How to Achieve 27001 Certification: An Example of Applied Compliance Management (Hardcover)

~ (Author), Keith D. Willett (Author)
Key Phrases: information security management system, requirements traceability matrix, final security rule, Certification Table, Element Requirement Interpretation, Security Management Framework Baseline (more...)

Editorial Reviews

Product Description

The security criteria of the International Standards Organization (ISO) provides an excellent foundation for identifying and addressing business risks through a disciplined security management process. Using security standards ISO 17799 and ISO 27001 as a basis, How to Achieve 27001 Certification: An Example of Applied Compliance Management helps an organization align its security and organizational goals so it can generate effective security, compliance, and management programs.

The authors offer insight from their own experiences, providing questions and answers to determine an organization's information security strengths and weaknesses with respect to the standard. They also present step-by-step information to help an organization plan an implementation, as well as prepare for certification and audit.

Security is no longer a luxury for an organization, it is a legislative mandate. A formal methodology that helps an organization define and execute an ISMS is essential in order to perform and prove due diligence in upholding stakeholder interests and legislative compliance. Providing a good starting point for novices, as well as finely tuned nuances for seasoned security professionals, this book is an invaluable resource for anyone involved with meeting an organization's security, certification, and compliance needs.

About the Author

Social Insurance Administration, Reykjavik, Iceland CTN Technologies, Millersville, Maryland, USA

Product Details

• Hardcover: 352 pages
• Publisher: AUERBACH; 1 edition (November 28, 2007)
• Language: English
• ISBN-10: 0849336481
• ISBN-13: 978-0849336485
• Product Dimensions: 9.2 x 6.3 x 0.9 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (1 customer review)
• Amazon.com Sales Rank: #154,220 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

4.0 out of 5 stars Excellent instructional manual, June 5, 2009

By	Viken Derderian (Los Angeles, CA) - See all my reviews (REAL NAME)

I like it!
This book could be used as a very thorough step by step guide for implementing security to any size organization. As a bonus it also helps achieve ISO 27001 certification by an accredited certification body.
Author's style is very impressive. He managed to squeeze an entire management system in just six chapters; this is what I call 0% fat, every page of the guide can be used to improve either the security of an organization or the awareness of it. A security manager can use it to create enough presentation to get the upper management's "buy-in" for a serious security controls, it can also be used by auditors to create an "audit program".
No need to panic, if you need a sample of Statement Of Applicability, or ISMS Policy and Risk Treatment Templates, or any of the documentations needed for proper ISMS its in there.
In conclusion; you must have a copy of this book if you are responsible for the protection of both information and information technology relevant to an organization.