Bøger af Alan Calder

Implement an effective and compliant information security management system using IT governance best practice.

Step-by-step guidance on a successful ISO 27001 implementation from an industry leaderResilience against cyber attacks requires an organization to defend itself across all of its attack surface: people, processes, and technology. ISO 27001 is the international standard that sets out the requirements of an information security management system (ISMS) – a holistic approach to information security that encompasses people, processes, and technology. Accredited certification to the Standard is recognized worldwide as the hallmark of best-practice information security management.Achieving and maintaining accredited certification to ISO 27001 can be complicated, especially for those who are new to the Standard.Alan Calder knows ISO 27001 inside out: the founder and executive chairman of IT Governance, he led the implementation of the management system that achieved the world’s first accredited certification to BS 7799 – the forerunner to ISO 27001 – and has been working with the Standard ever since. Hundreds of organizations around the world have achieved accredited certification to ISO 27001 with IT Governance’s guidance, which is distilled in this book.In Nine Steps to Success – An ISO 27001 Implementation Overview, Alan provides a comprehensive overview of how to lead an ISO 27001-compliant ISMS implementation in just nine steps.Product overviewAligned with the latest iteration of ISO 27001:2013, this third edition of the original, no-nonsense guide to successful ISO 27001 certification is ideal for anyone tackling ISO 27001 for the first time. In nine critical steps, the guide covers each element of the ISO 27001 project in simple, non-technical language. There is a special focus on how US organizations can tackle this governance.Aligned with the latest iteration of ISO 27001:2013, this book is ideal for anyone tackling ISO 27001 for the first time, and covers each element of the ISO 27001 project in simple, non-technical language, including:Getting management support and keeping the board’s attentionCreating a management framework and performing a gap analysis so that you can clearly understand the controls you already have in place, and identify where you need to focusStructuring and resourcing your project, including advice on whether to use a consultant or do it yourself, and examining the tools and resources that will make your job easierConducting a five-step risk assessment, and creating a Statement of Applicability (SoA) and risk treatment plan (RTP)Guidance on integrating your ISO 27001 ISMS with an ISO 9001 quality management system (QMS) and other management systemsAddressing the documentation challenges you’ll face as you create business policies, procedures, work instructions, and records – including viable alternatives to a costly trial-and-error approachContinual improvement of your ISMS, including internal auditing and testing, and management reviewThe six secrets to certification success.If you’re tackling ISO 27001 for the first time, Nine Steps to Success – An ISO 27001 Implementation Overview will give you the guidance you need to understand the Standard’s requirements and ensure your implementation project is a success – from inception to certification. 

