You are previewing The Case for ISO 27001.
O'Reilly logo
The Case for ISO 27001

Book Description

You have a responsibility to safeguard the information you hold on behalf of your customers. Adopting the ISO 27001 standard will protect the reputation of your company and safeguard its achievements.

Table of Contents

  1. Copyright
  2. About the author
  3. Acknowledgement
  4. Introduction
  5. 1. Information Economy, Intellectual Capital
    1. Executive summary
    2. The information economy
    3. Intellectual capital
    4. ISO 27001
  6. 2. Information, It and Competitiveness
    1. Executive summary
    2. Academic research
    3. Competitive environment
    4. ISO 27001
  7. 3. Information Threats
    1. Executive summary
      1. Threats
    2. Attack categories
    3. ISO 27001
  8. 4. Insecurity Impacts
    1. Executive summary
    2. Types of impact
    3. ISO 27001
  9. 5. ‘Traditional’ Threats
    1. Executive summary
    2. Viruses and hackers
    3. Spam
    4. Commercial espionage
    5. Insider threats
      1. Fraud
      2. Staff
      3. Systems failures
    6. ISO 27001
  10. 6. Information Risk in Large Organizations
    1. Executive summary
      1. Threats to larger organizations
      2. Vulnerabilities in larger organizations
      3. Impacts on larger organizations
    2. Data protection and privacy regulation in larger organizations
    3. ISO 27001
  11. 7. Organized Crime
    1. Executive summary
    2. Impacts of organized crime
    3. ISO 27001
  12. 8. Terrorism
    1. Executive summary
    2. Cyber-capabilities
    3. ISO 27001
  13. 9. Evolving Threat Environment
    1. Executive summary
    2. Key trends
    3. ISO 27001
  14. 10. Regulatory Compliance
    1. Executive Summary
    2. The Regulatory Conundrum
    3. ISO 27001
  15. 11. Data Protection and Privacy
    1. Executive summary
    2. Privacy and Data Protection
      1. OECD Guidelines
      2. EU Regulation
      3. UK Regulation
        1. Data Protection Act 1998 (the “DPA”)
      4. US Regulation
        1. The Safe Harbor framework
        2. The Gramm-Leach-Bliley Act (‘GLBA’)
        3. The Fair Credit Reporting Act (‘FRCA’)
        4. The Health Insurance Portability and Accountability Act (‘HIPAA’)
        5. The Californian Senate Bill 1386 of 2003
        6. The California Online Privacy Protection Act of 2004 (‘OPPA’)
      5. APEC regulation
    3. ISO 27001
  16. 12. Anti-Spam Legislation
    1. Executive summary
    2. Regulation of electronic marketing
      1. UK Privacy and Electronic Communications Regulations 2003
      2. US CAN-SPAM Act
    3. ISO27001
  17. 13. Computer Misuse Legislation
    1. Executive summary
    2. Convention on cybercrime
      1. Computer Misuse Act 1990 (‘CMA’)
    3. ISO 27001
  18. 14. Human Rights
    1. Executive summary
      1. The UK’s Human Rights Act 1998 (‘HRA’)
      2. Regulation of Investigatory Powers Act 2000 (‘RIPA’)
      3. Code of Practice
    2. ISO 27001
  19. 15. Record Retention and Destruction
    1. Executive summary
    2. Records
    3. ISO 27001
  20. 16. Information Security Governance
    1. Executive summary
    2. What is ‘information security’?
    3. Information security is a board responsibility
    4. Governance and risk management
      1. Corporate governance codes
    5. Information risk
      1. Governance failure
  21. 17. Benefits of an ISO 27001 ISMS
    1. Executive summary
    2. Structured Information Security Management System
    3. Benefits of a structured Information Security Management System
    4. Benefits of external certification (‘registration’) to ISO 27001
  22. 18. ISO 27001 in the Public Sector
    1. Executive summary
    2. UK Public sector organizations
    3. Freedom of Information legislation
    4. Board issues in the public sector
  23. 19. Is ISO 27001 for You?
    1. Executive summary
    2. Do you have information that you rely on or which needs to be kept confidential?
    3. Do you collect personal information (eg from customers or employees)?
    4. Does your business rely on information technology for its daily activities?
    5. Do your customers, suppliers or partners need confidence in your information handling and privacy protection measures?
    6. Can you afford reputation damage, commercial and punitive losses, business interruption and loss or corruption of confidential information?
    7. Is ISO 27001 the answer?
  24. 20. How do you go About ISO 27001?
    1. Preparation
    2. Initial planning
    3. Implementation
  25. 21. Selection of a Certification Body
  26. ISO 27001 – Past, Present and Future
    1. ISO/IEC 17799
    2. Links to other standards and regulatory frameworks
    3. 2005 versions of the standards
  27. Useful websites
    1. ISO 27001 certification organizations
    2. Governance
    3. Information security