O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Nine Steps to Success: North American edition - An ISO 27001 Implementation Overview

Book Description

Step-by-step guidance on a successful ISO 27001 implementation from an industry leader

Resilience to cyber attacks requires an organization to defend itself across all of its attack surface: people, processes, and technology. ISO 27001 is the international standard that sets out the requirements of an information security management system (ISMS) – a holistic approach to information security that encompasses people, processes, and technology.

Accredited certification to the Standard is recognized worldwide as the hallmark of best-practice information security management.

Achieving and maintaining accredited certification to ISO 27001 can be complicated, especially for those who are new to the Standard.

Author of Nine Steps to Success – An ISO 27001 Implementation Overview, Alan Calder is the founder and executive chairman of IT Governance. He led the world’s first implementation of a management system certified to BS 7799, the forerunner to ISO 27001, and has been working with the Standard ever since.

Hundreds of organizations around the world have achieved accredited certification to ISO 27001 with IT Governance’s guidance, which is distilled in this book.

Successfully implement ISO 27001 with this must-have guide
Aligned with the latest iteration of ISO 27001:2013, the North American edition of Nine Steps to Success – An ISO 27001 Implementation Overview is ideal for anyone tackling ISO 27001 for the first time. In nine critical steps, the guide covers each element of the ISO 27001 project in simple, non-technical language. There is a special focus on how US organizations can tackle this governance.

This book offers guidance throughout implementation:
  • Getting management support and keeping the board’s attention.
  • Creating a management framework and performing a gap analysis so that you can clearly understand the controls you already have in place, and identify where you need to focus.
  • Structuring and resourcing your project, including advice on whether to use a consultant or do it yourself, and examining the tools and resources that will make your job easier.
  • Conducting a five-step risk assessment, and creating a Statement of Applicability (SoA) and risk treatment plan (RTP).
  • Guidance on integrating your ISO 27001 ISMS with an ISO 9001 quality management system (QMS) and other management systems.
  • Addressing the documentation challenges you’ll face as you create business policies, procedures, work instructions, and records – including viable alternatives to a costly trial-and-error approach.
  • Continual improvement of your ISMS, including internal auditing and testing, and management review.
  • The six secrets to certification success.
If you’re tackling ISO 27001 for the first time, Nine Steps to Success – An ISO 27001 Implementation Overview will give you the guidance you need to understand the Standard’s requirements and ensure your implementation project is a success – from inception to certification.

About the author
Alan Calder, the founder and executive chairman of IT Governance Ltd, is an internationally acknowledged cybersecurity expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the UK Open University’s postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). Alan has consulted on data security for numerous clients all over the world, and is a regular media commentator and speaker.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. About the Author
  5. Contents
  6. Introduction
    1. Impact of cyber breaches
    2. Impact of regulation
    3. ISO/IEC 27001
    4. The ISO 27000 family
    5. Before you start
  7. Chapter 1: Project Mandate
    1. Strategic alignment
    2. Prioritization and endorsement
    3. Change management
    4. The CEO’s role
    5. The project mandate
  8. Chapter 2: Project Initiation
    1. Objectives
    2. Project management
    3. Project leadership
    4. Senior management support
    5. Project team
    6. Project plan
    7. Structured approach to implementation
    8. Phased approach
    9. The project plan
    10. Integration with existing security management systems
    11. Quality system integration
    12. Looking ahead
    13. Costs and project monitoring
    14. Risk register
  9. Chapter 3: ISMS Initiation
    1. Continual improvement
    2. Security improvement plan
    3. Expanding the RACI matrix
    4. Documentation
    5. Four levels of documentation
    6. Documentation approaches
  10. Chapter 4: Management Framework
    1. Scoping
    2. Endpoint security
    3. Defining boundaries
    4. Network mapping
    5. Cutting corners
    6. Formalize key arrangements
    7. Information security policy
    8. Communication strategy
    9. Staff buy-in
  11. Chapter 5: Baseline Security Criteria
  12. Chapter 6: Risk Management
    1. Introduction to risk management
    2. Baseline security controls
    3. Risk assessment
    4. Five-step risk assessment process
    5. Risk workshop
    6. Impacts
    7. Controls
    8. Risk assessment tools
    9. Controls
    10. Nature of controls
    11. Control selection criteria
    12. Statement of applicability
    13. Risk treatment plan
  13. Chapter 7: Implementation
    1. Competencies
    2. The ‘all persons’ requirement
    3. Staff awareness
    4. Outsourced processes
  14. Chapter 8: Measure, Monitor, and Review
    1. Internal audit and testing
    2. Management review
  15. Chapter 9: Certification
  16. ISO 27001 Resources
    1. ISO 27001 Cybersecurity Documentation Toolkit
    2. vsRisk™
    3. ISO 27001 Staff Awareness eLearning
    4. ISO 27001 DIY Packages
    5. ISO 27001 Certified Foundation Online Training Course
    6. ISO 27001 Certified ISMS Lead Implementer Online Training Course
    7. ISO 27001 Certified ISMS Lead Auditor Online Training Course
    8. ISO 27001 Custom Consultancy
  17. ITG Resources