Mastering Information Security Compliance Management: A comprehensive handbook on ISO/IEC 27001:2022 compliance (Paperback)
暫譯: 掌握資訊安全合規管理:ISO/IEC 27001:2022 合規性綜合手冊 (平裝本)

Nair, Adarsh, R, Greeshma M.

Mastering Information Security Compliance Management: A comprehensive handbook on ISO/IEC 27001:2022 compliance (Paperback)
  • 出版商: Packt Publishing
  • 出版日期: 2023-08-11
  • 售價: $1,600
  • 貴賓價: 9.5$1,520
  • 語言: 英文
  • 頁數: 236
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1803231173
  • ISBN-13: 9781803231174
  • 相關分類: 資訊安全

    • 立即出貨 (庫存=1)

買這商品的人也買了...

相關主題

商品描述

Strengthen your ability to implement, assess, evaluate, and enhance the effectiveness of information security controls based on ISO/IEC 27001/27002:2022 standards
Purchase of the print or Kindle book includes a free PDF eBook

Key Features

  • Familiarize yourself with the clauses and control references of ISO/IEC 27001:2022
  • Define and implement an information security management system aligned with ISO/IEC 27001/27002:2022
  • Conduct management system audits to evaluate their effectiveness and adherence to ISO/IEC 27001/27002:2022

Book Description

ISO 27001 and ISO 27002 are globally recognized standards for information security management systems (ISMSs), providing a robust framework for information protection that can be adapted to all organization types and sizes. Organizations with significant exposure to information-security–related risks are increasingly choosing to implement an ISMS that complies with ISO 27001. This book will help you understand the process of getting your organization's information security management system certified by an accredited certification body.
The book begins by introducing you to the standards, and then takes you through different principles and terminologies. Once you completely understand these standards, you’ll explore their execution, wherein you find out how to implement these standards in different sizes of organizations. The chapters also include case studies to enable you to understand how you can implement the standards in your organization. Finally, you’ll get to grips with the auditing process, planning, techniques, and reporting and learn to audit for ISO 27001.
By the end of this book, you’ll have gained a clear understanding of ISO 27001/27002 and be ready to successfully implement and audit for these standards.

What you will learn

  • Develop a strong understanding of the core principles underlying information security
  • Gain insights into the interpretation of control requirements in the ISO 27001/27002:2022 standard
  • Understand the various components of ISMS with practical examples and case studies
  • Explore risk management strategies and techniques
  • Develop an audit plan that outlines the scope, objectives, and schedule of the audit
  • Explore real-world case studies that illustrate successful implementation approaches

Who this book is for

This book is for information security professionals, including information security managers, consultants, auditors, officers, risk specialists, business owners, and individuals responsible for implementing, auditing, and administering information security management systems. Basic knowledge of organization-level information security management, such as risk assessment, security controls, and auditing, will help you grasp the topics in this book easily.

商品描述(中文翻譯)

強化您根據 ISO/IEC 27001/27002:2022 標準實施、評估、評價和增強資訊安全控制有效性的能力
購買印刷版或 Kindle 書籍包括免費 PDF 電子書

主要特點

- 熟悉 ISO/IEC 27001:2022 的條款和控制參考
- 定義並實施與 ISO/IEC 27001/27002:2022 對齊的資訊安全管理系統
- 進行管理系統審核,以評估其有效性及遵循 ISO/IEC 27001/27002:2022 的情況

書籍描述

ISO 27001 和 ISO 27002 是全球公認的資訊安全管理系統 (ISMS) 標準,提供了一個穩健的資訊保護框架,適用於各類型和規模的組織。面對資訊安全相關風險的組織越來越傾向於實施符合 ISO 27001 的 ISMS。本書將幫助您了解如何通過認可的認證機構獲得組織的資訊安全管理系統認證。
本書首先介紹這些標準,然後帶您了解不同的原則和術語。一旦您完全理解這些標準,您將探索其執行過程,了解如何在不同規模的組織中實施這些標準。各章節還包括案例研究,幫助您理解如何在您的組織中實施這些標準。最後,您將掌握審核過程、計劃、技術和報告,並學習如何進行 ISO 27001 的審核。
在本書結束時,您將對 ISO 27001/27002 有清晰的理解,並準備成功實施和審核這些標準。

您將學到什麼

- 深入了解資訊安全的核心原則
- 獲得對 ISO 27001/27002:2022 標準中控制要求解釋的見解
- 理解 ISMS 的各種組成部分,並通過實際範例和案例研究加以說明
- 探索風險管理策略和技術
- 制定審核計劃,概述審核的範圍、目標和時間表
- 探索真實案例研究,說明成功的實施方法

本書適合誰

本書適合資訊安全專業人士,包括資訊安全經理、顧問、審核員、官員、風險專家、企業主以及負責實施、審核和管理資訊安全管理系統的個人。對組織層級的資訊安全管理(如風險評估、安全控制和審核)有基本了解將有助於您輕鬆掌握本書中的主題。

目錄大綱

  1. Foundations, Standards, and Principles of Information Security
  2. Introduction to ISO 27001
  3. ISMS Controls
  4. Risk Management
  5. ISMS – Phases of Implementation
  6. Information Security Incident Management
  7. Case Studies – Certification, SoA, and Incident Management
  8. Audit Principles, Concepts, and Planning
  9. Performing an Audit
  10. Audit Reporting, Follow-Up, and Strategies for Continual Improvement
  11. Auditor Competence and Evaluation
  12. Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting

目錄大綱(中文翻譯)


  1. Foundations, Standards, and Principles of Information Security

  2. Introduction to ISO 27001

  3. ISMS Controls

  4. Risk Management

  5. ISMS – Phases of Implementation

  6. Information Security Incident Management

  7. Case Studies – Certification, SoA, and Incident Management

  8. Audit Principles, Concepts, and Planning

  9. Performing an Audit

  10. Audit Reporting, Follow-Up, and Strategies for Continual Improvement

  11. Auditor Competence and Evaluation

  12. Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting

類似商品