Information is one of your organisation's most important resources. Keeping that information secure is therefore vital to your business. This handy pocket guide is an essential overview of two key information security standards that cover the formal requirements (ISO27001:2013) for creating an Information Security Management System (ISMS), and the best-practice recommendations (ISO27002:2013) for those responsible for initiating, implementing or maintaining it. Alan Calder is the Founder and Executive Chairman of IT Governance Ltd, an information, advice and consultancy firm that helps company boards tackle IT governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors.  

1: The ISO/IEC 27000 Family of Information Security Standards

2: Background to the Standards

3: Specification vs Code of Practice

4: Certification Process

5: The ISMS and ISO27001

6: Overview of ISO/IEC 27001:2013

7: Overview of ISO/IEC 27002:2013

8: Documentation and Records

9: Management Responsibility

10: Process Approach and the PDCA Cycle

11: Context, Policy and Scope

12: Risk Assessment

13: The Statement of Applicability

14: Implementation

15: Check and Act

16: Management Review

17: ISO27001 Annex A

Published by: IT Governance Publishing Ltd