ISO/IEC 27001 E-books & Toolkits

  • ISO/IEC 27001 Documentation Toolkits

     

    ISO 27001 requires organisations to prove their compliance with appropriate documentation, including a scope, an information security policy, an SoA (Statement of Applicability) and results of information security risk assessments.

    Providing documentation for the information security management system (ISMS) is often the hardest part of achieving ISO 27001 certification. The documentation necessary to create a compliant system, particularly in more complex businesses, can be up to a thousand pages.

    This ISO 27001 Toolkit is the best way to put an Information Security Management System (ISMS) in place quickly and effectively and achieve certification to the ISO27001:2013/17 standard with much less effort than doing it all yourself. Our award-winning template documents and checklists come complete with 12 months of updates and support, helping you to get to ISO 27001 certification fast. Below you can see what's in the Toolkit, view sample documents, download examples, watch our introductory video, and get instant access to your toolkit with a choice of currencies and payment options    .

     

    File format Files total Language Package Code
    Doc, xls 129 English ISO27001-Toolkits

    More detail

     

  • An Introduction to Information Security and ISO 27001

     

    This pocket guide will suit both individuals who need an introduction to a topic that they know little about, and also organizations implementing, or considering implementing, some sort of information security management regime, particularly if using ISO/IEC 27001. The guide furnishes readers with an understanding of the basics of information security, including: a definition of what information security means; how managing information security can be achieved using an approach recognized world-wide; the sorts of factors that need to be considered in an information security regime, including how the perimeters of such a scheme can be properly defined; how an information security management system can ensure it is maximizing the effect of any budget it has; what sort of things resources might be invested in to deliver a consistent level of assurance; and how organizations can demonstrate the degree of assurance they offer with regards to information security, how to interpret claims of adherence to the ISO 27001 standard and exactly what it means. Corporate bodies will find this book useful at a number of stages in any information security project, including at the decision-making stage, at project initiation stage, and as part of an on-going awareness campaign. The guide is designed to be read without having to frequently break from the text, there is also a list of abbreviations along with terms and definitions in chapter 7 for easy reference.

    •  

    File Pages Language Size Book Code
      PDF 48 English 339 KB E-Book-ISO27001-Int

     

    More detail

     

     

  • Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001

     

    Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001.

    The book covers:
    Implementation guidance - what needs to be considered to fulfil the requirements of the controls from ISO/IEC 27001, Annex A. This guidance is aligned with ISO/IEC 27002, which gives advice on implementing the controls;
    Auditing guidance - what should be checked, and how, when examining the ISO/IEC 27001 controls to ensure that the implementation covers the ISMS control requirements.

     

    • File Pages Language Size Book Code
      PDF 141 English 2.2 MB E-Book-ISO27001-Aud

    More detail

     

     

  • How to Achieve 27001 Certification

     
    The security criteria of the International Standards Organization (ISO) provides an excellent foundation for identifying and addressing business risks through a disciplined security management process. Using security standards ISO 17799 and ISO 27001 as a basis, How to Achieve 27001 Certification: An Example of Applied Compliance Management helps an organization align its security and organizational goals so it can generate effective security, compliance, and management programs.

    The authors offer insight from their own experiences, providing questions and answers to determine an organization's information security strengths and weaknesses with respect to the standard. They also present step-by-step information to help an organization plan an implementation, as well as prepare for certification and audit.

    Security is no longer a luxury for an organization, it is a legislative mandate. A formal methodology that helps an organization define and execute an ISMS is essential in order to perform and prove due diligence in upholding stakeholder interests and legislative compliance. Providing a good starting point for novices, as well as finely tuned nuances for seasoned security professionals, this book is an invaluable resource for anyone involved with meeting an organization's security, certification, and compliance needs.

     

    File Pages Language Size Book Code
      PDF 348 English 2.4 MB E-Book-ISO27001-Cer

    More detail

     

     

  • Implementing An Information Security Management System Based On ISO 27001 Guidelines

     

    Discover the simple steps to implementing information security standards using ISO 27001, the most popular information security standard across the world. You'll see how it offers best practices to be followed, including the roles of all the stakeholders at the time of security framework implementation, post-implementation, and during monitoring of the implemented controls. Implementing an Information Security Management System provides implementation guidelines for ISO 27001:2013 to protect your information assets and ensure a safer enterprise environment.

    This book is a step-by-step guide on implementing secure ISMS for your organization. It will change the way you interpret and implement information security in your work area or organization.

