ISBN 9780749452605,International IT Governance: An Executive Guide to ISO 17799/ISO 27001

International IT Governance: An Executive Guide to ISO 17799/ISO 27001



Kogan Page Limited

Publication Year 2008

ISBN 9780749452605

ISBN-10 0749452609


Number of Pages 384 Pages
Language (English)

Corporate governance & responsibilities

International IT Governance is the definitive guide to new legislation and practice for information security professionals and executives with an interest in business, regulatory compliance and IT management. Exploring the use of ISO/IEC 27001, the single global standard for information security best practice, this book is a key resource for forward-looking executives and managers in organizations of all sizes, and charts critical issues in today's information economy.

Key Features
The development of IT governance;
New regulation and its implications for business;
The intellectual capital value of the "information economy" and its impact on commercial viability and profitability;
Global threats and vulnerabilities for networked organizations;
Project-managing a successful ISO 27001 implementation.

Access to down loadable templates from a dedicated website is also provided. International IT Governance is essential reading in understanding how best to deal with information security risks.

About The Author
Alan Calder is a founder-director of IT Governance Ltd, which provides IT governance and information security services through its website He is a member of the DNV Certification Services Certification Committee, which certifies compliance with international standards including ISO 27001.

Steve Watkins is Head of Corporate Services at HMCPSI and was Head of Operations and Quality at Focus. He was previously Quality Manager at Business Link.

Table of Contents
Why is information security necessary?
Sarbanes-Oxley and regulatory compliance
Information security standards
Organizing information security
Information security policy and scope
The risk assessment and Statement of Applicability
External parties
Asset management
Human resources security
Physical and environmental security
Equipment security
Communications and operations management
Controls against malicious software (malware) and back-ups
Network security management and media handling
Exchanges of information
Electronic commerce services
E-mail and Internet use
Access control
Network access control
Operating system access control
Application access control and teleworking
Systems acquisition, development and maintenance
Cryptographic controls
Security in development and support processes
Monitoring and information security incident management
Business continuity management
The ISO/IEC 27001 audit