Schritt-für-Schritt-Anleitung für eine erfolgreiche ISO 27001-ImplementierungIn sinnvoller, nicht technischer Sprache führt Sie dieser Leitfaden durch die wichtigsten Schritte eines ISO 27001-Projekts, um Ihnen den Erfolg desselben zu garantieren - von der Einführung bis hin zur Zertifizierung: Projektmandat Projektanbahnung Initiierung eines ISMS Management-Framework Grundlegende Sicherheitskriterien Risikomanagement Implementierung Maßnahme, Überwachung und Überprüfung ZertifizierungIn dieser dritten Auflage und ausgerichtet auf ISO 27001: 2013 eignet sich das Handbuch ideal für alle jene, die sich zum ersten Mal mit der Norm beschäftigen."Es ist als hätten Sie einen $ 300 / h-Berater an Ihrer Seite, wenn Sie die Aspekte der Gewinnung von Management-Unterstützung, Planung, Problembestimmung (Scoping), Kommunikation etc. betrachten."Thomas F. Witwicki Mit Hilfe dieses Buches erfahren Sie wie Sie: Unterstützung im Management und die Aufmerksamkeit des Vorstands erhalten; Erstellen Sie ein Management-Framework und eine Gap-Analyse, um klar zu verstehen, was Sie bereits unter Kontrolle haben und worauf ihre Bemühungen abzielen sollen; Strukturieren Sie Ihr Projekt und statten Sie es mit Ressourcen aus - einschließlich der Festlegung, ob Sie einen Berater verwenden werden oder die Tätigkeit selbst durchführen sowie der Überprüfung der vorhandenen Mittel und Ressourcen, die ihre Arbeit erleichtern werden; Führen Sie eine fünfstufige Risikobewertung durch und erstellen Sie eine Aussage zur Anwendbarkeit sowie einen Risikoplan; Integrieren Sie Ihr ISO 27001 ISMS mit einem ISO 9001 QMS und anderem Managementsystem; Adressieren Sie die Dokumentationsherausforderungen, denen Sie im Rahmen der Erstellung von Geschäftsgrundsätzen, Verfahren, Arbeitsanweisungen und Datensätzen begegnen - einschließlich realisierbarer Alternativen zum kostspieligen Trial- und Error Ansatz Kontinuierliche Verbesserung Ihres ISMS, einschließlich interner Prüfungen und Tests sowie Kontrollen durch das Management;Dieses Buch liefert Ihnen die nötige Anleitung zum Verständnis der Anforderungen der Norm und zur Gewährleistung, dass ihr Implementierungsprojekt ein Erfolg wird. Dabei werden sechs Geheimtipps für den Erfolg gegeben. BackgroundDie Erlangung und Aufrechterhaltung der akkreditierten Zertifizierung nach der internationalen Norm für Informationssicherheit-Management - ISO 27001 - kann ein kompliziertes Vorhaben darstellen, besonders dann, wenn die Norm für Sie noch neu ist.Autor Alan Calder kennt ISO 27001 in- und auswendig: der Gründer und Vorstandsvorsitzende von IT Governance, er leitete die erste Implementierung eines nach BS 7799 zertifizierten Managementsystems - dem Vorläufer der ISO 27001 - und arbeitet seither mit der Norm und seinen Nachfolgern zusammen.Hunderte Organisationen weltweit haben akkreditierte Zertifizierungen nach ISO 27001 mit der IT-Governance-Beratung erlangt- wie in diesem Buch zusammengefasst.Kaufen Sie dieses Buch heute und erlernen Sie die neun Schritte für eine erfolgreiche ISO 27001 ISMS Implementierung.

Cyber Security - Essential principles to secure your organisation takes you through the fundamentals of cyber security, the principles that underpin it, vulnerabilities and threats, and how to defend against attacks.

Understand the basics of business continuity and ISO 22301:2019 with this concise pocket guide, which will help you ensure your organisation can continue to operate in the event of a disruption.

This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF).Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack. The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.With this pocket guide you can:Adapt the CSF for organizations of any size to implementEstablish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practicesBreak down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity frameworkBy implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization's security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.

Information is the currency of the information age and in many cases is the most valuable asset possessed by an organisation. Information security management is the discipline that focuses on protecting and securing these assets against the threats of natural disasters, fraud and other criminal activity, user error and system failure. Effective information security can be defined as the ‘preservation of confidentiality, integrity and availability of information.’ This book describes the approach taken by many organisations to realise these objectives. It discusses how information security cannot be achieved through technological means alone, but should include factors such as the organisation’s approach to risk and pragmatic day-to-day business operations. This Management Guide provides an overview of the implementation of an Information Security Management System that conforms to the requirements of ISO/IEC 27001:2005 and which uses controls derived from ISO/IEC 17799:2005. It covers the following: CertificationRiskDocumentation and Project Management issuesProcess approach and the PDCA cyclePreparation for an Audit

This pocket guide is a primer for any OES (operators of essential services) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law.This guide outlines the requirements for operators of essential services based on the Cyber Assessment Framework established by the National Cyber Security Centre (NCSC), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance.This guide will help you:Understand how to comply with NIS Regulations, and avoid penalties associated with non-complianceUnravel the key definitions, authorities and points of contactLearn the benefits of a good Cyber Resilience planInterpret and ensure compliance with the Cyber Assessment FrameworkEstablish the NCSC's cyber security objectives, principles and indicators of good practiceYour essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

This pocket guide is a primer for any DSPs (digital service providers) that needs to comply with the NIS Regulations, and explores who they are, and why the NIS Regulations are different for them.An introduction to the new NIS Regulations 2018 that bring the EU's NIS Directive and Implementing Regulation into UK law. This guide outlines the key requirements, details exactly which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance.This guide will help you:Clarify how to identify if you are within the scope of the NIS RegulationsGain an insight into the NIS DirectiveUnravel the key definitions, authorities and points of contactUnderstand the benefits of a good cyber resilience planYour essential guide to understanding the NIS Regulations - buy this book today and get the help and guidance you need.

