Information Security Risk Management for ISO 27001/ISO 27002

Saved in:
Bibliographic Details
Title: Information Security Risk Management for ISO 27001/ISO 27002
Description: Protect your information assets with effective risk management In today's information economy, the development, exploitation and protection of information and associated assets are key to the long-term competitiveness and survival of corporations and entire economies. The protection of information and associated assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility. Information security management system requirements ISO 27000, which provides an overview for the family of international standards for information security, states that “An organisation needs to undertake the following steps in establishing, monitoring, maintaining and improving its ISMS […] assess information security risks and treat information security risks”. The requirements for an ISMS are specified in ISO 27001. Under this standard, a risk assessment must be carried out to inform the selection of security controls, making risk assessment the core competence of information security management and a critical corporate discipline. Plan and carry out a risk assessment to protect your information Information Security Risk Management for ISO 27001 / ISO 27002: Provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO 27001. Draws on national and international best practice around risk assessment, including BS 7799-3:2017 (BS 7799-3). Covers key topics such as risk assessment methodologies, risk management objectives, information security policy and scoping, threats and vulnerabilities, risk treatment and selection of controls. Includes advice on choosing risk assessment software. Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits. Buy your copy today! About the authors Alan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker. Steve Watkins is an executive director at GRC International Group plc. He is a contracted technical assessor for UKAS – advising on its assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cyber security and privacy standards, and chairs the UK National Standards Body's technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it. Steve was an active member of IST/33/-/6, which developed BS 7799-3.
Authors: Alan Calder, Steve Watkins
Resource Type: eBook.
Subjects: Computer security--Management, Computer security--Standards, Data protection--Standards
Categories: COMPUTERS / Security / Network Security, COMPUTERS / Internet / Online Safety & Privacy
Database: eBook Collection (EBSCOhost)
FullText Links:
  – Type: ebook-pdf
  – Type: ebook-epub
Text:
  Availability: 0
Header DbId: nlebk
DbLabel: eBook Collection (EBSCOhost)
An: 2247477
RelevancyScore: 1090
AccessLevel: 6
PubType: eBook
PubTypeId: ebook
PreciseRelevancyScore: 1090.09973144531
IllustrationInfo
ImageInfo – Size: thumb
  Target: https://rps2images.ebscohost.com/rpsweb/othumb?id=NL$2247477$PDF&s=r
– Size: medium
  Target: https://rps2images.ebscohost.com/rpsweb/othumb?id=NL$2247477$PDF&s=d
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Information Security Risk Management for ISO 27001/ISO 27002
– Name: Abstract
  Label: Description
  Group: Ab
  Data: Protect your information assets with effective risk management In today's information economy, the development, exploitation and protection of information and associated assets are key to the long-term competitiveness and survival of corporations and entire economies. The protection of information and associated assets – information security – is therefore overtaking physical asset protection as a fundamental corporate governance responsibility. Information security management system requirements ISO 27000, which provides an overview for the family of international standards for information security, states that “An organisation needs to undertake the following steps in establishing, monitoring, maintaining and improving its ISMS […] assess information security risks and treat information security risks”. The requirements for an ISMS are specified in ISO 27001. Under this standard, a risk assessment must be carried out to inform the selection of security controls, making risk assessment the core competence of information security management and a critical corporate discipline. Plan and carry out a risk assessment to protect your information Information Security Risk Management for ISO 27001 / ISO 27002: Provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO 27001. Draws on national and international best practice around risk assessment, including BS 7799-3:2017 (BS 7799-3). Covers key topics such as risk assessment methodologies, risk management objectives, information security policy and scoping, threats and vulnerabilities, risk treatment and selection of controls. Includes advice on choosing risk assessment software. Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits. Buy your copy today! About the authors Alan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker. Steve Watkins is an executive director at GRC International Group plc. He is a contracted technical assessor for UKAS – advising on its assessments of certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cyber security and privacy standards, and chairs the UK National Standards Body's technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it. Steve was an active member of IST/33/-/6, which developed BS 7799-3.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Alan+Calder%22">Alan Calder</searchLink><br /><searchLink fieldCode="AR" term="%22Steve+Watkins%22">Steve Watkins</searchLink>
– Name: TypePub
  Label: Resource Type
  Group: TypPub
  Data: eBook.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Computer+security--Management%22">Computer security--Management</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security--Standards%22">Computer security--Standards</searchLink><br /><searchLink fieldCode="DE" term="%22Data+protection--Standards%22">Data protection--Standards</searchLink>
– Name: SubjectBISAC
  Label: Categories
  Group: Su
  Data: <searchLink fieldCode="ZK" term="%22COMPUTERS+%2F+Security+%2F+Network+Security%22">COMPUTERS / Security / Network Security</searchLink><br /><searchLink fieldCode="ZK" term="%22COMPUTERS+%2F+Internet+%2F+Online+Safety+%26+Privacy%22">COMPUTERS / Internet / Online Safety & Privacy</searchLink>
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=nlebk&AN=2247477
RecordInfo BibRecord:
  BibEntity:
    Classifications:
      – Code: 658.155
        Scheme: ddc
        Type: prePub
    Languages:
      – Code: eng
        Text: English
    Subjects:
      – SubjectFull: Computer security--Management
        Type: general
      – SubjectFull: Computer security--Standards
        Type: general
      – SubjectFull: Data protection--Standards
        Type: general
    Titles:
      – TitleFull: Information Security Risk Management for ISO 27001/ISO 27002
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Alan Calder
      – PersonEntity:
          Name:
            NameFull: Steve Watkins
      – PersonEntity:
          Name:
            NameFull: Alan Calder
      – PersonEntity:
          Name:
            NameFull: Steve Watkins
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 01
              Type: published
              Y: 2019
            – D: 06
              M: 03
              Type: profile
              Y: 2020
          Identifiers:
            – Type: isbn-print
              Value: 9781787781368
            – Type: isbn-electronic
              Value: 9781787781375
            – Type: isbn-electronic
              Value: 9781787781382
            – Type: isbn-electronic
              Value: 9781787781399
          Titles:
            – TitleFull: Information Security Risk Management for ISO 27001/ISO 27002
              Type: main
ResultId 1