Information Security Risk Management for ISO27001/ISO27002

Alan Calder · Steve G. Watkins

2010年4月 · IT Governance Ltd

電子書

187

頁

符合資格

關於本電子書

Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

關於作者

Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ).He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets. Steve G Watkins is a Director of Kinsnall Consulting Ltd, providing board-level advice on cyber security and related standards.Steve is an active member of SC 27, the international committee responsible for cyber security, information security and privacy protection standards, including the ISO 27001 family. He chairs the UK national committee (IST 33) that mirrors SC 27, and is the Chair of the UK ISO/IEC 27001 User Group.He is also a contracted ISMS and ITSMS Technical Assessor for UKAS, supporting the assessment of certification bodies offering accredited certification to ISO/IEC 27001 and ISO/IEC 20000-1.