Use an IT Governance strategy to reduce riskAn Introduction for Directors and IT professionalsThe modern organisation is increasingly working within the context of corporate governance. The subject dictates their day-to-day and strategic activities, especially corporate information asset risk management and investment, and the ICT infrastructure within which those information assets are collected, manipulated, stored and deployed.But what is corporate governance, and why is it important to the IT professional? Why is IT governance important to the company director, and what do directors of companies - both quoted and unquoted - need to know?The Calder-Moir FrameworkThe book also explains how to integrate each standard and framework using The Calder-Moir Framework (download for free from www.itgovernance.co.uk/calder_moir.aspx), which was developed specifically to help organisations manage and govern their IT operations more effectively, and to coordinate the sometimes wide range of overlapping and competing frameworks and standards. It also specifically supports implementation of ISO/IEC 38500, the international standard for best practice IT governance.Practical IT Governance guidanceBoard executives and IT professionals can learn to maximise their use of the numerous IT management and IT governance frameworks and standards - particularly ISO/IEC 38500 - to best corporate and commercial advantage.Build an IT Governance FrameworkWithin a 'super framework', or 'meta -framework', you can integrate each of these standards and frameworks whilst making sure that each can deliver what it was designed to do. Developing an overarching framework will enable your organisation to design IT governance to meet your own needs.

Understand ISO 38500: the standard for the corporate governance of ITIn the 21st century, IT governance has become a much-discussed topic among IT professionals. An IT governance framework serves to close the gap between the importance of IT and the understanding of IT, helping to improve your organisation's competitive position.ISO/IEC 38500 is the international standard for the corporate governance of information and communication technology. The purpose of the standard is to create a framework to ensure that the board is appropriately involved, and it sets out guiding principles for governing bodies on how to ensure the effective, efficient and acceptable use of IT within their company.This useful pocket guide is an ideal introduction for those wanting to understand more about ISO 38500. It describes the scope, application and objectives of the Standard and outlines its six core principles. It covers: What is ISO/IEC 38500? The corporate governance context Scope, application and objectives Principles and model for good governance of it Implementing the six IT governance principles ISO/IEC 38500 and the IT steering committee Project governance Other IT governance standards and frameworks Integrated frameworksImplement an IT governance framework to improve your organisation's competitive position. Buy this pocket guide today!About the authorAlan Calder is a leading author on IT governance and information security issues. He is Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is a frequent media commentator on IT governance and information security issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.

An ideal introduction to PCI DSS v3.2.1All businesses that accept payment cards are prey for criminal hackers trying to steal financial information and commit identity fraud. The PCI DSS (Payment Card Industry Data Security Standard) exists to ensure that businesses process credit and debit card payments in a way that effectively protects cardholder data.All organisations that accept, store, transmit or process cardholder data must comply with the Standard; failure to do so can have serious consequences and expensive repercussions. These range from customer desertion and brand damage to significant financial penalties and operating restrictions imposed by their acquiring bank.Covering PCI DSS v3.2.1, this handy pocket guide provides all the information you need to consider as you approach the Standard. It is also an ideal training resource for those in your organisation involved with payment card processing. Topics include: An overview of PCI DSS v3.2.1 How to comply with the requirements of the Standard Maintaining compliance The PCI SAQ (self-assessment questionnaire) The PCI DSS and ISO 27001 Procedures and qualifications An overview of the PA-DSS (Payment Application Data Security Standard) PTS (PIN Transaction Security) Software-based PIN entryBuy your copy of this quick-reference guide to PCI DSS v3.2.1 today!About the authorsAlan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd.Alan is an acknowledged international cyber security guru. He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.Geraint Williams is the CISO for the GRC International Group of companies, and a knowledgeable and experienced senior information security consultant and former PCI QSA, with a strong technical background and experience in the PCI DSS and security testing.Geraint has provided consultancy on implementing the PCI DSS, and has conducted audits for a wide range of merchants and service providers as well as penetration testing and vulnerability assessments for clients. He has broad technical knowledge of security and IT infrastructure, including high-performance computing and Cloud computing. His certifications include CISSP® and PCIP.

