ISO27001 - a Pocket Guide (Paperback)

This book is intended to meet the needs of two groups: Individual readers who have turned to it as an introduction to a topic that they know little about; and organizations implementing, or considering implementing, some sort of information security management regime, particularly if using ISO/IEC 27001:2005. In either case, the book furnishes readers with an understanding of the basics of information security, including: a definition of what information security means; how managing information security can be achieved using an approach recognised world-wide; the sorts of factors that need to be considered in an information security regime, including how the perimeters of such a scheme can be properly defined; how an information security management system can ensure it is maximising the effect of any budget it has; what sort of things resources might be invested in to deliver a consistent level of assurance; and how organizations can demonstrate the degree of assurance they offer with regards to information security, how to interpret claims of adherence to the ISO 27001 standard and exactly what it means. Corporate bodies will find this book useful at a number of stages in any information security project, including: at the decision-making stage; to ensure that those committing to an information security project do so from a truly informed position; at project initiation stage, as an introduction to information security for the project board, project team members and those on the periphery of the project; and as part of an on-going awareness campaign, being made available to all staff[1] and to new starters as part of their introduction to the company. Corporate users may find they get the most benefit from making the Pocket Guide available and adding a small flyer inside the book which explains how various sections relate to their own specific environment, or where they are addressed in their information security management system (ISMS). The book is designed to be read without having to frequently break from the text, but there is a list of abbreviations along with terms and definitions in chapter 7 for easy reference. Where footnotes have been added they are not essential reading, and it is recommended you ignore these on your first read through if you are new to the subject - on a second reading they will be of more relevance, and particularly if you are involved in an information security project or decision at any stage. On finishing your initial read through it is suggested you keep a copy for easy reference. This is not an implementation or 'How to do it' guide. Implementing an ISO 27001 compliant information security management system (ISMS) requires more advice than a Pocket Guide such as this is designed to offer. The project is in most cases likely to equate to a significant business change project, and will require all the project governance arrangements that suit such an undertaking. There are books available which offer suitably detailed advice, such as "IT Governance: A Manager's Guide to Data Security and BS 7799/ISO 17799" (3rd edition) and they can be obtained along with numerous other helpful advice, tools and other related information from the sources signposted in chapter 7.