In an era where cybersecurity threats are escalating and complex global regulations are intensifying, the need for a comprehensive, actionable guide to ISO 27001, ISO 27002 and SOC 2 is more critical than ever. Information Security Management provides an essential resource for building or improving a robust information security management system that achieves ISO 27001 and SOC 2 compliance. Drawing on best practice recommendations from ISO 27002, managers and leaders will learn not only how to achieve cybersecurity excellence but also how to gain buy-in from the wider business for long-term,…mehr
In an era where cybersecurity threats are escalating and complex global regulations are intensifying, the need for a comprehensive, actionable guide to ISO 27001, ISO 27002 and SOC 2 is more critical than ever. Information Security Management provides an essential resource for building or improving a robust information security management system that achieves ISO 27001 and SOC 2 compliance. Drawing on best practice recommendations from ISO 27002, managers and leaders will learn not only how to achieve cybersecurity excellence but also how to gain buy-in from the wider business for long-term, effective change. It is supported by actionable strategies and checklists, making it a practical guide for immediate implementation in any organization. Unique in its approach, this book shows how ISO 27001 compliance can serve as a foundational framework for achieving SOC 2 certification. It also features real-world examples of companies that have successfully implemented strong information security management systems and is supported by insights from industry experts, auditors and consultants on best practices and common pitfalls. Showing how organizations can implement ISO 27001, IS0 27002 and SOC 2, Information Security Management demonstrates how to build an information security management system built for compliance and long-term success in today's complex landscape.
David Clarke is an internationally known security, ISO 27001 and GDPR advisor and has been recognized by multiple outlets including Onalytica, Thomson Reuters and Thinkers 360 as a top thought leader in cybersecurity, privacy and security. His company, Visco, offers risk and compliance services to organizations to help them meet privacy and cybersecurity requirements and standards. Clarke has held multiple security management and leadership positions for a number of Global FTSE 100 companies, has managed multiple global security operations centres and is the founder of the GDPR Technology Forum. He also authored the only online data breach course accredited by the National Cyber Security Centre (NCSC) and is the co-author of a GDPR Audit Scheme approved by The ICO (Information Commissioner's Office). He is based in London, UK.
Inhaltsangabe
Section ONE: Foundations of ISO 27001, Objective Setting, Internal Auditing, Strategic Advantages, and Risks of Technical Decision Making Chapter 01: introduction to ISO 27001; Chapter 02: Historical Evolution: From BS7799 to ISO 27001; Chapter 03: Demystifying ISO 27001: Objectives to Training; Chapter 04: Creating Objectives, KPIs, and Metrics; Chapter 05: Internal Audit and Gap Analysis; Chapter 06: Continuous Auditing; Chapter 07: Strategic Advantages of ISO 27001; Chapter 08: Risks of Relying on Technical Decision Making; Section TWO: Practical Applications, Leadership, and Documentation Chapter 09: Practical Cyber Risk Mitigation Plans; Chapter 10: Comprehensive Audit Management; Chapter 11: Expert Documentation & Procedures; Chapter 12: Presenting Documentation for Steering Group Approval; Chapter 13: Architecture of Documents; Chapter 14: Leadership in Steering Group Management; Section THREE: Excellence in Auditing, Stakeholder Engagement, Leadership Buy in, and Leveraging Key Domains under ISO 27001 Chapter 15: Preparing for Audit; Chapter 16: Briefing Stakeholders; Chapter 17: Ensuring Senior Leadership Buy in; Chapter 18: Detailed Audit Micro management; Chapter 19: Exceeding Industry Benchmarks; Chapter 20: Continuous Support & Expertise; Chapter 21: Leveraging Key Domains for ISO 27001 Excellence; Section FOUR: Designing Awareness and Training Programs, Challenges, Nonconformity Management, Technical Audits Integration, Responsibilities, and Strategic Incident Management Chapter 22: Designing Awareness and Training