This pocket guide is an introduction to the EU's NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA's Technical Guidelines and international standards can help DSPs achieve compliance. This pocket guide is a primer for any DSP that needs to comply with the NIS Directive.The pocket guide helps DSPs: Gain insight into the NIS Directive and who is regulating it; Identify if they are within the scope of the Directive; Understand the key requirements; and Understand how guidance from international standards and ENISA can help them comply.Your essential guide to understanding the EU's NIS Directive - buy this book today and get the help and guidance you need.

This concise guide is essential reading for EU organisations wanting an easy to follow overview of the new regulation and the compliance obligations for handling data of EU citizens.The EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU, and automatically supersedes member states domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents' personal data.EU GDPR: A Pocket Guide provides an essential introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations.This second edition has been updated with improved guidance around related laws such as the NIS Directive and the future ePrivacy Regulation.EU GDPR - A Pocket Guide sets out: A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA). The terms and definitions used in the GDPR, including explanations. The key requirements of the GDPR, including: Which fines apply to which Articles; The six principles that should be applied to any collection and processing of personal data; The Regulation's applicability; Data subjects' rights; Data protection impact assessments (DPIAs); The role of the data protection officer (DPO) and whether you need one; Data breaches, and the notification of supervisory authorities and data subjects; Obligations for international data transfers. How to comply with the Regulation, including: Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records); The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); The "appropriate technical and organisational measures" you need to take to ensure your compliance with the Regulation. A full index of the Regulation, enabling you to find relevant Articles quickly and easily.Buy your copy today.

Istruzioni per la corretta attuazione della Norma ISO 27001Con un linguaggio funzionale e scevro da tecnicismi, questa guida ti accompagnerà lungo le fasi principali di un progetto ISO 27001 per garantirne il successo - dalla fase iniziale fino alla certificazione finale: Mandato dell progetto Avvio del progetto Avvio del SGSI Quadro di gestione Criteri di sicurezza basilari Gestione del rischio Attuazione. Misurazione, monitoraggio e riesame CertificazioneOra alla sua terza edizione e allineata a ISO 27001:2013, questa guida è ideale per tutti coloro che sono chiamati per la prima volta a cimentarsi con questo Standard."È come trovarsi gomito a gomito con un consulente da 300 dollari all'ora a considerare tutti gli aspetti legati al conseguimento del sostegno della direzione, alla pianificazione, alla definizione degli ambiti, alla comunicazione di gestione, ecc."Thomas F. WitwickiCon questo libro scoprirai come: Conseguire il sostegno della direzione e mantenere l'attenzione del consiglio; Creare un guadro di gestione ed eseguire una gap analysis, in modo da poter comprendere chiaramente i controlli già in atto e identificare dove concentrare i propri sforzi; Strutturare e fornire risorse al tuo progetto - con consigli che ti aiuteranno a decidere se avvalerti di consulenti o fare tutto da solo, e a esaminare gli strumenti e le risorse disponibili che possono facilitarti il lavoro; Condurre una valutazione dei rischi in cinque fasi, e creare una Dichiarazione di Applicabilità e un piano di trattamento dei rischi; Integrare il tuo SGSI ISO 27001 con un QMS ISO 9001 ed altri sistemi di gestione; Affrontare le sfide legate alla documentazione che incontrerai sul tuo cammino mentre formulerai politiche aziendali, procedure, istruzioni operative e documenti di registrazione - tra cui alternative sostenibili a un dispendioso approccio euristico; Migliorare continuamente il tuo SGSI, con gli audit e le verifiche interne e il riesame della direzione;Questa pubblicazione ti fornirà la guida necessaria per comprendere i requisiti dello Standard e garantire la riuscita del tuo progetto di attuazione, che racchiude sei segreti che conducono al successo della certificazione.BackgroundIl conseguimento e il mantenimento della certificazione accreditata secondo lo standard internazionale per la gestione della sicurezza delle informazioni - ISO 27001 - può essere un'impresa complicata, soprattutto per i non addetti ai lavori.L'autore, Alan Calder conosce a fondo la norma ISO 27001: egli è il fondatore e il presidente esecutivo di IT Governance, ha diretto l'attuazione del primo sistema di gestione che ha conseguito la certificazione secondo BS 7799 - il precursore della norma ISO 27001 - e da allora non ha mai smesso di lavorare con il citato Standard.

