Alan Calder is Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.. He led the world's first successful implementation of BS 7799 (now ISO 27001) and was involved in developing a wide range of information security management training courses, accredited by the International Board for IT Governance Qualifications (IBITGQ). Steve Watkins is Executive Director at GRC International Group plc, chair of the UK ISO/IEC 27001 User Group and contracted technical assessor for UKAS. He is a member of the international technical committee responsible for the ISO 27000 family of standards, and chairs the UK National Standards Body's technical committee IST/33 (information security, cyber security and privacy protection) that mirrors it.
Chapter
01: Why is information security necessary?; Chapter
02: The UK combined code, the FRC risk guidance and Sarbanes
Oxley; Chapter
03: ISO27001; Chapter
04: Organizing information security; Chapter
05: Information security policy and scope; Chapter
06: The risk assessment and Statement of Applicability; Chapter
07: Mobile devices; Chapter
08: Human resources security; Chapter
09: Asset management; Chapter
10: Media handling; Chapter
11: Access control; Chapter
12: User access management; Chapter
13: System and application access control; Chapter
14: Cryptography; Chapter
15: Physical and environmental security; Chapter
16: Equipment security; Chapter
17: Operations security; Chapter
18: Controls against malicious software (malware); Chapter
19: Communications management; Chapter
20: Exchanges of information; Chapter
21: System acquisition, development and maintenance; Chapter
22: Development and support processes; Chapter
23: Supplier relationships; Chapter
24: Monitoring and information security incident management; Chapter
25: Business and information security continuity management; Chapter
26: Compliance; Chapter
27: The ISO27001 audit