     

    File Pages Language Size Book Code
      PDF 284 English 6.7 MB E-Book-ISO27001-Imp

    More detail

     

     

     

  • Information Security Risk Management for ISO 27001/ ISO27002

     

    Expert guidance on planning and implementing a risk assessment and protecting your business information. In the knowledge economy, organisations have to be able to protect their information assets. Information security management has, therefore, become a critical corporate discipline. The international code of practice for an information security management system (ISMS) is ISO27002. As the code of practice explains, information security management enables organisations to ensure business continuity, minimise business risk, and maximise return on investments and business opportunities.
    ISMS requirements The requirements for an ISMS are specified in ISO27001.

    Under ISO27001, a risk assessment has to be carried out before any controls can be selected and implemented, making risk assessment the core competence of information security management. This book provides information security and risk management teams with detailed, practical guidance on how to develop and implement a risk assessment in line with the requirements of ISO27001. International best practice Drawing on international best practice, including ISO/IEC 27005, NIST SP800-30 and BS7799-3, the book explains in practical detail how to carry out an information security risk assessment. It covers key topics, such as risk scales, threats and vulnerabilities, selection of controls, and roles and responsibilities, and includes advice on choosing risk assessment software.

     

    File Pages Language Size Book Code
      PDF 181 English 3.8 MB E-Book-ISO27001-Ris

    More detail

  •  

  • ISO 27001 Controls - A Guide to Implementing and Auditing

     

    Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001.

    The book covers:
    Implementation guidance - what needs to be considered to fulfil the requirements of the controls from ISO/IEC 27001, Annex A. This guidance is aligned with ISO/IEC 27002, which gives advice on implementing the controls;
    Auditing guidance - what should be checked, and how, when examining the ISO/IEC 27001 controls to ensure that the implementation covers the ISMS control requirements.
    The implementation guidance gives clear descriptions covering what needs to be considered to achieve compliance against the requirements, with examples given throughout.

     

    File Pages Language Size Book Code
      PDF 272 English 1.1 MB E-Book-ISO27001-Con

    More detail

     

  • Application Security in the ISO27001 Environment

     

    Application security is a major issue for CIOs. Application Security in the ISO27001 Environment demonstrates how to secure software applications using ISO/IEC 27001. It does this in the context of a wider roll out of an information security management system (ISMS) that conforms to ISO/IEC 27001. Together, the authors offer a wealth of expertise in ISO27001 information security, risk management and software application development. Over 224 pages, they address a range of essential topics, including an introduction to ISO27001 and ISO27002, secure development lifecycles, threat profiling and security testing, and secure coding guidelines.
    As well as showing how to use ISO27001 to secure individual applications, the book demonstrates how to tackle this issue as part of the development and roll out of an organisation-wide Information Security Management System conforming to the Standard. Software packages are the conduits to critical business data, thus securing applications adequately is of the utmost importance. Thus you must order a copy of this book today, as it is the de-facto standard on application security in the ISO/IEC 27001 environment    .

     

    File Pages Language Size Book Code
      PDF 222 English 1.65 MB E-Book-ISO27001-Application

    More detail

     

  • Implementing the ISO/IEC 27001 ISMS Standard

     

    Authored by an internationally recognized expert in the field, this expanded, timely second edition addresses all the critical information security management issues needed to help businesses protect their valuable assets. Professionals learn how to manage business risks, governance and compliance. This updated resource provides a clear guide to ISO/IEC 27000 security standards and their implementation, focusing on the recent ISO/IEC 27001.
    Moreover, readers are presented with practical and logical information on standard accreditation and certification. From information security management system (ISMS) business context, operations, and risk, to leadership and support, this invaluable book is your one-stop resource on the ISO/IEC 27000 series of standards.

     

    File Pages Language Size Book Code
      PDF 239 English 3.5 MB E-Book-ISO27001-Implementing

    More detail

     

  • Information Security Policies, Procedures, and Standards

     

    Information Security Policies, Procedures, and Standards: A Practitioner's Reference gives you a blueprint on how to develop effective information security policies and procedures. It uses standards such as NIST 800-53, ISO 27001, and COBIT, and regulations such as HIPAA and PCI DSS as the foundation for the content. Highlighting key terminology, policy development concepts and methods, and suggested document structures, it includes examples, checklists, sample policies and procedures, guidelines, and a synopsis of the applicable standards.
    The author explains how and why procedures are developed and implemented rather than simply provide information and examples. This is an important distinction because no two organizations are exactly alike; therefore, no two sets of policies and procedures are going to be exactly alike. This approach provides the foundation and understanding you need to write effective policies, procedures, and standards clearly and concisely.
    Developing policies and procedures may seem to be an overwhelming task. However, by relying on the material presented in this book, adopting the policy development techniques, and examining the examples, the task will not seem so daunting. You can use the discussion material to help sell the concepts, which may be the most difficult aspect of the process. Once you have completed a policy or two, you will have the courage to take on even more tasks. Additionally, the skills you acquire will assist you in other areas of your professional and private life, such as expressing an idea clearly and concisely or creating a project plan.

