We see that javascript is disabled or not supported by your browser - javascript is needed for important actions on the site. Read more

What's New - Home - Login

Member $avings: $81,596,853.18 | Books Available: 784,863 | Members Online: 293

Swap Used Books - Buy New Books at Great Prices!

How To Swap Books Sign Up Search submenu

PBS Market (New Books)

Gift Buying Guide

Book Browser Advanced Search Books Posted Today Member Book Reviews Award Winning Books NYT Best Sellers Amazon Best Sellers Most Traveled Copies Club Wish List

Discussion Forums Book Lists

Club Lists My Book Lists My Watched Lists Create a List

Blog Donations

School Donation Program In Memory of... Military Donation Program Friends of PBS

Box-O-Books Maps The Eclectic Pen Fun Stuff

20 Questions Sudoku Bookmark Creator

Top 100

Requests Posts Swappers Referrers Reviewers

Pulse of PBS Spread The Word

Invite Friends Bookmarks Facebook Page Facebook App More Ways...

Photo Gallery Recipes Club Tag Cloud Member Testimonials

Help Center submenu

How To Swap Books Browse Help Docs Ask the Librarian PBS Member Icons Live Help

Kiosk

PBS Market (New Books) Go Shopping Buy Credits Buy PBS Money Upgrade Membership Gift Certificates Transfer Credits

Need Help?

Search - Information Security Risk Management for ISO27001 / ISO27002

Information Security Risk Management for ISO27001 / ISO27002
Author: Alan Calder, Steve G Watkins

Expert guidance on planning and implementing a risk assessment and protecting your business information. In the knowledge economy, organisations have to be able to protect their information assets. Information security management has, therefore, become a critical corporate discipline. The international code of practice for an information securit... more »y management system (ISMS) is ISO27002. As the code of practice explains, information security management enables organisations to ensure business continuity, minimise business risk, and maximise return on investments and business opportunities . ISMS requirements The requirements for an ISMS are specified in ISO27001. Under ISO27001, a risk assessment has to be carried out before any controls can be selected and implemented, making risk assessment the core competence of information security management. This book provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001. International best practice Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software. Benefits to business include: * Stop the hacker. With a proper risk assessment, you can select appropriate controls to protect your organisation from hackers, worms and viruses, and other threats that could potentially cripple your business. * Achieve optimum ROI. Failure to invest sufficiently in information security controls is penny wise, pound foolish , since, for a relatively low outlay, it is possible to minimise your organisation s exposure to potentially devastating losses. However, having too many safeguards in place will make information security system expensive and bureaucratic; so without accurate planning your investment in information security controls can become unproductive. With the aid of a methodical risk assessment, you can select and implement your information security controls to ensure that your resources will be allocated to countering the major risks to your organisation. In this way, you will optimise your return on investment. * Build customer confidence. Protecting your information security is essential if you want to preserve the trust of your clients and to keep your business running smoothly from day to day. If you set up an ISMS in line with ISO27001, then, after an assessment, you can obtain certification. Buyers now tend to look for the assurance that can be derived from an accredited certification to ISO27001 and, increasingly, certification to ISO27001 is becoming a prerequisite in service specification procurement documents. * Comply with corporate governance codes. Information security is a vital aspect of enterprise risk management (ERM). An ERM framework is required by various corporate governance codes, such as the Turnbull Guidance contained within the UK s Combined Code on Corporate Governance, and the American Sarbanes-Oxley Act (SOX) of 2002, and standards such as ISO310000. As the authors point out, Just because a threat has not occurred yet does not mean that it never will .

ISBN-13: 9781849280433
ISBN-10: 1849280436
Publication Date: 4/21/2010
Pages: 198
Edition: Reprint
Rating:

0 stars, based on 0 rating

Publisher: IT Governance Ltd
Book Type: Paperback
Members Wishing: 0
Reviews: Amazon | Write a Review

Genres:

Back to the Top ↑

Search - Information Security Risk Management for ISO27001 / ISO27002

Loading...