You are previewing Nine Steps to Success: An ISO27001:2013 implementation overview.
O'Reilly logo
Nine Steps to Success: An ISO27001:2013 implementation overview

Book Description

In Nine Steps to Success – An ISO 27001 Implementation Overview, Alan provides a comprehensive overview of how to lead a successful ISO 27001-compliant ISMS implementation in just nine steps.

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Contents
  5. Introduction
    1. The ISO 27000 family
    2. Before you start
  6. Chapter 1: Project Mandate
    1. Strategic alignment
    2. Prioritisation and endorsement
    3. Change management
    4. The CEO’s role
    5. The Project Mandate
  7. Chapter 2: Project Initiation
    1. Objectives
    2. Project management
    3. Project leadership
    4. Senior management support
    5. Project team
    6. Project plan
    7. Structured approach to implementation
    8. Phased approach
    9. The project plan
    10. Integration with existing security management systems
    11. Quality system integration
    12. Looking ahead
    13. Costs and project monitoring
    14. Risk register
  8. Chapter 3: ISMS Initiation
    1. Continual improvement
    2. Security improvement plan
    3. Expanding the RACI matrix
    4. Documentation
    5. Four levels of documentation
    6. Documentation approaches
  9. Chapter 4: Management Framework
    1. Scoping
    2. Endpoint security
    3. Defining boundaries
    4. Network mapping
    5. Cutting corners
    6. Formalise key arrangements
    7. Information security policy
    8. Communication strategy
    9. Staff buy-in
  10. Chapter 5: Baseline Security Criteria
  11. Chapter 6: Risk Management
    1. Introduction to risk management
    2. Baseline security controls
    3. Risk assessment
    4. Five-step risk assessment process
    5. Risk workshop
    6. Impacts
    7. Controls
    8. Risk assessment tools
    9. Controls
    10. Nature of controls
    11. Control selection criteria
    12. Statement of applicability
    13. Risk treatment plan
  12. Chapter 7: Implementation
    1. Competencies
    2. The ‘all persons’ requirement
    3. Staff awareness
    4. Outsourced processes
  13. Chapter 8: Measure, Monitor and Review
    1. Internal audit, and testing
    2. Management review
  14. Chapter 9: Certification
  15. ISO 27001 Resources
    1. ISO 27001:2013 ISMS Documentation Toolkit
    2. vsRisk™
    3. (UK) IT Legal Compliance Database
    4. ISO 27001 staff awareness e-learning
    5. ISO27001 Do It Yourself packaged consultancy
    6. ISO 27001 Get A Little Help packaged consultancy
    7. ISO 27001 Get A Lot Of Help packaged consultancy
    8. ISO 27001 bespoke consultancy
    9. ISO 27001 Certified ISMS Lead Implementer Training Course
    10. ISO 27001 Certified ISMS Lead Auditor Training Course
    11. ISO 27005 Certified Risk Management Training Course
  16. ITG Resources