Written by an acknowledged expert on the ISO/IEC 27001 Standard, ISO 27001:2022 — An Introduction to information security and the ISMS standard is an ideal primer for anyone implementing an information security management system aligned to ISO 27001:2022.
The guide is a must-have resource giving a clear, concise and easy-to-read introduction to information security, providing guidance to ensure the management systems you put in place are effective, reliable and auditable.
This pocket guide will help you to:
Make informed decisions
Using this guide will enable the key employees in your organisation to make better decisions before embarking on an information security project.
Ensure everyone is up to speed
This guide will give the non-specialists on the project board and in the project team a clearer understanding of what an information security management system involves, reflecting the ISO 27001:2022 version of the Standard.
Raise awareness among staff
Ensure that your staff know what is at stake with regard to information security and understand what is expected of them with this pocket guide.
Enhance your competitiveness
Use this guide to begin your ISO 27001:2022 implementation journey and let your customers know that the information you hold about them is managed and protected appropriately.
Get up to speed with the ISO 27001:2022 updates and keep your information secure
About the author:
Steve is a Director of Kinsnall Consulting Ltd, providing board-level advice on cyber security and related standards.
Steve is an active member of SC 27, the international committee responsible for cyber security, information security and privacy protection standards, including the ISO 27001 family. He Chairs the UK national committee (IST 33) that mirrors SC 27 and is the Chair of the UK ISO/IEC 27001 User Group.
He is also a contracted ISMS and ITSMS Technical Assessor for UKAS, supporting the assessment of certification bodies offering accredited certification to ISO/IEC 27001 and ISO/IEC 20000–1.
TOC:
Introduction
Chapter 1: Information security — What’s that?
Chapter 2: It’s not IT
Chapter 3: ISO 27001 and the management system requirements
Chapter 4: Legal, regulatory and contractual requirements and business risk
Chapter 5: Information security controls
Chapter 6: Certification
Chapter 7: Signposting
Further reading