Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Save more on your purchases!
Savings automatically calculated. No voucher code required
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Mastering Information Security Compliance Management

You're reading from  Mastering Information Security Compliance Management

Product type Book
Published in Aug 2023
Publisher Packt
ISBN-13 9781803231174
Pages 236 pages
Edition 1st Edition
Languages
Concepts
Authors (2):
Adarsh Nair Adarsh Nair
Profile icon Adarsh Nair
LinkedIn
Adarsh Nair is the global head of information security at UST. He is a recognized information security strategist, author, and keynote speaker. Adarsh holds the title of Fellow of Information Privacy (FIP) by IAPP and is a Google Hall of Fame honoree. He serves as co-chair of OWASP Kerala Chapter, an IAPP exam development board member, and an EC-Council advisory board member. With a decade of experience, Adarsh specializes in information security governance, risk and compliance, business continuity, data privacy, ethical hacking, and threat identification and mitigation. He maintains expertise through memberships, training, and certifications, including CISSP, CIPM, CIPP/E, LPT, OSCP, and ISO Lead Auditor. Adarsh has authored two books, published numerous articles and research papers, and delivered impactful presentations at national and international conferences, establishing himself as a thought leader in information security.
See other products by Adarsh Nair
Greeshma M. R. Greeshma M. R.
Profile icon Greeshma M. R.
LinkedIn
Greeshma M. R. is an entrepreneur and seasoned freelance technology writer, specializing in technology domains, especially information security and Web 3.0. She is interested in exploring the intersection of technology and humanity, as well as the social aspects of technology. Her areas of interest also encompass innovation, sustainable development, gender, and society. She is a co-author and publisher of two books and holds a certification as an ISO 27001 Lead Auditor. Having worked in the IT and knowledge and innovation management domains, Greeshma possesses an interdisciplinary perspective that enriches her approach. She has actively contributed to establishing an innovation ecosystem among students via communities of practice, fostering a culture of creativity and collaboration.
See other products by Greeshma M. R.
View More author details

Table of Contents (19) Chapters

Preface 1. Part 1: Setting the Stage – Definitions, Concepts, Principles, Standards, and Certifications
2. Chapter 1: Foundations, Standards, and Principles of Information Security 3. Chapter 2: Introduction to ISO 27001 4. Part 2: The Protection Strategy – ISO/IEC 27001/02 Design and Implementation
5. Chapter 3: ISMS Controls 6. Chapter 4: Risk Management 7. Chapter 5: ISMS – Phases of Implementation 8. Chapter 6: Information Security Incident Management 9. Chapter 7: Case Studies – Certification, SoA, and Incident Management 10. Part 3: How to Sustain – Monitoring and Measurement
11. Chapter 8: Audit Principles, Concepts, and Planning 12. Chapter 9: Performing an Audit 13. Chapter 10: Audit Reporting, Follow-Up, and Strategies for Continual Improvement 14. Chapter 11: Auditor Competence and Evaluation 15. Chapter 12: Case Studies – Audit Planning, Reporting Nonconformities, and Audit Reporting 16. Index 17. Other Books You May Enjoy Appendix – Terms and Definitions

Case study #2 – selection of controls and the Statement of Applicability

The SoA is an essential document that defines which controls from Annex A of ISO 27001 are being implemented in the organization and how, which controls will not be implemented, and the reason for their elimination (this reflects the risk appetite of the organization). When preparing an SoA, it is important to note that not all controls are mandatory for implementation. The selection of controls should be based on the organization’s risk assessment, business requirements, and the specific context of the ISMS. This allows organizations to tailor the controls to their specific needs, ensuring a more efficient and effective implementation of the ISMS.

Tables 7.1, 7.2, 7.3, and 7.4 list the organizational, people, physical, and technological controls, respectively. Together, they form the SoA for the ISMS implemented at Titan Security Inc.

Organizational controls

ISO 27001:2022 incorporates...

lock icon The rest of the chapter is locked
arrow left Previous Chapter
Chapter 1 of 19
Next Chapter arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime}

Authors (2)

