041189 035 $a(Au-PeEL)EBL1463579 035 $a(CaPaEBR)ebr10778509 035 $a(CaSebORM)9781849285230 035 $a(MiAaPQ)EBC1463579 035 $a(PPN)204518695 035 $a(EXLCZ)992670000000432496 100 $a20131102d2013 uy| 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 10$aISO27001 / ISO27002 $ea pocket guide /$fAlan Calder 205 $aSecond edition. 210 1$aEly, Cambridgeshire, United Kingdom :$cIT Governance Publishing,$d2013. 215 $a1 online resource (78 p.) 300 $aDescription based upon print version of record. 311 $a1-84928-522-5 320 $aIncludes bibliographical references. 327 $aForeword; About the Author; Acknowledgements; contents; Introduction; Risks to information assets; Information Security Management System; Chapter 1: The ISO/IEC 27000 Family of Information Security Standards; ISO/IEC 27001:2013 (ISO27001); ISO/IEC 27002:2013 (ISO27002); ISO/IEC 27003; ISO/IEC 27004; ISO/IEC 27005:2011; ISO/IEC 27006:2011; Definitions; Chapter 2: Background to the Standards; BS7799-2; ISO27001:2005; Correspondence between ISO27001 and ISO27002; Use of the Standards; Chapter 3: Specification vs Code of Practice; Chapter 4: Certification Process; Certification bodies 327 $aChapter 5: The ISMS and ISO27001Definition of information security; The ISMS; Chapter 6: Overview of ISO/IEC 27001:2013; Chapter 7: Overview of ISO/IEC 27002:2013; The security categories; Chapter 8: Documentation and Records; Document control requirements; Contents of the ISMS documentation; Annex A document controls; Chapter 9: Management Responsibility; Management direction; Management-related controls; Requirement for management review; Chapter 10: Process Approach and the PDCA Cycle; PDCA and ISO27001; The PDCA cycle and the clauses of ISO27001; Chapter 11: CONTEXT, Policy and Scope 327 $aThe scoping exerciseLegal and regulatory framework; Policy definition; Policy and business objectives; Chapter 12: Risk Assessment; Link to ISO/IEC 27005; Objectives of risk treatment plans; Risk assessment process; Identify risks (6.1.2.c.1); Threats; Vulnerabilities; Identify risk owners (6.1.2.c.2); Assess the consequences of the risk (6.1.2.d.1); Likelihood (6.1.2.d.2); Levels of risk (6.1.2.d.3); Comparing the risk analysis with the risk criteria (6.1.2.e.1); Prioritise the risks (6.1.2.e.2); Risk treatment plan; Chapter 13: The Statement of Applicability (SoA); SoA and external parties 327 $aControls and Annex AControls (6.1.3.b); Residual risks; Control objectives; Plan for security incidents; Chapter 14: Implementation; Chapter 15: Check and Act; Monitoring; Auditing; Reviewing; Act - maintain and improve the ISMS; Chapter 16: Management Review; Chapter 17: ISO27001 Annex A; Annex A control areas and controls; Clause A5: Information security policies; Clause A6: Organisation of information security; Clause A7: Human resource security; Clause A8: Asset management; Clause A9: Access control; Clause A10: Cryptography; ITG Resources 330 $aInformation is one of your organisation's most important resources. Keeping it secure is therefore vital to your business. This handy pocket guide is an essential overview of two key information security standards that cover the formal requirements (ISO27001:2013) for creating an Information Security Management System (ISMS), and the best-practice recommendations (ISO27002:2013) for those responsible for initiating, implementing or maintaining it. 606 $aComputer security 606 $aData protection 606 $aBusiness enterprises$xComputer networks$xSecurity measures 615 0$aComputer security. 615 0$aData protection. 615 0$aBusiness enterprises$xComputer networks$xSecurity measures. 676 $a78 700 $aCalder$b Alan$f1957-$0881141 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910787785403321 996 $aISO27001$93707326 997 $aUNINA