Asia
Select regional store:

We're sorry but that page cannot be found

Please use the links above to find what you were looking for.

You may not have been able to visit your page because of:

   1. An out-of-date bookmark/favourite
   2. A search engine that has an out-of-date listing
   3. A mistyped address
   4. You have no access to this page
   5. The requested resource was not found.
   6. An error has occurred while processing your request.

Are you looking for:

An Introduction to Information Security and ISO 27001 (2013) A Pocket Guide, Second Edition

The ideal primer for anyone implementing an Information Security Management System (ISMS)

Written by an acknowledged expert on the new ISO27001 Standard, An Introduction to Information Security and ISO27001:2013 is the ideal resource for anyone wanting a clear, concise, and easy-to-read primer on information security. It will ensure the systems you put in place are effective, reliable, and auditable.

This pocket guide will help you to:

  • Make informed decisions
    Using this guide will enable the key people in your organization to make better decisions before embarking on an information security project.
  • Ensure everyone is up to speed
    Use this guide to give the non-specialists on the project board and in the project team a clearer understanding of what the project involves.
  • Raise awareness among staff
    Use this guide to make sure your people know what is at stake with regard to information security and understand what is expected of them.
  • Enhance your competitiveness
    Use this guide to let your customers know that the information you hold about them is managed and protected appropriately.

Buy this pocket guide and learn how you can keep your information assets secure.

Contact us if you are looking for the ISO27001:2005 edition.

About the Author

Steve G. Watkins managed the world’s first successful BS7799 (the forerunner of ISO27001) implementation project and leads the consultancy and training services of IT Governance Ltd. He is Chair of the ISO/IEC 27001 User Group, the UK Chapter of the ISMS International User Group, and an ISMS Technical Assessor for UKAS, advising on their assessments of certification bodies offering accredited certification. He has over 20 years’ experience managing integrated management systems, including maintenance of Information Security, Quality, Environmental and Investor in People certifications. His experience includes senior management positions in both the public and private sectors.

             



To hear about new books and exclusive offers from IT Governance Publishing, sign up and select 'Books' from the New Products options.

An Introduction to PRINCE2 - Managing and Directing Successful Projects - 2009 Edition

There are two core PRINCE2® 2009 books:

An Introduction to PRINCE2®: Managing and Directing Successful Projects, 2009 edition provides a high-level introduction to the updated PRINCE2® method, and covers both the Managing and Directing PRINCE2® publications.

An Introduction to PRINCE2®: Managing and Directing Successful Projects, 2009 edition:

  • Introduces the principles, processes and key themes of PRINCE2®.
  • Gives practical examples of applying the PRINCE2® method in practice.
  • Details the Project Board’s duties and expected behaviours.
  • Explains how to tailor PRINCE2® to the project environment.
  • Provides appendices for project descriptions, a glossary of terms, and further information.

Click to expand full contents »

1. Introduction







1.1 Purpose of this guide







1.2 Where do projects fit in?







1.3 What is a project?







1.4 What is project management?







1.5 What is PRINCE2?







1.6 PRINCE2 in context







1.7 Structure of this guide







1.8 Related OGC guidance







2. The PRINCE2 principles







2.1 Continued business justification







2.2 Learn from experience







2.3 Defined roles and responsibilities







2.4 Manage by stages







2.5 Manage by exception







2.6 Focus on products







2.7 Tailor to suit the project environment







3. Themes







3.1 Business Case







3.2 Organization







3.3 Quality







3.4 Plans







3.5 Risk







3.6 Change







3.7 Progress







4. Processes







4.1 The PRINCE2 journey







4.2 Starting up a Project







4.3 Initiating a Project







4.4 Controlling a Stage/Managing Product Delivery







4.5 Managing a Stage Boundary







4.6 Closing a Project







5. Project Board duties and behaviours







5.1 The role of senior management in PRINCE2







5.2 Be accountable for the project







5.3 Provide unified direction







5.4 Delegate effectively







5.5 Facilitate cross-functional integration







5.6 Commit resources







5.7 Ensure effective decision making







5.8 Support the Project Manager







5.9 Ensure effective communication







6. Tailoring PRINCE2 to the project environment







6.1 Tailoring PRINCE2 for projects in a programme environment







6.2 Tailoring PRINCE2 according to project scale







Appendix A: Product Description outlines







A.1 Benefits Review Plan







A.2 Business Case







A.3 Checkpoint Report







A.8 End Project Report







A.9 End Stage Report







A.10 Exception Report







A.11 Highlight Report







A.13 Issue Report







A.15 Lessons Report







A.16 Plan







A.17 Product Description







A.19 Project Brief







A.20 Project Initiation Documentation







A.21 Project Product Description







A.26 Work Package







Further information







Glossary







Index

Please note

We also offer The Official PRINCE2®:2009 Book Bundle, which enables you to purchase the core official PRINCE2®:2009 books together at a reduced price.

Assessing Information Security - Strategies, Tactics, Logic and Framework, 2nd Edition

Build a strategic response to cyber attacks

The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organizations need to develop a view of cybersecurity that goes beyond technology: all staff in the organization have a role to play, and it is the senior managers who must ensure, like generals marshaling their forces, that all staff know the cybersecurity policies that explain what to do when under attack.

