Information is the currency of the information age and in many cases is the most valuable asset possessed by an organisation. Information security management is the discipline that focuses on protecting and securing these assets against the threats of natural disasters, fraud and other criminal activity, user error and system failure.
This Management Guide provides an overview of the two international information security standards, ISO/IEC 27001 and ISO 27002. These standards provide a basis for implementing information security controls to meet an organisations own business requirements as well as a set of controls for business relationships with other parties.
This Guide provides:
An introduction and overview to both the standards
The background to the current version of the standards
Links to other standards, such as ISO 9001, BS25999 and ISO 20000
Links to frameworks such as CobiT and ITIL
Above all, this handy book describes how ISO 27001 and ISO 27002 interact to guide organizations in the development of best practice information security management systems.