Видавець: K-i-s-publishing
IT Governance Publishing, Alan Calder
This book offers an in-depth exploration of ISO 22301:2019 and its role in business continuity management. It begins by explaining the standards and their importance for building resilience against disruptions. Readers will learn the core principles of ISO 22301, including the PDCA (Plan-Do-Check-Act) cycle, leadership responsibilities, and the integration with other management systems.As the book progresses, readers will delve into key aspects of creating an effective business continuity plan, such as context analysis, identifying stakeholders, conducting risk assessments, and establishing support systems. Practical strategies are provided to help readers optimize business continuity solutions and incorporate them into their operations, ensuring preparedness for unforeseen risks.The book also examines methods for evaluating and continuously improving continuity plans. In the final chapters, readers are guided through the process of ISO 22301 certification, offering a clear path to securing certification and enhancing organizational resilience.
IT Governance Publishing, Bridget Kenyon
This guide offers a comprehensive approach to implementing and auditing ISO 27001 controls, providing clear steps for establishing a robust Information Security Management System (ISMS). It is designed to help organizations navigate the complexities of meeting international security standards while ensuring the protection of sensitive information. The book covers every aspect of ISO/IEC 27001, from the foundational principles to practical applications of organizational, physical, and technological controls.Each chapter is carefully structured to explain the implementation of specific controls, focusing on real-world scenarios and offering actionable advice for security professionals. With detailed instructions and clear examples, readers will gain a deep understanding of the ISO 27001 framework and how to align their organizations with best practices. In addition to control implementation, the book emphasizes ongoing compliance and risk management strategies. It highlights critical areas such as incident management, supplier relationships, and data protection, ensuring readers can address security challenges at all levels. Whether new to ISO 27001 or looking to refine an existing ISMS, this book provides the tools necessary for successful information security management and compliance auditing.
ISO 27001/ISO 27002. A guide to information security management systems
IT Governance Publishing, Alan Calder
This comprehensive guide demystifies the ISO 27001 and ISO 27002 standards, offering a clear roadmap to understanding, implementing, and managing an Information Security Management System (ISMS). It begins with foundational concepts, a history of ISO 27001, and introduces the ISO 27000 family. The book proceeds to cover the PDCA cycle, Annex SL structure, and the significance of shall vs. should in compliance language.Core chapters walk through ISO 27001’s clauses and requirements, from organizational context and leadership to performance evaluation and continual improvement. Annex A's security controls are explored in detail, linking theory with practical application. ISO 27002 is also thoroughly reviewed to offer guidance on selecting and implementing appropriate controls.By the end of the book, readers gain a strong understanding of ISMS design, certification processes, and control mapping. This resource supports IT managers, compliance officers, and auditors seeking to align with international security standards.
ISO 50001. A strategic guide to establishing an energy management system
IT Governance Publishing, Alan Field
This guide introduces readers to the essential concepts of an Energy Management System (EnMS), with a focus on the internationally recognized ISO 50001 standard. It explains why energy management is a strategic priority, the benefits of adopting an EnMS, and how ISO 50001 plays a pivotal role in reducing energy consumption while enhancing environmental sustainability.The book covers the essential aspects of ISO 50001, from its key definitions and principles to the PDCA (Plan-Do-Check-Act) cycle that underpins its effectiveness. It also provides practical insights on integrating ISO 50001 with ISO 14001, creating a comprehensive management system that aligns with both energy and environmental objectives. Readers will learn about the key differences between the 2011 and 2018 versions of ISO 50001 and how to successfully prepare for third-party assessments to achieve certification.Perfect for energy managers, sustainability professionals, and organizations aiming to improve their energy efficiency, this book offers a detailed roadmap for implementing ISO 50001 and achieving long-term energy savings. It also highlights the strategic advantages of integrating energy management with broader sustainability goals and environmental management practices.
IT Governance Publishing, Alan Shipman, Steve Watkins
In this book, readers will gain a comprehensive understanding of privacy information management (PIM) and the ISO/IEC 27701:2025 standards. The content begins by establishing the foundational principles of privacy and its significance in the modern data-driven world. It explores how organizations process personal information, the types of information involved, and the reasons behind its collection. Moving forward, the book delves into the implementation of PIMS controls to safeguard privacy, ensuring data is handled securely and in compliance with legal frameworks. The text also covers the application of privacy by design and by default, highlighting best practices for organizations to embed privacy throughout their systems and processes. In addition to practical guidance on managing privacy information, the book provides detailed instructions on certification and auditing processes to ensure compliance with ISO/IEC 27701 standards. By following this book, professionals will acquire the knowledge to implement effective privacy information management strategies across various business contexts.
IT Audit Field Manual. Strengthen your cyber defense through proactive IT auditing
Lewis Heuermann
As cyber threats evolve and regulations tighten, IT professionals struggle to maintain effective auditing practices and ensure robust cybersecurity across complex systems. Drawing from over a decade of submarine military service and extensive cybersecurity experience, Lewis offers a unique blend of technical expertise and field-tested insights in this comprehensive field manual.Serving as a roadmap for beginners as well as experienced professionals, this manual guides you from foundational concepts and audit planning to in-depth explorations of auditing various IT systems and networks, including Cisco devices, next-generation firewalls, cloud environments, endpoint security, and Linux systems. You’ll develop practical skills in assessing security configurations, conducting risk assessments, and ensuring compliance with privacy regulations. This book also covers data protection, reporting, remediation, advanced auditing techniques, and emerging trends.Complete with insightful guidance on building a successful career in IT auditing, by the end of this book, you’ll be equipped with the tools to navigate the complex landscape of cybersecurity and compliance, bridging the gap between technical expertise and practical application.
IT Governance Publishing, Brian Johnson, Walter Zondervan
This book delves into the evolving role of IT in business transformation, covering key strategies for aligning business objectives with digital tools and technologies. It focuses on the importance of governance, efficiency, and risk management in driving IT success. Readers will discover how to build effective IT strategies, manage service delivery, and improve stakeholder engagement in a rapidly changing digital landscape. With practical frameworks and real-world case studies, it provides a roadmap for managing the complexities of digital service design, contract management, and performance. As the book progresses, it highlights the challenges and opportunities IT presents, from governance issues to innovation drivers. It concludes with actionable insights into digital readiness and transformation, equipping readers with the tools to navigate and lead in the digital age.
IT Governance. An international guide to data security and ISO 27001/ISO 27002
IT Governance Publishing, Alan Calder, Steve G...
In the modern digital landscape, information security has never been more critical. This book introduces readers to the essential components of IT governance, focusing on frameworks like ISO 27001 and strategies for managing risks in today's complex information economy. The content explores key topics like cybersecurity, risk management, information security policies, and compliance with international standards. As you progress, you’ll learn to navigate the challenges of organizing and maintaining a secure IT environment, with insights into compliance regulations, security frameworks, and governance codes. The book provides hands-on guidance on applying security controls, setting up robust information security policies, and evaluating risks. Real-world scenarios and practical applications ensure the knowledge gained is immediately applicable to professional environments.The journey culminates in an understanding of how to integrate IT governance within an organization. You’ll learn to assess vulnerabilities, implement risk management strategies, and ensure that security measures align with both business goals and regulatory requirements. The book equips readers with the tools needed to strengthen IT systems against evolving threats and to stay ahead in the information security landscape.