Are You Ready for an ISMS Audit Based on 27001? - Softcover

Edward Humphreys (Chartered Fellow of the BCS - FBCS CITP, CISM) is Director of XiSEC Consultants Ltd, a UK company providing Information Security Management consultancy services around the world. He has been an expert in the field of information security and risk management for more than 35 years. During this time he has worked for major international companies (in Europe, North America and Asia), as well organisations such as the European Commission and the OECD. He is the editor of BS 7799 Part 1:1999, ISO/IEC 17799:2000, the 1999 and 2002 editions of BS 7799 Part 2 the ISMS standard and the EA 7/03 the ISMS accreditation guidelines. He is the Founder and Director of the ISMS International User Group and is responsible for the International Register of BS 7799/ISMS Certificates. In 2002 he was honoured with the Secure Computing Lifetime Achievement Award.

This second edition provides user guidance on getting ready and prepared for an ISMS certification audit. It is based on the new editions of ISO/IEC 27001, ISO/IEC 27006 and ISO 27007. The book acts as a practical guide for organizations wishing to carry out internal assessment of their information security management system (ISMS) against the requirements in the new ISO/IEC 27001:2013. It is of particular interest to those with an interest in ISMS (information security management system) certification and is essential reading for those that already have a certified ISMS against the previous edition or those about to embark on the process of certification. This book provides guidance on the complete "life cycle" of ISMS processes and activities required to establish, implement, monitor and continually improve a set of management controls and processes to achieve effective information security. It helps those involved in certification audits understand the transition from the old to the new editions of ISO/IEC 27001 and ISO/IEC 2700 and includes new references and definitions. The book is applicable to organizations of any size, government departments and agencies, certification and accreditation bodies, training organizations, academic institutions, implementers, auditors, consultants, trainers and lecturers.