Proteja la información de su organización con la ISO27001:2013La información es uno de los recursos más importantes de su organización y mantener esa información segura es vital para su negocio. Esta guía de bolsillo útil es una visión de conjunto esencial sobre las dos normas de la seguridad de la información clave que cubren los requisitos formales (ISO27001:2013) para crear un Sistema de Gestión de la Seguridad de la Información (SGSI) y las recomendaciones de mejores prácticas (ISO27002:2013) para aquellos responsables de iniciar, implementar o mantenerlo.Un SGSI basado en la ISO27001/ISO27002 ofrece un sinfín de beneficios: Eficacia mejorada implantando procedimientos y sistemas de seguridad de la información, que le permiten concentrarse en su actividad empresarial principal. Protege sus activos de información de un amplio abanico de ciberamenazas, actividad criminal, compromiso de información privilegiada y fallo del sistema. Gestione sus riesgos sistemáticamente y establezca planes para eliminar o reducir las ciberamenazas. Permite la detección temprana de amenazas o errores de procesamiento y una solicuón más rápida¿Siguiente paso para la certificación?Puede organizar una auditoría independiente de su SGSI frente a las especificaciones de la ISO27001 y, si su SGSI se ajusta, finalmente logra la certificación acreditada. Publicamos una variedad de libros y herramientas de documentación del SGSI (como Nueve pasos para el éxito) para ayudarle a lograr esto.Índice La familia de normas de la seguridad de la información ISO-/IEC 27000; Historia de las Normas; Especificación frente al Código de Prácticas; Proceso de certificación; El SGSI y la ISO27001; Visión de conjunto de la ISO/IEC 27001:2013; Visión de conjunto de la ISO/IEC 27002:2013; Documentación y registros; Responsabilidad de la gestión; Enfoque del proceso y el ciclo PDCA; Contexto, política y alcance; Evaluación del riesgo; La declaración de aplicabilidad (SoA); Implementación; 15. Verificar y actuar; Revisión gerencial; ISO27001; Anexo AAcerca del autorAlan Calder es el fundador y presidente ejecutivo de IT Governance Ltd, una empresa de información, asesoramiento y consultoría que ayuda a los consejos de administración de empresas a abordar problemas de gobierno de TI, gestión del riesgo, cumplimiento y seguridad de la información. Tiene muchos años de experiencia en alta gerencia en los sectores públicos y privados.Una guía de bolsillo que proporciona una visión de conjunto esencial de dos normas de la seguridad de la información clave, cómprela hoy y aprenda cómo proteger el activo más importante de su organización.

