IT Governance - A Managers Guide to Data Security and BS 7799/ISO 17799 (Hardcover, 2nd Revised edition)

It is reported that 60 per cent of organizations have suffered a data security breach in the past two years and 43 per cent of those that have sensitive or critical information have suffered an extremely serious one. With the growing importance of IT to both internal systems and external e-commerce, this may be alarming, but perhaps not surprising. What is surprising is that, up until very recently, data security has been seen as the province of the IT department rather than, as it should be, a key boardroom issue for the e-commerce age. directors of listed companies must comply with the UK's Combined Code requirements in respect of internal controls including both financial, risk management and operational - specifically operational from an IT perspective. By underlining the importance of IT Governance as a critical aspect of Corporate Governance the report establishes best practice for any organization both public and private, large and small. business management and IT management - makes it essential for managers at all levels of the organization to adopt best practice in information security. By taking on BS 7799 or ISO 17799 organizations can be certain that they are doing this. This second edition is now updated to contain the final BS 7799/ISO 17799 nomenclature. effective information security management and shows how to introduce reliable management controls. In so doing, it also goes into detail through the process of achieving BS or ISO certification. It is a resource for directors and senior managers in organizations of all sorts and sizes but particularly those with well-developed internal IT systems and those focused on e-commerce. and the Turnbull Report; BS 7799 - Benefits of certification; information security management; information security policy and scope; the risk assessment and statement of applicability; security of third party access and outsourcing; asset classification and control; personnel security; physical and environmental security; equipment security; general security controls; communications and operations management; controls against malicious software (malware); and housekeeping, network management and media handling.