Implementing the ISO/IEC 27001 Information Security Management System Standard, Third Edition

Implementing the ISO/IEC 27001 Information Security Management System Standard, Third Edition is the definitive guide to ISO/IEC 27001, fully updated to align with the 2022 revisions and related ISO/IEC 27000 ISMS standards. This comprehensive resource offers clear, concise guidance for implementing, managing, and certifying an Information Security Management System (ISMS).

This edition incorporates real-world case studies, expert insights, and best practices, serving as a vital reference for organizations of all sizes and industries. It provides practical strategies for implementing, certifying and improving ISMS, and addresses the evolving landscape of information security, governance and compliance. This resource covers risk management, regulatory requirements, leadership responsibilities, and operational security.

This book aligns information security with business objectives and explores emerging challenges such as supply chain security, cloud security, and evolving cyber threats, ensuring organizations remain resilient in an increasingly complex digital environment. With its clear explanations and guidance, this resource is invaluable for managers, CISOs, security risk managers, auditors, certifiers, trainers, regulatory bodies, educators, and anyone responsible for securing organizational data and systems.

Chapter 1 Information Security
1.1 Importance of being informed
1.2 Globally Connected
1.3 More Ado About Risks
1.4 Decoding the Secret of Information Security Management
1.5 Management and Awareness
1.6 Legislation, Regulation, and Governance
1.7 En Route to a Certified Business Environment

Chapter 2 ISO/IEC 27000 Series
2.1 ISO/IEC Standardization
2.2 Overview of the ISO/IEC 27001 Standard
2.3 Short History of ISO/IEC 27001
2.4 Overview of ISO/IEC 27001: 2022
2.5 Conformance to ISO/IEC 27001

Chapter 3 ISMS Business Case and Context
3.1 ISMS Business Case
3.2 Organizational Context
3.3 Needs and Expectations
3.4 ISMS Scope

Chapter 4 Managing the ISMS Risks
4.1 Importance of Risk and Opportunity
4.2 Risk Management Process
4.3 On-going Re-assessment of Risk

Chapter 5 ISMS Leadership and Support
5.1 Management Policy
5.2 Leadership
5.3 Roles and Responsibilities
5.4 Resources
5.5 Training and Awareness

Chapter 6 Measures to Modify the Risks
6.1 Determining the Controls
6.2 System of Controls
6.3 Control through Policies and Procedures
6.3.1 General
6.4 Example Control Sketches
6.5 Sector and Application Specific Controls
6.6 ISO/IEC 27001 Annex A

Chapter 7 ISMS Operations
7.1 Operational Planning, Management and Control
7.2 On-Going Risk Assessment
7.3 On-Going Risk Treatment
7.4 Example Sketches of Operational Threats
7.5 Example Sketches of Operational Processes
7.6 Incident Management Narrative
7.7 ISMS Availability and Business Continuity Narrative
7.8 ISMS Use Examples

Chapter 8 Performance Evaluation
8.1 Performance, Change and Improvement
8.2 Monitoring and Operational Reviews
8.3 ISMS Measurements Programme
8.4 On-Going Risk Management
8.5 ISMS Internal Audits
8.6 Management Reviews of the ISMS
8.7 Awareness And Communications

Chapter 9 Improvements to the ISMS
9.1 Continual Improvement
9.2 Conformance and Non-conformance
9.3 Making Improvements

Chapter 10 Accredited ISMS Certification
10.1 Overview
10.2 International Certification
10.3 Certification and Accreditation
10.4 Standards Involved
10.5 ISMS Audits

Chapter 11 Coda
11.1 The ISMS - a Living System
11.2 Processes Cycles and Sequences of Activity
11.3 ISMS the Business Enabler

References
About the Author
Index