Proteggi le informazioni della tua organizzazione con ISO27001:2013Le informazioni costituiscono una delle risorse più importanti della tua organizzazione, e proteggerne la sicurezza è di importanza vitale per la tua attività. Questa pratica guida tascabile costituisce una panoramica essenziale di due norme di sicurezza delle informazioni che prende in esame i requisiti formali (ISO27001:2013) per la creazione di un Sistema di Gestione della Sicurezza delle Informazioni (SGSI), e le procedure consigliate (ISO27002:2013) rivolte ai responsabili dell'avvio, dell'attuazione o del mantenimento di tale sistema.Un SGSI basato sulle norme ISO27001/ISO27002 presenta numerosi vantaggi: Una maggiore efficienza derivante dalla messa in atto di sistemi e procedure di sicurezza delle informazioni, consentendoti di concentrarti maggiormente sul tuo core business. Protegge il tuo patrimonio informativo da un gran numero di minacce informatiche, attività criminose, compromissione interna dei dati e errori di sistema. Gestisce i tuoi rischi in modo sistematico e stabilisce piani d'azione per eliminare o ridurre le minacce informatiche. Consente il rilevamento precoce di minacce o errori d'elaborazione e la loro rapida risoluzione.Qualè il passo successivo verso la certificazione?Puoi disporre una verifica indipendente del tuo SGSI per accertarne la conformità alle specifiche dello standard ISO27001 e, in caso di conformità, ottenere quindi la certificazione accreditata. Pubblichiamo una vasta gamma di compendi e libri documentativi sullo standard SGSI (come I Nove Passi Per il Successo) che possono aiutarti a conseguire tale obiettivo.Indice Il gruppo di norme sulla sicurezza delle informazioni ISO/IEC 27000 ; Il contesto delle norme; Specifica e codice di comportamento a confronto; Il processo di certificazione; Il SGSI e l'ISO27001; Panoramica dell'ISO/IEC 27001:2013; Panoramica dell'ISO/IEC 27002:2013; Documentazione e registrazioni; Responsabilità della direzione; Approccio al processo e ciclo PDCA; Contesto, politica e campo di applicazione; Valutazione dei rischi; La dichiarazione di applicabilità; Attuazione; Check and Act; Riesame della direzione; Allegato A ISO27001L'autoreAlan Calder è fondatore e presidente esecutivo di IT Governance Ltd, un'azienda di assistenza e consulenza che aiuta gli organi sociali ad occuparsi di IT governance, gestione dei rischi, conformità e problemi di sicurezza delle informazioni. Alan ha occupato per molti anni incarichi di alto livello sia nel settore pubblico che privato. -Una pratica guida tascabile che offre una panoramica essenziale di due norme sulla sicurezza delle informazioni. Acquistala oggi stesso e apprendi come proteggere il patrimonio più importante della tua organizzazione

Schützen Sie die Informationen Ihrer Organisation mit ISO27001:2013Informationen gehören zu den wichtigsten Ressourcen Ihrer Organisation und ihre Sicherheit ist überlebenswichtig für Ihr Geschäft. Dieser praktische Taschenführer bietet einen grundlegenden Überblick über die beiden wichtigsten Informationssicherheitsstandards mit den formalen Anforderungen (ISO27001:2013) zum Erstellen eines Informationssicherheit-Managementsystems (ISMS) sowie Empfehlungen zu besten Verfahren (ISO27002:2013) für alle jenen, die dieses Einführen, Umsetzen oder Verwalten müssen.Ein auf der Norm ISO27001/ISO27002 basierendes ISMS bietet zahlreiche Vorteile: Verbessern Sie Ihre Effizienz durch Informationssicherheitssysteme und vorgehensweisen, dank derer Sie sich auf ihr Kerngeschäft konzentrieren können Schützen Sie Ihre Informationswerte vor einer Reihe von Cyber-Bedrohungen, krimineller Aktivitäten, Gefährdungen durch Insider und Systemausfälle Managen Sie Ihre Risiken systematisch und erstellen Sie Pläne zum Beseitigen oder Verringern von Cyber-Bedrohungen Erkennen Sie Bedrohungen oder Prozessfehler eher und beheben Sie sie schnellerDer nächste Schritt zur Zertifizierung?Sie können einen unabhängigen Audit Ihres ISMS anhand der Spezifikationen der Norm ISO27001 vornehmen lassen und, wenn dieser die Konformität Ihres ISMS bestätigt, unter Umständen einen akkreditierte Zertifizierung erhalten. Wir veröffentlichen eine Reihe von Toolkits und Büchern zum Thema ISMS (wie „Nine Steps to Success"), die Sie dabei unterstützen.Inhalt Die ISO/IEC 27000 Familie von Informationssicherheitsstandards; Hintergrund der Normen; Unterschied Spezifikation - Leitfaden; Zertifizierungsprozess; Die ISMS und ISO27001; Überblick über ISO/IEC 27001:2013; Überblick über ISO/IEC 27002:2013; Dokumente und Aufzeichnungen; Führungsverantwortung; Prozessansatz und PDCA-Zyklus; Kontext, Politik und Anwendungsbereich; Risikobeurteilung; Die Erklärung zur Anwendbarkeit; Umsetzung; Überprüfung und Handeln; Managementprüfung; ISO27001 Anhang A;Über den AutorAlan Calder ist Gründer und Vorstandsvorsitzender der IT Governance Ltd, ein Informations-, Analyse- und Beratungsunternehmen, das Unternehmen bei der Verwaltung von IT-Governance-, Risikomanagement-, Compliance- und Informationssicherheitsfragen unterstützt. Er verfügt über eine langjährige Erfahrung im Senior Management im privaten und öffentlichen Sektor.Dieser praktische Taschenführer bietet einen grundlegenden Überblick über die beiden wichtigsten Informationssicherheitsstandards - kaufen Sie ihn noch heute und erfahren Sie, wie Sie das wertvollste Gut Ihrer Organisation schützen können.

