You're reading from Mastering Information Security Compliance Management A comprehensive handbook on ISO/IEC 27001:2022 compliance

Product type Paperback

Published in Aug 2023

Publisher Packt

ISBN-13 9781803231174

Length 236 pages

Edition 1st Edition

Concepts

Information Security

Authors (2):

Greeshma M. R.

Adarsh Nair

View More author details

Table of Contents (19) Chapters

Preface

1. Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications

2. Chapter 1: Foundations, Standards, and Principles of Information Security FREE CHAPTER

3. Chapter 2: Introduction to ISO 27001

4. Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation

5. Chapter 3: ISMS Controls

6. Chapter 4: Risk Management

7. Chapter 5: ISMS – Phases of Implementation

8. Chapter 6: Information Security Incident Management

9. Chapter 7: Case Studies – Certification, SoA, and Incident Management

10. Part 3: How to Sustain – Monitoring and Measurement

11. Chapter 8: Audit Principles, Concepts, and Planning

12. Chapter 9: Performing an Audit

13. Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement

14. Chapter 11: Auditor Competence and Evaluation

15. Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting

16. Index

Why subscribe?

17. Other Books You May Enjoy

Appendix – Terms and Definitions

Foundations, Standards, and Principles of Information Security

In today’s information-centric environment, the concept of information security is paramount and is now on par with other business functions. Irrespective of their market share, private or public status, or geographical location, businesses are being pushed to move online in order to stay relevant.

In the 21st century, we have all experienced the information revolution. Data is stimulating the information revolution in the same way that oil catalyzed the industrial revolution. In today’s environment, data is the raw resource that must be studied, interpreted, and retrieved with care in order to provide significant insights to its users.

The difference between oil and data is that the volume of oil is reducing across the world, whereas the amount of data is growing day by day. Data has become a valuable commodity and fuel source in today’s world.

On the other hand, data-related cybercrime such as data theft is expanding exponentially. A data breach occurs when a company unwittingly exposes critical information that might cause damage to a company’s reputation, brand value, and customer trust, or even result in regulatory penalties.

The average cost of a data breach was $4.35 million in the year 2022, according to IBM’s Cost of a Data Breach Report 2022. While the average cost per record was $164 in 2022, the cost per record has climbed considerably since 2020. Hackers are primarily interested in a company’s customer information because they can use it to blackmail the company or sell the information to competitors. Data has become, on average, more valuable than any other asset. Information security principles guide the entire concept of data security.

This chapter will explain the fundamentals of Information Security, including why it’s important and how security frameworks can help reduce risk and develop a mechanism to manage information security across an enterprise. The key topics covered are the following:

The CIA triad
Information security standards
Using an information security management system
The ISO 27000 series

You're reading from Mastering Information Security Compliance Management A comprehensive handbook on ISO/IEC 27001:2022 compliance

Table of Contents (19) Chapters

Foundations, Standards, and Principles of Information Security

Authors (2)

Personalised recommendations for you