{"product_id":"international-it-governance-an-executive-guide-to-iso-17799iso-27001-0749447486","title":"International IT Governance: An Executive Guide to ISO 17799\/ISO 27001","description":"\u003cp\u003e\u003cstrong\u003eISBN:\u003c\/strong\u003e 0749447486\u003c\/p\u003e\u003cp\u003e\u003cstrong\u003eAuthor:\u003c\/strong\u003e Calder, Alan\u003c\/p\u003e\u003cp\u003e\u003cstrong\u003eCondition:\u003c\/strong\u003e New\u003c\/p\u003e\u003cp\u003eProduct Description The development of IT Governance, which recognizes the convergence between business and IT management, makes it essential for managers at all levels and in organizations of all sizes to understand how best to deal with information security risks. International IT Governance explores new legislation, including the launch of ISO\/IEC 27001, which makes a single, global standard of information security best practice available. About the Author Alan Calder is a founder-director of IT Governance Ltd, which provides IT governance and information security services through its website www.itgovernance.co.uk. He is the author of Corporate Governance, IT Governance and International ITGovernance, all published by Kogan Page. Excerpt.  Reprinted by permission. All rights reserved. Introduction The information economy What is IT governance? Information security 1. Why is information security necessary? Nature of information security threats Prevalence of information security threats Impacts of information security threats Cybercrime Cyberwar Future risks Legislation Benefits of an information security management system 2. Sarbanes-Oxley and regulatory compliance Sarbanes-Oxley Enterprise risk management Regulatory compliance IT governance 3. Information security standards Benefits of certification History of ISO\/IEC 27 1 and ISO\/IEC 17799 Use of the standard ISO\/IEC 17799 PDCA and process approach Structured approach to implementation Quality system integration Documentation Continual improvement and metrics 4. Organizing information security Internal organization Management review Information security manager The cross-functional management forum ISO\/IEC 27 1 project group Approval process for information processing facilities Product selection and the Common Criteria Specialist information security advice Contact with authorities and with special interest groups Independent review of information security Summary 5. Information security policy and scope Information security policy A policy statement Costs and monitoring progress 6. The risk assessment and statement of applicability Establishing security requirements Risks, impacts and risk management Selection of controls and statement of applicability Gap analysis Risk assessment tools Risk treatment plan 7. External parties Identification of risks related to external parties Types of access Reasons for access Outsourcing On-site contractors Addressing security when dealing with customers Addressing security in third party agreements 8. Asset management Asset owners Inventory Acceptable use of assets Information classification The US government classification system Unified classification markings Information labeling and handling Non-disclosure agreements and trusted partners 9. Human resources security Job descriptions and competence requirements Screening Terms and conditions of employment During employment Disciplinary process Termination or change of employment 10. Physical and environmental security Secure areas Public access, delivery and loading areas 11. Equipment security Equipment siting and protection Supporting utilities Cabling security Equipment maintenance Security of equipment off-premises Secure disposal or reuse of equipment Removal of property 12. Communications and operations management Documented operating procedures Change management Segregation of duties Separation of development, test and operational facilities Third party service delivery management Monitoring and review of third party services Managing changes to third party services System planning and acceptance 13. Controls against malicious software (malware) and back-ups Viruses, worms and Trojans Anti-malware software Hoax messages Anti-malware controls Airborne viruses Controls against mobile code Back-up 14. Network security management and media handling Network management Media handling 15. Exchanges of information Information exchange policies and procedur\u003c\/p\u003e","brand":"Mia Karts","offers":[{"title":"Default Title","offer_id":51959473766688,"sku":"NEW0749447486","price":202.32,"currency_code":"USD","in_stock":false}],"url":"https:\/\/miakarts.com\/products\/international-it-governance-an-executive-guide-to-iso-17799iso-27001-0749447486","provider":"Miakarts Books","version":"1.0","type":"link"}