IT Governance

A Manager's Guide to Data Security and ISO 27001 / ISO 27002

Alan Calder, Steve Watkins

372 pages, parution le 13/05/2008

Ajouter à une liste

Indisponible

Résumé

Information is widely regarded as the lifeblood of modern business, but organizations are facing a flood of threats to such "intellectual capital" from hackers, viruses, and online fraud. Directors must respond to increasingly complex and competing demands regarding data protection, privacy regulations, computer misuse, and investigatory regulations. Governanceill be valuable to board members, executives, owners and managers of any business or organization that depends on information, that uses computers on a regular basis, or that has an internet aspect to its overall strategy.

Covering the Turnbull Report and the Combined Code (in the UK), and the Sarbanes-Oxley Act (in the US), the book examines standards of best practice for companies looking to protect and enhance their information security management systems, allowing them to ensure that their IT security strategies are co-ordinated, coherent, comprehensive and cost effective.

L'auteur - Alan Calder

Alan Calder is CEO of Wide Learning, a supplier of e-learning, and was previously CEO of Focus Central London and, before that, of Business Link London City Partners (BLLCP). He was also a member of the DTIs Information Age Competitiveness Working Group. He is a non-executive director of DNV Certification Services Ltd, a company that certifies compliance with international standards including BS 7799. He is also a Director of IT Governance Ltd, which provides information security services through its web site at www.itgovernance.co.uk

L'auteur - Steve Watkins

Steve Watkins is Corporate Services Manager of HMCPSI and was Head of Quality and Operations at Focus Central London and was, before that, Quality Manager at Business Link. Alan Calder and Steve Watkins were responsible for one of the first companies (BLLCP) to achieve BS 7799 registration when the standard was first promulgated in 1996. They have aided other organizations since then to implement effective information security management systems, and have been involved in the development of both the accredited certification scheme and related training standards.

Sommaire

Why is information security necessary?
The Combined Code, the Turnbaull Report and Sarbanes-Oxley
ISO 27001
Organizing information security
Information security policy and scope
The risk assessment and statement of applicability
External parties
Asset management
Human resources security
Physical and environmental security
Equipment security
Communications and operations management
Controls against malicious software (malware) and back-ups
Network security management and media handling
Exchanges of information
Electronic commerce services
E-mail and internet use
Access control
Network access control
Operating system access control
Application access control and teleworking
Systems acquistion, development and maintenance
Cryptographic controls
Security in development and support processes
Monitoring and information security incident management
Business continuity management
Compliance
The ISO 27001 audit

Voir tout

Replier

Caractéristiques techniques

	PAPIER
Éditeur(s)	Kogan Page
Auteur(s)	Alan Calder, Steve Watkins
Parution	13/05/2008
Nb. de pages	372
Format	17 x 24
Couverture	Broché
Poids	768g
Intérieur	Noir et Blanc
EAN13	9780749452711
ISBN13	978-0-7494-5271-1