Master the art of information security with Kris Hermans' definitive guide to the ISO27001 standard.
ISO27001, the international standard for information security management systems, is an essential tool for organizations aiming to mitigate information security risks. In "Mastering ISO27001", Kris Hermans, a leading expert in cybersecurity and resilience, provides a comprehensive guide to understanding, implementing, and auditing this crucial standard.
What's Inside:
- Introduction
- Understanding ISO 27001
- The Importance of Information Security
- ISO 27001: The Essentials
- Key Principles
- Information Security Management System (ISMS)
- The PDCA Model
- Starting Your ISO 27001 Journey
- Assessing Your Current Situation
- Building an ISO 27001 Implementation Team
- Developing an Implementation Roadmap
- Scope and Context of the ISMS
- Defining the Scope
- Understanding the Organizational Context
- Identifying Interested Parties and Their Requirements
- Information Security Policy
- Developing an Information Security Policy
- Roles and Responsibilities
- Policy Review and Maintenance
- Risk Assessment and Treatment
- Risk Assessment Methodology
- Identifying Risks
- Risk Analysis and Evaluation
- Risk Treatment Options
- Risk Treatment Plan
- Statement of Applicability (SoA)
- Understanding the SoA
- Selecting and Justifying Controls
- Documenting the SoA
- Implementing the ISO 27001 Controls
- Overview of ISO 27001 Control Domains
- Implementing Controls Based on Risk Assessment
- Integrating Controls with Existing Processes
- Human Resources and Training
- Security Awareness and Training Programs
- Roles and Responsibilities
- Managing Employee Lifecycle Security
- Incident Management and Business Continuity
- Creating an Incident Response Plan
- Incident Reporting and Escalation
- Business Continuity Planning
- Legal, Regulatory, and Contractual Requirements
- Identifying Applicable Requirements
- Managing Compliance Obligations
- Integrating Legal Requirements into the ISMS
- Monitoring and Measurement
- Establishing Monitoring and Measurement Criteria
- Internal Audits
- Management Reviews
- Continuous Improvement
- Identifying Opportunities for Improvement
- Corrective and Preventive Actions
- Updating the ISMS
- Certification and Accreditation
- Selecting a Certification Body
- Preparing for the Audit
- Maintaining Certification
- Tools and Resources for ISO 27001 Implementation
- ISMS Software Solutions
- External ISO 27001 Consultants and Services
- ISO 27001 Templates and Checklists
- Conclusion
- Building a Security Culture
- Beyond ISO 27001: Other Security Standards and Frameworks
- The Future of Information Security
- Annex: Complete list of all ISO270001 Categories and Controls
- About the Author
About the author:
Kris Hermans is a renowned expert in information security and resilience with over two decades of experience. Known for his clear and pragmatic approach, Kris has been instrumental in guiding organizations towards ISO27001 certification. He shares his insights and expertise through consulting, lecturing, and writing.
Buy Now: Available in Hardcover, Paperback, and eBook formats.