IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002 - Softcover

About the Authors

Alan Calder is a founder-director of IT Governance Ltd, which provides IT governance and information security services through its website www.itgovernance.co.uk. He is the author of Corporate Governance, IT Governance and International IT Governance, all published by Kogan Page.

Steve Watkins is Corporate Services Manager of HMCPSI and was Head of Quality and Operations at Focus Central London and was, before that, Quality Manager at Business Link. Alan Calder and Steve Watkins were responsible for one of the first companies (BLLCP) to achieve BS 7799 registration when the standard was first promulgated in 1996. They have aided other organisations since then to implement effective information security management systems, and have been involved in the development of both the accredited certification scheme and related training standards.

Steve Watkins is also director at IT Governance, Chair of the ISO/IEC 27001 User Group - the UK Chapter of the ISMS International User Group - and contracted Technical Assessor for UKAS, assessing certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He sits on the UK national standards body's technical committees RM/1 (risk management), IST/33 (information technology - security techniques) and sub-committee IST/33/1 (information security management systems), and is Chair of IST/33/1 Panel 2 (certification and audits), which is responsible for the UK's contributions to standards including ISO 27006, 27007, 27008 and 27021.

From the Inside Flap

The development of IT governance which recognizes the convergence between business and IT management makes it essential for managers at all levels and in organizations of all sizes to understand how best to deal with information security risks. In addition, the Turnbull guidance on company risk management (together with laws and regulations throughout the OECD) provides company directors with a legal responsibility to act on computer and information security.

This new edition of a unique handbook is fully updated for the latest regulatory and technological developments. Containing the 2005 revisions to BS7799 and ISO17799, it guides business managers through the issues involved in achieving ISO certification in Information Security Management and covers all aspects of data security.He is a member of the DNV Certification Services Certification Committee, which certifies compliance with international standards including BS7799. Steve Watkins is Head of Corporate Services at HMCPSI and was Head of Operations and Quality at Focus. He was previously Quality Manager at Business Link.

Excerpt. © Reprinted by permission. All rights reserved.

Why is information security necessary? The Combined Code and the Turnbull Report. BS7799. Information security management. Information security policy and scope. The risk assessment and statement applicability. Security of third party access and outsourcing. Asset classification and control. Personnel security. Physical and environmental security. Equipment security. General security controls. Communications and operations management. Controls against malicious software. Housekeeping, network management and media handling. Exchanges of information and software. E-mail and Internet use. Access control. Network access control. Operating system access control. Application access control. Mobile computing and teleworking. Systems development and maintenance. Cryptographic controls. Security in development and support process. Business continuity management. Compliance. The BS7799 audit.