Guide to the Implementation and Auditing of ISMS Controls Based on ISO/IEC 27001 - Couverture souple

This book provides guidance on the implementation of ISMS (Information Security Management Systems) control requirements for auditing existing control implementations in order to help organizations preparing for certification in accordance with requirements specified in the new ISO/IEC 27001:2013 Information security management system (ISMS) - Requirements. It includes the definitive requirements that auditors must address when certifying organizations to the 2nd edition of ISO/IEC 27001:2013 and provides guidance on the implementation, checking and auditing of the controls. The guide discusses each of the controls of the standard from two different viewpoints: Implementation - This describes what to consider in order to fulfil the control requirements when implementing the controls from the standard. This guidance is aligned with the standard, which gives advice on the implementation of the controls. Auditing - This focuses on what to check when examining the implementation of the standard controls to ensure that the implementation covers the essential ISMS control requirements. Get the information you need to be fully updated in line with the revised standard and includes new references and definitions. It is applicable to organizations of any size, government departments and agencies, certification and accreditation bodies, training organizations, academic institutions, implementers, auditors, consultants, trainers and lecturers.

Edward Humphreys (Chartered Fellow of the BCS - FBCS CITP, CISM) is Director of XiSEC Consultants Ltd, a UK company providing Information Security Management consultancy services around the world. He has been an expert in the field of information security and risk management for more than 35 years. During this time he has worked for major international companies (in Europe, North America and Asia), as well organisations such as the European Commission and the OECD. He is the editor of BS 7799 Part 1:1999, ISO/IEC 17799:2000, the 1999 and 2002 editions of BS 7799 Part 2 the ISMS standard and the EA 7/03 the ISMS accreditation guidelines. He is the Founder and Director of the ISMS International User Group and is responsible for the International Register of BS 7799/ISMS Certificates. In 2002 he was honoured with the Secure Computing Lifetime Achievement Award.