Expert guidance essential for everyone involved in a Windows-based ISO 27001 project.
“Anyone who will be using ISO 27001 in a Windows® environment and wants to make its implementation easier should certainly have this reference at their side.”
Most ISO 27001 implementations will involve a Windows environment at some level. Unfortunately, there is often a knowledge gap between those trying to implement ISO 27001 and the IT specialists trying to put the necessary best-practice controls in place using Microsoft®’s technical controls. ISO27001 in a Windows® Environment bridges that gap and gives essential guidance to everyone involved in a Windows-based ISO 27001 project.
The third edition of ISO27001 in a Windows® Environment covers Windows 8 and Microsoft Windows Server 2012. It is also completely aligned to ISO 27001:2013, the latest version of the international standard for information security management.
This book will help you:
Learn about the various controls required under ISO 27001, together with the relevant Microsoft products that can be used to implement them;
Understand how to make the most of Windows security features; and
Bridge the knowledge gap between ISO 27001 and Windows security.
Information and Information Security
Using an ISMS to Counter the Threats
An Introduction to ISO 27001
Identify your Information Assets
Conducting a Risk Assessment
An Overview of Microsoft Technologies
Implementing ISO 27001 in a Microsoft environment
Securing the Windows® environment
Securing the Microsoft® Windows Server® platform
Auditing and Monitoring
Securing your Servers
Appendix 1: Overview of security settings for Windows Server® 2008 and 2012 servers and domain controllers
Appendix 2: Bibliography, Reference and Further Reading
Brian Honan is a recognised industry expert on information security, in particular the ISO 27001 information security standard. An independent consultant, Brian provides consulting services to clients in various industry segments and his work includes advising various government security agencies and the European Commission. Brian also established Ireland’s first ever Computer Security Incident Response Team.