Cybercrime… cyber war?

With this in mind, the authors have drawn on the work of Clausewitz and Sun Tzu and applied it to the understanding of information security that they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.

Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.

Product overview »

  1. Information Security Auditing and Strategy
  2. Security Auditing, Governance, Policies, and Compliance
  3. Security Assessments Classification
  4. Advanced Pre-Assessment Planning
  5. Security Audit Strategies and Tactics
  6. Synthetic Evaluation of Risks
  7. Presenting the Outcome and Follow-Up Acts
  8. Reviewing Security Assessment Failures and Auditor Management Strategies

 

Additional information

Click here to view a sample of the book >>

 

Understand today’s threat landscape and how you can put best practice in place to protect your organization—buy this book today.



About the Authors

Dr. Andrew Vladimirov is a security researcher. His fields of expertise include network security and applied cryptography, and he has extensive experience of performing information security assessments. He and his fellow authors are the founders of Arhont Ltd, a leading information security consultancy.

Konstantin Gavrilenko has over 15 years of experience in IT and security. As a researcher, information security is his specialty, and he has a particular interest in wireless security. He holds a BSc in management science from De Montfort University and an MSc in management from Lancaster University.

Andriej Michajlowski is an expert on network security. His research interests include user and device authentication mechanisms and wireless networking security. He has extensive experience carrying out internal and external information security assessments. He is a graduate of the University of Kent at Canterbury and he holds an MBA.

BS 10012:2017 +A1 2018 - Specification for a personal information management system (PIMS)

Data protection compliance with BS 10012:2017 +A1 2018

The BS 10012:2017 +A1 2018 specification provides a framework to manage the risks to the privacy of personal data and implement the necessary policies, procedures and controls to help ensure compliance with the GDPR. It is designed to follow the plan-do-check-act cycle (PDCA) to ensure continual improvement.

View table of contents >>

The benefits of a BS 10012:2017 +A1 2018 personal information management system

  • Identify risks to personal information and put controls in place to mitigate them
  • Use as part of a privacy compliance framework to demonstrate compliance with the GDPR
  • Gain stakeholder and customer trust that their personal data is protected
  • Safeguard your organisation’s reputation and avoid adverse publicity
  • Benchmark your personal information management practices against recognised best practice
ISO/IEC 27002 2013 (ISO27002 ISO 27002) Code of Practice for InfoSec Controls

ISO/IEC 27002:2013 Information Technology – Security Techniques - Code of Practice for Information Security Controls

ISO27002:2013 is the international Standard which supports the implementation of an Information Security Management System (ISMS) based on the requirements of ISO/IEC 27001:2013. It establishes the guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organisation.

Buy this Standard with its accompanying Standard, ISO/IEC 27001:2013, together in one package here.

What are the differences between 2005 and 2013 editions of ISO/IEC 27002?

ISO/IEC 27002:2013 has been updated to reflect the many changes which have taken effect in ISO/IEC27001, and is fully aligned to the new 2013 version of ISO27001.

For example:

  • The number of controls in ISO/IEC 27002 has been changed to match the number in ISO/IEC 27001, and ISO27002 now specifies 35 control objectives, each of which is supported by at least one control, giving a total number of 114.
  • As the structure of Annex A in ISO27001 has been updated, so ISO27002 has been updated to reflect the new structure.
  • The terminology used in the standard has been revised to be aligned with that in ISO27001.

Click to expand updated outline for ISO27002 »

Introduction

1. Scope

2. Normative references

3. Terms and definitions

4. Structure of this standard - Clauses and Control categories

5. Information security policies - Management direction for information security

6. Organization of information security - Internal organization and Mobile devices and teleworking

7. Human resource security - Prior to employment, During employment, Termination and change of employment

8. Asset management - Responsibility for assets, Information classification and Media handling

9. Access control - Business requirements of access control, User access management, User responsibilities and System and application access control

10. Cryptography - Cryptographic controls

11. Physical and environmental security - Secure areas and Equipment

12. Operations security - Operational procedures and responsibilities, Production from malware, Backup, Logging and monitoring, Control of operational software, Technical vulnerability management and Information systems audit coordination

13. Communication security - Network security management and Information transfer

14. System acquisition, development and maintenance - Security requirements of information systems, Security in development and support processes and Test data

15. Supplier relationships - Information security in supplier relationships and Supplier service delivery management

16. Information security incident management - Management of information security incidents and improvements

17. Information security aspects of business continuity management - Information security continuity and Redundancies

18. Compliance – compliance with legal and contractual requirements and Information security reviews

Please note: We supply the interchangeable British and international adoptions of ISO27002, which all contain exactly the same content.

 

Corrigenda

Please note that two Technical Corrigenda have been issued since ISO/IEC 27002:2013 was published. These can be downloaded free of charge direct from ISO via the following links:

Technical Corrigendum 1 (ISO/IEC 27002:2013/Cor.1:2014) >>

Technical Corrigendum 2 (ISO/IEC 27002:2013/Cor.2:2015) >>

This website uses cookies. View our cookie policy
Loading...