IT Governance: An International Guide to Data Security and ISO27001/ISO27002, 6th Edition

  • 7h 27m
  • Alan Calder, Steve Watkins
  • Kogan Page
  • 2015

Faced with constant and rapidly evolving threats to information security, IT managers need to guard their organizations from cyber risks with an effective security system.

Now in its sixth edition, IT Governance provides best-practice guidance for companies looking to protect and enhance their information security management systems. The book has been fully updated to take account of current cyber security and advanced persistent threats. It also reflects the latest regulatory and technological developments, including the 2013 updates to ISO27001/ISO27002, and key international markets, including the UK, North America, the EU, and Asia Pacific.

Changes in the new edition include:

  • Full coverage of changes to data-related regulations in different jurisdictions and advice on compliance
  • Guidance on the new continual improvement model that replaces Plan-Do-Check-Act in the previous ISO standard
  • New developments in cyber risk and mitigation practices
  • The latest technological developments that affect IT governance and security
  • An explanation on the new information security risk assessment process

About the Authors

Alan Calder is a founder-director of IT Governance Ltd. He is also the author of Corporate Governance and International IT Governance (both Kogan Page).

Steve Watkins is an expert in the field of management system standards. He has authored several books on the topic and provides training and consulting services in this area.

In this Book

  • Why is Information Security Necessary?
  • The UK Combined Code, the FRC Risk Guidance and Sarbanes–Oxley
  • ISO27001
  • Organizing Information Security
  • Information Security Policy and Scope
  • The Risk Assessment and Statement of Applicability
  • Mobile Devices
  • Human Resources Security
  • Asset Management
  • Media Handling
  • Access Control
  • User Access Management
  • System and Application Access Control
  • Cryptography
  • Physical and Environmental Security
  • Equipment Security
  • Operations Security
  • Controls Against Malicious Software (Malware)
  • Communications Management
  • Exchanges of Information
  • System Acquisition, Development and Maintenance
  • Development and Support Processes
  • Supplier Relationships
  • Monitoring and Information Security Incident Management
  • Business and Information Security Continuity Management
  • Compliance
  • The ISO27001 Audit
SHOW MORE
FREE ACCESS