The security criteria of the International Standards Organization (ISO) provides an excellent foundation for identifying and addressing business risks through a disciplined security management process. Using security standards ISO 17799 and ISO 27001 as a basis, How to Achieve 27001 Certification: An Example of Applied Compliance Management helps an organization align its security and organizational goals so it can generate effective security, compliance, and management programs. The authors offer insight from their own experiences, providing questions and answers to determine an organization's information security strengths and weaknesses with respect to the standard. They also present step-by-step information to help an organization plan an implementation, as well as prepare for certification and audit. Security is no longer a luxury for an organization, it is a legislative mandate. A formal methodology that helps an organization define and execute an ISMS is essential in order to perform and prove due diligence in upholding stakeholder interests and legislative compliance. Providing a good starting point for novices, as well as finely tuned nuances for seasoned security professionals, this book is an invaluable resource for anyone involved with meeting an organization's security, certification, and compliance needs.ISO/IEC TR 13335-3, Guidelines for the Management of IT Security: Techniques for the Management of IT Security from ... In effect another ISMS standard; contains a handy cross-reference table comparing its control coverage to that of standards such as ISO 17799:2005. ... SP800-26, Government Audit Office Federal Information System Controls Audit Manual, Introduction to ISO Security Standards n.
|Title||:||How to Achieve 27001 Certification|
|Author||:||Sigurjon Thor Arnason, Keith D. Willett|
|Publisher||:||CRC Press - 2007-11-28|