     

    File Pages Language Size Book Code
      PDF 254 English 4.9 MB E-Book-ISO27001-Policy

    More detail

     

  • Information Security Policy Development for Compliance

     

    Although compliance standards can be helpful guides to writing comprehensive security policies, many of the standards state the same requirements in slightly different ways. Information Security Policy Development for Compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA Standard, PCI DSS V2.0, and AUP V5.0 provides a simplified way to write policies that meet the major regulatory requirements, without having to manually look up each and every control.

    Explaining how to write policy statements that address multiple compliance standards and regulatory requirements, the book will help readers elicit management opinions on information security and document the formal and informal procedures currently in place. Topics covered include:

    - Entity-level policies and procedures
    - Access-control policies and procedures
    - Change control and change management
    - System information integrity and monitoring
    - System services acquisition and protection
    - Informational asset management
    - Continuity of operations

    The book supplies you with the tools to use the full range of compliance standards as guides for writing policies that meet the security needs of your organization. Detailing a methodology to facilitate the elicitation process, it asks pointed questions to help you obtain the information needed to write relevant policies. More importantly, this methodology can help you identify the weaknesses and vulnerabilities that exist in your organization.

    A valuable resource for policy writers who must meet multiple compliance standards, this guidebook is also available in eBook format. The eBook version includes hyperlinks beside each statement that explain what the various standards say about each topic and provide time-saving guidance in determining what your policy should include..

     

    File Pages Language Size Book Code
      PDF 152 English 2.9 MB E-Book-ISO27001-Compliance

    More detail

     

  • ISO/IEC 27001:2013 - Mastering Risk Assessment and the Statement of Applicability

     

    ISO/IEC 27001:2013 is the requirements specification standard for an information security management system, or ISMS for short. There are requirements for performing information security risk assessments, risk treatments, and for producing a 'Statement of Applicability'. Reputedly, some organisations have found difficulty with these requirements because they state what must be done, not how to do it.
    There are standards in the ISO/IEC 27xxx series that offer guidance on how to fulfil the requirements of ISO/IEC 27001. These are descriptive in nature. They describe how organisations could perform risk assessments and offer advice on how to construct a Statement of Applicability (SOA). However, they are lacking in worked examples.Having assisted many organisations to achieve ISO/IEC 27001 certification, I have developed and fine-tuned a methodology for fulfilling these requirements.

    This methodology is embodied in the IMS-Smart On-Line technology. Its approach to risk assessment uses events and consequences as advocated in ISO 31000:2018 (Risk management - Guidelines) and BS 7799-3:2017 (Guidelines for information security risk management). IMS-Smart defines twelve events and invites the organisations that use the technology to devise tell-it-like-a-story risk treatment plans for each event to determine the necessary information security controls. Organisations are then invited to link phrases in the story text to the ISO/IEC 27001 reference controls, which in turn assists them to produce the SOA.

     

    File Pages Language Size Book Code
      PDF 130 English 17.1 MB E-Book-ISO27001-Assessment

    More detail

     

  • IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002

     

    Information is widely regarded as the lifeblood of modern business, but organizations are facing a flood of threats to such 'intellectual capital' from hackers, viruses, and online fraud. Directors must respond to increasingly complex and competing demands regarding data protection, privacy regulations, computer misuse, and investigatory regulations. IT Governance will be valuable to board members, executives, owners and managers of any business or organization that depends on information.

    Covering the Sarbanes-Oxley Act (in the US) and the Turnbull Report and the Combined Code (in the UK), the book examines standards of best practice for compliance and data security. Written for companies looking to protect and enhance their information security management systems, it allows them to ensure that their IT security strategies are coordinated, coherent, comprehensive and cost effective.

     

    File Pages Language Size Book Code
      PDF 384 English 1.4 MB E-Book-ISO27001-Guide

    More detail

     


Related Templates For an IT Manager

IT Manager must be responsible for all IT activities to support for business strategic objectives. The usual objectives are focus on: IT strategy, technology system; budget, investment, organization and staff motivation;

The necessary requirements for an IT manager or IT leaders are: Ability to develop strategies and leadership; customer relationship management; suppliers and employees; project management; solving business problems with MIS systems; ensure continuous operation and disaster recovery of IT system.


Newsletter Subcribe

Updates information of IT management tools every week, please provide your email address in the box below, and have oppotunity to download 25 toolkits free.


Our Services
Copyrights @ 2009 - 2022 by IT-Toolkits.org