IT Governance
eBook - ePub

IT Governance

An International Guide to Data Security and ISO 27001/ISO 27002

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

IT Governance

An International Guide to Data Security and ISO 27001/ISO 27002

About this book

Faced with the compliance requirements of increasingly punitive information and privacy-related regulation, as well as the proliferation of complex threats to information security, there is an urgent need for organizations to adopt IT governance best practice.

IT Governance is a key international resource for managers in organizations of all sizes and across industries, and deals with the strategic and operational aspects of information security.

Now in its seventh edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems (ISMS) and protect themselves against cyber threats. The new edition covers changes in global regulation, particularly GDPR, and updates to standards in the ISO/IEC 27000 family, BS 7799-3:2017 (information security risk management) plus the latest standards on auditing. It also includes advice on the development and implementation of an ISMS that will meet the ISO 27001 specification and how sector-specific standards can and should be factored in. With information on risk assessments, compliance, equipment and operations security, controls against malware and asset management, IT Governance is the definitive guide to implementing an effective information security management and governance system.

Trusted by 375,005 students

Access to over 1.5 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Kogan Page
Year
2019
Print ISBN
9780749496951
Edition
7
eBook ISBN
9780749496968
Topic
Business
Subtopic
Information Management
Index
Business

Appendix 1

Useful websites

IT Governance Ltd

www.itgovernance.co.uk (archived at https://perma.cc/52C6-BA5J)
Comprehensive library of ISO27001 books, tools and resources
www.itgovernance.co.uk/iso27001 (archived at https://perma.cc/5Z44-FFHT)
Blogs
www.alancalderitgovernanceblog.com (archived at https://perma.cc/Y9WY-KKKQ)
http://blog.itgovernance.co.uk (archived at https://perma.cc/KSG9-6246)

ISO27001 certification-related organizations

United Kingdom Accreditation Service
www.ukas.com (archived at https://perma.cc/PBP9-55AX)
BSI
www.bsigroup.com (archived at https://perma.cc/ERJ8-N2JA)
Bureau Veritas Quality International (BVQI)
www.bureauveritas.co.uk (archived at https://perma.cc/87K2-XPQJ)
DNV GL – Business Assurance
www.dnvgl.com/about/business-assurance/index.html (archived at https://perma.cc/RU25-CU34)
Lloyd’s Register Quality Assurance (LRQA)
www.lr.org/en (archived at https://perma.cc/X8CY-86LH)
NQA Certification
www.nqa.com (archived at https://perma.cc/Z6LN-GX2Q)
SGS
www.sgs.com (archived at https://perma.cc/9WRJ-FBVL)

Microsoft

www.microsoft.com (archived at https://perma.cc/GX4A-BB7A)
www.microsoft.com/download (archived at https://perma.cc/UH3M-5EKJ)
Microsoft Security Centre
https://www.microsoft.com/en-gb/security (archived at https://perma.cc/YY9A-6W65)

Information security

(UK) Alliance Against Intellectual Property Theft
www.allianceforip.co.uk (archived at https://perma.cc/Y5KH-RNNT)
Anti-phishing Working Group
www.antiphishing.org (archived at https://perma.cc/3BMD-EW2H)
British Computer Society
www.bcs.org (archived at https://perma.cc/F2JT-8CR9)
Carnegie Mellon Software Engineering Institute
www.sei.cmu.edu (archived at https://perma.cc/7GK6-8FMN)
Carnegie Mellon Software Engineering Institute Computer Emergency Response Team (CERT) Coordination Centre
www.sei.cmu.edu/about/divisions/cert/index.cfm (archived at https://perma.cc/ C9ZJ-KUQ7)
Centre for Education and Research in Information Assurance and Security
www.cerias.purdue.edu (archived at https://perma.cc/Q2UU-JXBG)
(UK) Centre for the Protection of National Infrastructure
www.cpni.gov.uk (archived at https://perma.cc/3M6L-NUES)
Common Vulnerabilities and Exposures
https://cve.mitre.org (archived at https://perma.cc/ZS35-2RNV)
CWE/SANS Top 25 Most Dangerous Software Errors
http://cwe.mitre.org/top25/ (archived at https://perma.cc/T6SQ-JVHF)
Computer Security Resource Center (US National Institute of Standards and Technology)
csrc.nist.gov (archived at https://perma.cc/Z5WL-42XB)
ENISA
www.enisa.europa.eu (archived at https://perma.cc/Q2UU-JXBG)
(US) Federal Computer Emergency Readiness Team
www.us-cert.gov (archived at https://perma.cc/RV7C-QS8M)
(UK) Federation Against Software Theft
www.fast.org (archived at https://perma.cc/Z8MK-Y2FS)
Forum of Incident Response and Security Teams
www.first.org (archived at https://perma.cc/K8T8-7LSK)
GCHQ, Cheltenham
www.gchq.gov.uk (archived at https://perma.cc/RF95-WKDY)
HMG Cabinet Office Security Policy
www.gov.uk/government/publications/security-policy-framework (archived at https://perma.cc/MB7X-SHGA)
(UK) Information Commissioner
www.ico.org.uk (archived at https://perma.cc/6BTV-VF5H)
Information Systems Audit and Control Association
www.isaca.org (archived at https://perma.cc/M2SL-RC7N)
Information Systems Security Association
www.issa.org (archived at https://perma.cc...

Table of contents

  1. Cover
  2. Half-title Page
  3. Title Page
  4. Contents
  5. About the author
  6. Introduction
  7. 01 Why is information security necessary?
  8. 02 The Corporate Governance Code, the FRC Risk Guidance and Sarbanes–Oxley
  9. 03 ISO27001
  10. 04 Organizing information security
  11. 05 Information security policy and scope
  12. 06 The risk assessment and Statement of Applicability
  13. 07 Mobile devices
  14. 08 Human resources security
  15. 09 Asset management
  16. 10 Media handling
  17. 11 Access control
  18. 12 User access management
  19. 13 System and application access control
  20. 14 Cryptography
  21. 15 Physical and environmental security
  22. 16 Equipment security
  23. 17 Operations security
  24. 18 Controls against malicious software (malware)
  25. 19 Communications management
  26. 20 Exchanges of information
  27. 21 System acquisition, development and maintenance
  28. 22 Development and support processes
  29. 23 Supplier relationships
  30. 24 Monitoring and information security incident management
  31. 25 Business and information security continuity management
  32. 26 Compliance
  33. 27 The ISO27001 audit
  34. Appendix 1: Useful websites
  35. Appendix 2: Further reading
  36. Index
  37. Copyright

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access IT Governance by Alan Calder,Steve Watkins in PDF and/or ePUB format, as well as other popular books in Business & Information Management. We have over 1.5 million books available in our catalogue for you to explore.