Protégez l'information de votre organisation grâce à l'ISO27001 :2013L'information est l'une des ressources les plus importantes de votre organisation, et la conservation de cette information est vitale pour votre entreprise Ce guide de poche pratique est un aperçu essentiel de deux normes clés en matière de sécurité de l'information, il couvre les exigences formelles (ISO27001:2013) pour la création d'un système de management de la sécurité de l'information (SMSI), ainsi que les recommandations des meilleures pratiques (ISO27002:2013) pour les responsables du lancement, de la mise en œuvre ou du suivi.Un SMSI se basant sur l'ISO27001/ISO27002 offre une foule d'avantages: Une amélioration de l'efficacité, en mettant en place des systèmes et des procédures de sécurité de l'information vous permettant de vous concentrer davantage sur votre activité principale. Il protège vos actifs d'information d'un large éventail de cyber-attaques, d'activités criminelles, de compromis internes et de défaillance du système. Gérez vos risques de façon systémique et établissez des plans pour éliminer ou réduire les menaces cybernétiques. Il permet une détection plus rapide des menaces ou des erreurs de traitement, et une résolution plus rapide.Prochaine étape vers la certification ?Vous pouvez organiser un audit indépendant de votre SMSI en fonction des spécifications de l'ISO27001 et, si votre SMSI est conforme, obtenir éventuellement une certification accréditée. Nous publions une série de boîtes à outils de documentations et des ouvrages sur le SMSI (tels que Neuf étapes vers le succès) pour vous aider à atteindre cet objectif.Sommaire La famille ISO/CEI 27000 des normes de sécurité de l'information ; Historique des normes ; Spécification ou Code de bonne pratique ; Procédure de certification ; Le SMSI et l'ISO27001 ; Aperçu de l'ISO/CEI 27001 :2013 ; Aperçu de l'ISO/CEI 27002 :2013 ; Documentation et enregistrements ; Responsabilités du management ; Approche procédurale et cycle PDCA ; Contexte, politique et domaine d'application ; Évaluation des risques ; La Déclaration d'Applicabilité ; Mise en œuvre ; Contrôler et agir ; Examen par le management ; ISO27001 Annexe AConcernant l'auteurAlan Calder est le fondateur et le président exécutif d'IT Governance Ltd, un cabinet d'information, d'avis et de conseils qui aide les conseils d'administration des entreprises à s'attaquer aux questions de gouvernance informatique, de gestion des risques, de conformité et de sécurité de l'information. Il est riche de nombreuses années d'expérience en haute direction dans les secteurs privé et public.

A concise introduction to the EU GDPRThe EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU from 25 May 2018, when it will automatically supersede member states' domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents' personal data.EU GDPR: A Pocket Guide provides an essential introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations. Product overviewEU GDPR - A Pocket Guide sets out: A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA). The terms and definitions used in the GDPR, including explanations. The key requirements of the GDPR, including: Which fines apply to which Articles; The six principles that should be applied to any collection and processing of personal data; The Regulation's applicability; Data subjects' rights; Data protection impact assessments (DPIAs); The role of the data protection officer (DPO) and whether you need one; Data breaches, and the notification of supervisory authorities and data subjects; Obligations for international data transfers. How to comply with the Regulation, including: Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records); The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); The "appropriate technical and organisational measures" you need to take to ensure your compliance with the Regulation. A full index of the Regulation, enabling you to find relevant Articles quickly and easily. About the authorAlan Calder, the founder and executive chairman of IT Governance Ltd, is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University's postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.Quickly understand your new obligations under the EU GDPR, and learn what steps you need to take to avoid costly fines.