You're reading from Mastering Information Security Compliance Management A comprehensive handbook on ISO/IEC 27001:2022 compliance

Product type Paperback

Published in Aug 2023

Publisher Packt

ISBN-13 9781803231174

Length 236 pages

Edition 1st Edition

Concepts

Information Security

Authors (2):

Greeshma M. R.

Adarsh Nair

View More author details

Table of Contents (19) Chapters

Preface

1. Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications

2. Chapter 1: Foundations, Standards, and Principles of Information Security FREE CHAPTER

3. Chapter 2: Introduction to ISO 27001

4. Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation

5. Chapter 3: ISMS Controls

6. Chapter 4: Risk Management

7. Chapter 5: ISMS – Phases of Implementation

8. Chapter 6: Information Security Incident Management

9. Chapter 7: Case Studies – Certification, SoA, and Incident Management

10. Part 3: How to Sustain – Monitoring and Measurement

11. Chapter 8: Audit Principles, Concepts, and Planning

12. Chapter 9: Performing an Audit

13. Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement

14. Chapter 11: Auditor Competence and Evaluation

15. Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting

16. Index

Why subscribe?

17. Other Books You May Enjoy

Appendix – Terms and Definitions

ISO 27001 versus 27002

ISO/IEC 27002 provides guidance on how to implement the security controls in Annex A of ISO 27001, the international standard for an Information Security Management System (ISMS). The ISO 27000 series is a collection of documents pertaining to various aspects of information security management. ISO 27001 is the fundamental framework in which the implementation requirements for an ISMS can be found. Basically, this is a list of everything you need to do in order to be compliant. Although ISO 27002 is a more comprehensive standard, no organization can be accredited to it as it is not a management standard. It is a collection of requirements for businesses to manage their policies and processes so that they can achieve a certain set of outcomes. It essentially lays down the rules for operating a system. In the case of ISO 27001, it defines the ISMS, and therefore certification against ISO 27001 is possible.

Information security must be designed, executed, monitored...

The rest of the chapter is locked

You're reading from Mastering Information Security Compliance Management A comprehensive handbook on ISO/IEC 27001:2022 compliance

Table of Contents (19) Chapters

ISO 27001 versus 27002

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you