Are You Ready for an ISMS Audit Based on ISO/IEC 27001? - Tapa blanda

This revised publication is in line with the 2005 editions of BS ISO/IEC 17799 and BS ISO/IEC 27001 Information technology. Security techniques. Information security management systems. Requirements. It includes an ISMS process check and a gap analysis workbook. This book is primarily for use by organizations seeking to prepare for certification to BS ISO/IEC 27001 (BS 7799-2). For this purpose it is recommended that the pre-certification assessment is best carried out under the supervision of the person responsible for information security in the organization or by internal audit staff. System developers may also find it a useful reference document when considering the security aspects of new systems. This guide for organizations wishing to carry out internal assessment of their information security management system (ISMS) against the requirements in ISO/IEC 27001:2005 either as a precursor to an internal ISMS auditor in preparation for a formal third-party ISMS certification audit (see Guidelines on Requirements and Preparations for ISMS Certification based on ISO/IEC 27001). Contents include Foreword Introduction Scope of this guide Use of the standards Companion guides Identifying the ISMS scope How to use this guide ISMS process requirements Control requirements ISMS processes workbook (assessment of ISMS process requirements) Gap Analysis Workbook (assessment of ISMS controls)

Ted Humphreys (Chartered Fellow of the BCS CITP, CISM) is Director of XiSEC Consultants Ltd, a UK company providing information security management and risk management consultancy services. He has been an expert in this field for more than 35 years. During this time, he has worked around the world for major international companies as well as the DTI, European Commission and the OECD. Ted Humphreys is the editor of BS 7799 Part 1:1999, ISO/IEC 17799:2000, the 1999 and 2002 editions of BS 7799 Part 2 and EA 7/03 the ISMS accreditation guidelines and the Chair of the ISO group responsible for these ISMS standards. He is the founder of the ISMS International User Group and in 2002 was honoured with the Secure Computing Lifetime Achievement Award as the internationally acknowledged author of these ISMS standards and for his noteworthy achievements in shaping the development of information security management best practice. Dr Angelika Plate has been working as an expert in the area of information security for more than 10 years, including with the German Information Security Agency (1993 1998) and now runs the German-based information security consulting company ÆXIS Security Consultants. Angelika Plate is directly involved in ISO activities, and was the editor of two international standards dealing with risk assessment, control selection and risk management. She is also the editor of the revised version of ISO/IEC 7799, which has now been published. Prior to that, she was involved in the revisions of BS 7799 Parts 1 and 2 in the UK and has been supporting and contributing to the development of ISO/IEC 27001. She is also working as technical support for UKAS assessors and is chairing the ISMS IUG Germany, which she founded in 2002.