| Document Type
|
:
|
BL
|
| Record Number
|
:
|
851346
|
| Main Entry
|
:
|
Chopra, Abhishek.
|
| Title & Author
|
:
|
Implementing an Information Security Management System : : Security Management Based on ISO 27001 Guidelines /\ Abhishek Chopra, Mukund Chaudhary.
|
| Publication Statement
|
:
|
Berkeley, CA :: Apress L.P.,, ©2020.
|
| Page. NO
|
:
|
1 online resource (284 pages)
|
| ISBN
|
:
|
1484254139
|
|
|
:
|
: 1484254147
|
|
|
:
|
: 9781484254134
|
|
|
:
|
: 9781484254141
|
|
|
:
|
1484254120
|
|
|
:
|
9781484254127
|
| Notes
|
:
|
Risk Components
|
| Contents
|
:
|
Intro -- Table of Contents -- About the Authors -- About the Technical Reviewer -- Acknowledgments -- Introduction -- Chapter 1: The Need for Information Security -- What Is Information Security? -- Data -- Information -- How ISO 27001 Applies to You -- ISO 27001: Information Security Management System -- Confidentiality -- Integrity -- Availability -- Why Is It Important to Safeguard Information? -- Yahoo -- Marriott International -- eBay -- Heartland Payment Systems -- Uber -- NHS Cyberattack -- Safeguarding Summary -- Scenario 1: Banking -- Cosmos Bank Cyberattack
|
|
|
:
|
Annex 12: Operations Security -- Annex 13: Communications Security -- Annex 14: Security Requirements of Information Systems -- Security in Development and Support Processes -- Define a Secure Development Policy -- Test Data -- Annex 15: Supplier Relationships -- Annex 16: Information Security Incident Management -- Annex 17: Information Security Aspects of Business Continuity Management -- Annex 18: Compliance -- Preparing the Analysis Report -- Presenting the Report to Management/Teams -- Summary -- Chapter 5: Risk Management Approach -- Defining and Finalizing the Risk Assessment Framework
|
|
|
:
|
Scenario 2: Trade Secrets -- Scenario 3: Healthcare -- Scenario 4: Manufacturing -- Stuxnet Virus -- Scenario 5: Information Technology -- Summary -- Chapter 2: Assessing Needs and Scope -- Assessing Business Needs -- Scope and High-level Timeframe for Implementation -- What's Covered in the Scope Document? -- What Is the Statement of Applicability (SOA)? -- Section A.5 of the Annexure -- Responsibility -- Section A.6 of the Annexure -- Responsibility -- Section A.7 of the Annexure -- Responsibility -- Section A.8 of the Annexure -- Responsibility -- Section A.9 of the Annexure -- Responsibility
|
|
|
:
|
Section A.10 of the Annexure -- Responsibility -- Section A.11 of the Annexure -- Responsibility -- Section A.12 of the Annexure -- Responsibility -- Section A.13 of the Annexure -- Responsibility -- Section A.14 of the Annexure -- Responsibility -- Section A.15 of the Annexure -- Responsibility -- Section A.16 of the Annexure -- Responsibility -- Section A.17 of the Annexure -- Responsibility -- Section A.18 of the Annexure -- Responsibility -- High-Level Timeframe -- Senior Management Support -- Summary -- Reference -- Chapter 3: Project Kick-Off -- Presenting a High-Level Plan
|
|
|
:
|
Setting Up the Project Taskforce -- Administration Department -- Chief Information Security Officer (CISO) -- System Admin or IT Manager -- Information Security Management (ISM) Team -- Human Resources Management -- Getting Commitment -- Summary -- Chapter 4: Initial Risk Assessment -- Meeting the Team -- Annex 5: Information Security Policies -- Annex 6: Organization of Information Security -- Annex 7: Human Resources Security -- Annex 8: Asset Management -- Annex 9: Access Control -- Annex 10: Cryptographic Control -- Annex 11: Physical and Environmental Security
|
| Abstract
|
:
|
Discover the simple steps to implementing information security standards using ISO 27001, the most popular information security standard across the world. You'll see how it offers best practices to be followed, including the roles of all the stakeholders at the time of security framework implementation, post-implementation, and during monitoring of the implemented controls. Implementing an Information Security Management System provides implementation guidelines for ISO 27001:2013 to protect your information assets and ensure a safer enterprise environment. This book is a step-by-step guide on implementing secure ISMS for your organization. It will change the way you interpret and implement information security in your work area or organization. You will: Discover information safeguard methods Implement end-to-end information security Manage risk associated with information security Prepare for audit with associated roles and responsibilities Identify your information risk Protect your information assets.
|
| Subject
|
:
|
Computer security-- Management.
|
| Subject
|
:
|
Computer security-- Management.
|
| Dewey Classification
|
:
|
005.8
|
| LC Classification
|
:
|
QA75.5-76.95
|
|
|
:
|
QA76.9.A25
|
| Added Entry
|
:
|
Chaudhary, Mukund.
|