IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002

by SteveWatkins (Author), Alan Calder (Author)

• Used

  Paperback
  2008

  $5.48

  Information is widely regarded as the lifeblood of modern business, but organizations are facing a flood of threats to such 'intellectual capital' - from hackers, viruses and online fraud. Increasingly, data protection, privacy regulations, computer misuse and regulations around investigatory powers are part of a complex and often competing range of requirements to which directors must respond. IT Governance will be essential to board members, executives, owners and managers of any business or organization that depends on information, that uses computers on a regular basis or that has an internet aspect to its overall strategy. With full coverage of the Turnbull Report and the Combined Code (in the UK), and the Sarbanes-Oxley Act (in the US), the book examines standards of best practice for companies looking to protect and enhance their information security management systems, allowing them to ensure that their IT security strategies are co-ordinated, coherent, comprehensive and cost effective. Each book comes with password-protected access to the website, for the latest news updates in this dynamic and constantly-changing sector.

• Used

  Hardcover
  2003

  $3.26

  It is reported that 60 per cent of organizations have suffered a data security breach in the past two years and 43 per cent of those that have sensitive or critical information have suffered an extremely serious one. With the growing importance of IT to both internal systems and external e-commerce, this may be alarming, but perhaps not surprising. What is surprising is that, up until very recently, data security has been seen as the province of the IT department rather than, as it should be, a key boardroom issue for the e-commerce age. The Turnbull report has focused interest in this issue by setting out how directors of listed companies must comply with the UK's Combined Code requirements in respect of internal controls including both financial, risk management and operational - specifically operational from an IT perspective. By underlining the importance of IT Governance as a critical aspect of Corporate Governance the report establishes best practice for any organization both public and private, large and small. The development of IT governance - which recognizes the convergence between business management and IT management - makes it essential for managers at all levels of the organization to adopt best practice in information security. By taking on BS 7799 or ISO 17799 organizations can be certain that they are doing this. This second edition is now updated to contain the final BS 7799/ISO 17799 nomenclature. This handbook guides managers through the maze of issues involved in effective information security management and shows how to introduce reliable management controls. In so doing, it also goes into detail through the process of achieving BS or ISO certification. It is a resource for directors and senior managers in organizations of all sorts and sizes but particularly those with well-developed internal IT systems and those focused on e-commerce. Coverage includes: why is information security necessary?; the Combined Code and the Turnbull Report; BS 7799 - Benefits of certification; information security management; information security policy and scope; the risk assessment and statement of applicability; security of third party access and outsourcing; asset classification and control; personnel security; physical and environmental security; equipment security; general security controls; communications and operations management; controls against malicious software (malware); and housekeeping, network management and media handling.