The information security management standard (ISMS), ISO/IEC 27001, provides a significant implementation challenge for all organisations. ISO27001 is a management standard: it sets out a specification for how management should identify, from a business risk perspective, the controls and safeguards that should be applied to information assets in order to assure their confidentiality, integrity and confidentiality. Management - and also the ISMS implementation project manager - will usually have a general or quality management background. A significant number of the controls to be applied will, of necessity, be technical and will relate to how IT hardware and software are set up and configured. The technical knowledge to carry out this configuration is usually within the IT or corporate information security team and, because information security is a business responsibility, this team should never have overall accountability for determining the actual controls required by the ISMS. As a result, there is often a gulf in understanding as to what is required between the ISO27001 ISMS project manager and those responsible for implementing the technical controls.
This book does an outstanding job of helping parties on both sides to bridge the gulf. It identifies the recommended technical controls of ISO27001's Annex A and, for a Microsoft environment, provides guidance on how (if, on the basis of a risk assessment, they are considered necessary) to implement them. This book fills a major hole in the guidance literature for ISO27001 and will make a significant contribution to helping both project managers and IT and security staff get to grips with what controls are appropriate to mitigate identified risks.
- ISBN10 190535679X
- ISBN13 9781905356799
- Publish Date 3 February 2009
- Publish Status Out of Print
- Out of Print 2 June 2010
- Publish Country GB
- Imprint IT Governance Publishing
- Format eBook
- Pages 308
- Language English