Left arrow icon
Profile icon Adarsh Nair
LinkedIn
Adarsh Nair is the global head of information security at UST. He is a recognized information security strategist, author, and keynote speaker. Adarsh holds the title of Fellow of Information Privacy (FIP) by IAPP and is a Google Hall of Fame honoree. He serves as co-chair of OWASP Kerala Chapter, an IAPP exam development board member, and an EC-Council advisory board member. With a decade of experience, Adarsh specializes in information security governance, risk and compliance, business continuity, data privacy, ethical hacking, and threat identification and mitigation. He maintains expertise through memberships, training, and certifications, including CISSP, CIPM, CIPP/E, LPT, OSCP, and ISO Lead Auditor. Adarsh has authored two books, published numerous articles and research papers, and delivered impactful presentations at national and international conferences, establishing himself as a thought leader in information security.
Read more
See other products by Adarsh Nair
Profile icon Greeshma M. R.
LinkedIn
Greeshma M. R. is an entrepreneur and seasoned freelance technology writer, specializing in technology domains, especially information security and Web 3.0. She is interested in exploring the intersection of technology and humanity, as well as the social aspects of technology. Her areas of interest also encompass innovation, sustainable development, gender, and society. She is a co-author and publisher of two books and holds a certification as an ISO 27001 Lead Auditor. Having worked in the IT and knowledge and innovation management domains, Greeshma possesses an interdisciplinary perspective that enriches her approach. She has actively contributed to establishing an innovation ecosystem among students via communities of practice, fostering a culture of creativity and collaboration.
Read more
See other products by Greeshma M. R.
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
Engineering Manager's Handbook
Engineering Manager's Handbook
Engineering Manager's Handbook is a comprehensive guide for managers to excel in their role, foster customer-centric digital products, learn leadership, team building, and balancing technical work with management. You’ll also explore how to develop trust, authority, and collaboration to drive success and make a lasting impact.
Sep 2023 9 hours 16 minutes
C++ Game Animation Programming
C++ Game Animation Programming
Video game characters have a fascinating history, evolving from simple 2D sprites to high-polygon 3D models. Take a look behind the curtain and learn how to build a 3D renderer, load character models, play animations and blend between them, and create large crowds of animated people with this comprehensive C++ game animation programming guide.
Dec 2023 16 hours 0 minutes
Gamification for Product Excellence
Gamification for Product Excellence
This book helps you to take your product management strategy to the next level by standing out in crowded markets. Along with boosting user adoption rates by creating engaging products that incorporate playful elements, learn gamification theory and how to integrate it into your design, product development, and product management processes.
Sep 2023 11 hours 40 minutes
Supercharging Productivity with Trello
Supercharging Productivity with Trello
Supercharging Productivity with Trello is the ultimate guide for anyone looking to boost their productivity with digital tools. Whether you're new to Trello or a seasoned professional, this book covers everything from core features to advanced automation, and Power-Ups.
Aug 2023 11 hours 24 minutes
Automate It with Zapier and Generative AI
Automate It with Zapier and Generative AI
This comprehensive guide takes you through the concepts of business process automation, showing you how Zapier can facilitate it without having to write code and helping you to boost productivity. You’ll learn how to save time, reduce costs, and make your business recession-proof by using Zapier to automate tasks in your cloud-based business apps.
Aug 2023 23 hours 32 minutes
Scoring to Picture in Logic Pro
Scoring to Picture in Logic Pro
In this book, you’ll explore a variety of techniques to synchronize music to picture using Logic Pro. Though this is not a technical manual, it will teach you how to make the best use of Logic Pro and how to wield this technology to maximize your potential when scoring to picture.
Sep 2023 13 hours 44 minutes
Mastering Information Security Compliance Management
Mastering Information Security Compliance Management
This concise book equips you with the knowledge and practices needed to establish and maintain an effective information security management system. The chapters provide insights into ISO/IEC 27001/27002:2022, risk management, ISMS development, incident management, audit processes, and strategies for continuous improvement.
Aug 2023 7 hours 52 minutes
Implementing Atlassian Confluence
Implementing Atlassian Confluence
Implementing Atlassian Confluence provides both a high-level overview and an insightful path for remote collaboration with Atlassian Confluence. With this multi-layered yet practical guide, you’ll be able to set up Confluence-based collaboration with minimum external consultancy services to ensure smooth and close coordination between teams.
Sep 2023 13 hours 32 minutes
R Bioinformatics Cookbook
R Bioinformatics Cookbook
This book takes a unique problem–solution approach to handling complex tasks in the bioinformatics domain using different datasets present in the book. With the help of real-world examples, you’ll learn to put each independent recipe to use to tackle problems in the field of bioinformatics.
Oct 2023 13 hours 12 minutes
Build Your Own Metaverse with Unity
Build Your Own Metaverse with Unity
Build Your own Metaverse with Unity is a practical guide for developers to create their own metaverse - a virtual world with infinite possibilities. It empowers you to identify gaps in existing metaverses and improve upon them, enabling you to shape your virtual world.
Sep 2023 19 hours 32 minutes
Right arrow icon