ISBN 9780749446505,I T Governance: A managerís guide to data security and BS 7799/ISO 17799

I T Governance: A managerís guide to data security and BS 7799/ISO 17799



Kogan Page Limited

Publication Year 2006

ISBN 9780749446505

ISBN-10 0749446501


Number of Pages 384 Pages
Language (English)

Corporate governance & responsibilities

The development of IT governance - which recognizes the convergence between business and IT management - makes it essential for managers at all levels and in organizations of all sizes to understand how best to deal with information security risks. In addition, the Turnbull guidance on company risk management (together with laws and regulations throughout the OECD) provides company directors with a legal responsibility to act on computer and information security.

This new edition of a unique handbook is fully updated for the latest regulatory and technological developments. Containing the 2005 revisions to BS7799 and ISO17799, it guides business managers through the issues involved in achieving ISO certification in Information Security Management and covers all aspects of data security.

Written by business managers for business managers, it is an essential resource to be used in organizations of all shapes and sizes, and particularly those with well-developed internal IT systems and those focussed on e-commerce.

About The Author
Alan Calder is a Director of IT Governance Ltd, which provides information security services through. He is a non-executive director of DNV Certification Services Ltd, a company that certifies compliance with international standards including BS 7799.

Steve Watkins is Corporate Services Manager of HMCPSI and was Head of Quality and Operations at Focus Central London and was, before that, Quality Manager at Business Link.

Table of Contents
Why is information security necessary?
The Combined Code and the Turnbull Report
Information security management
Information security policy and scope
The risk assessment and statement applicability
Security of third party access and outsourcing
Asset classification and control
Personnel security
Physical and environmental security
Equipment security
General security controls
Communications and operations management
Controls against malicious software
Housekeeping, network management and media handling
Exchanges of information and software
E-mail and Internet use
Access control
Network access control
Operating system access control
Application access control
Mobile computing and teleworking
Systems development and maintenance
Cryptographic controls
Security in development and support process
Business continuity management
The BS7799 audit.