Packt+ | Advance your knowledge in tech

You're reading from Governance, Risk, and Compliance Handbook for Oracle Applications Written by industry experts with more than 30 years combined experience, this handbook covers all the major aspects of Governance, Risk, and Compliance management in your organization with this book and ebook.

Product type Paperback

Published in Aug 2012

Publisher Packt

ISBN-13 9781849681704

Length 488 pages

Edition 1st Edition

Tools

Oracle GRC

Concepts

Operations Management

Table of Contents (22) Chapters

Governance, Risk, and Compliance Handbook for Oracle Applications

Credits

1. Foreword

About the Authors

Acknowledgement

About the Authors

Acknowledgement

About the Reviewers

2. www.PacktPub.com

3. Preface

1. Introduction

2. Corporate Governance FREE CHAPTER

3. Information Technology Governance

4. Security Governance

5. Risk Assessment and Control Verification

6. Documenting Your Controls

7. Managing Your Testing Phase: Management Testing and Certifying Controls

8. Managing Your Audit Function

9. IT Audit

10. Cross Industry Cross Compliance

11. Industry-focused Compliance

12. Regional-focused Compliance

ISO 27001 — Information Security Management System (ISMS)

The following diagram shows the key objectives for an Information Security System:

The ISMS must protect information assets from any threats to their availability, integrity, and confidentiality. The ISMS includes Organizational structures, policies, planning activities, practices, procedures, processes, and resources. It is set up to ensure that processes, technology, and user behavior all align to this goal.

ISO 27001 provides a specification against which a deployment and ISMS can be verified by an accredited certification body, such as the UK Accreditation Service. Such organizations are permitted to grant a formal certificate.

The components of an Information Security Management System

While the ISMS specification has other components, six of them are crucial.

A defined scope
An information security policy
A risk assessment
A risk treatment plan
For each risk treatment, state the control objectives and controls to be implemented...

The rest of the chapter is locked

You're reading from Governance, Risk, and Compliance Handbook for Oracle Applications Written by industry experts with more than 30 years combined experience, this handbook covers all the major aspects of Governance, Risk, and Compliance management in your organization with this book and ebook.

Table of Contents (22) Chapters

ISO 27001 — Information Security Management System (ISMS)

The components of an Information Security Management System

Unlock this book and the full library FREE for 7 days

Personalised recommendations for you