Programs; Chapter 23: Challenges in ISO 27001 Implementation; Chapter 24: Managing Nonconformities; Chapter 25: Integrating Results of Technical Audits into ISO Management; Chapter 26: Joint, Shared, Cost, and Regulatory Responsibilities; Chapter 27: Leveraging Incident Response and Vendor Due Diligence; Chapter 28: Business Continuity Planning and Influencing Incident Outcomes; Chapter 29: Change Control and Best Practice Implementation Auditing; Chapter 30: Building an SOA (Statement of Applicability); Section FIVE: The Future of ISO 27001, Regulatory Compliance, and A Legacy of Excellence Chapter 31: Bridging ISO 27001 with SOC2; Chapter 32: Navigating the Surge of Global Cyber and Data Regulations; Chapter 33: Understanding WISP: Mandates Across 25 US States; Chapter 34: Expertise in ISO 27001 and Beyond: A Legacy of Excellence; Chapter 35: A Journey from BS7799 to ISO 27001; Chapter 36: Proven Documentation & Global Recognition; Chapter 37: ISO 27001 as a Business Enabler; Chapter 38: Board and Senior Management Engagement; Chapter 39: Holistic Integration: Transactionally, Intellectually, and Operationally; Chapter 40: The Surge of Cyber and Data Regulation; Chapter 41: A Legacy Since 2005
Section ONE: Foundations of ISO 27001, Objective Setting, Internal Auditing, Strategic Advantages, and Risks of Technical Decision Making Chapter 01: introduction to ISO 27001; Chapter 02: Historical Evolution: From BS7799 to ISO 27001; Chapter 03: Demystifying ISO 27001: Objectives to Training; Chapter 04: Creating Objectives, KPIs, and Metrics; Chapter 05: Internal Audit and Gap Analysis; Chapter 06: Continuous Auditing; Chapter 07: Strategic Advantages of ISO 27001; Chapter 08: Risks of Relying on Technical Decision Making; Section TWO: Practical Applications, Leadership, and Documentation Chapter 09: Practical Cyber Risk Mitigation Plans; Chapter 10: Comprehensive Audit Management; Chapter 11: Expert Documentation & Procedures; Chapter 12: Presenting Documentation for Steering Group Approval; Chapter 13: Architecture of Documents; Chapter 14: Leadership in Steering Group Management; Section THREE: Excellence in Auditing, Stakeholder Engagement, Leadership Buy in, and Leveraging Key Domains under ISO 27001 Chapter 15: Preparing for Audit; Chapter 16: Briefing Stakeholders; Chapter 17: Ensuring Senior Leadership Buy in; Chapter 18: Detailed Audit Micro management; Chapter 19: Exceeding Industry Benchmarks; Chapter 20: Continuous Support & Expertise; Chapter 21: Leveraging Key Domains for ISO 27001 Excellence; Section FOUR: Designing Awareness and Training Programs, Challenges, Nonconformity Management, Technical Audits Integration, Responsibilities, and Strategic Incident Management Chapter 22: Designing Awareness and Training Programs; Chapter 23: Challenges in ISO 27001 Implementation; Chapter 24: Managing Nonconformities; Chapter 25: Integrating Results of Technical Audits into ISO Management; Chapter 26: Joint, Shared, Cost, and Regulatory Responsibilities; Chapter 27: Leveraging Incident Response and Vendor Due Diligence; Chapter 28: Business Continuity Planning and Influencing Incident Outcomes; Chapter 29: Change Control and Best Practice Implementation Auditing; Chapter 30: Building an SOA (Statement of Applicability); Section FIVE: The Future of ISO 27001, Regulatory Compliance, and A Legacy of Excellence Chapter 31: Bridging ISO 27001 with SOC2; Chapter 32: Navigating the Surge of Global Cyber and Data Regulations; Chapter 33: Understanding WISP: Mandates Across 25 US States; Chapter 34: Expertise in ISO 27001 and Beyond: A Legacy of Excellence; Chapter 35: A Journey from BS7799 to ISO 27001; Chapter 36: Proven Documentation & Global Recognition; Chapter 37: ISO 27001 as a Business Enabler; Chapter 38: Board and Senior Management Engagement; Chapter 39: Holistic Integration: Transactionally, Intellectually, and Operationally; Chapter 40: The Surge of Cyber and Data Regulation; Chapter 41: A Legacy Since 2005
Es gelten unsere Allgemeinen Geschäftsbedingungen: www.buecher.de/agb
Impressum
www.buecher.de ist ein Internetauftritt der buecher.de internetstores GmbH
Geschäftsführung: Monica Sawhney | Roland Kölbl | Günter Hilger
Sitz der Gesellschaft: Batheyer Straße 115 - 117, 58099 Hagen
Postanschrift: Bürgermeister-Wegele-Str. 12, 86167 Augsburg
Amtsgericht Hagen HRB 13257
Steuernummer: 321/5800/1497
USt-IdNr: DE450055826
