Essential guidance for anyone tackling ISO 27001:2022 implementation for the first time. ISO/IEC 27001:2022 is the blueprint for managing information security in line with an organisations business, contractual and regulatory requirements, and its risk appetite.
Nine Steps to Success has been updated to reflect the 2022 version of ISO 27001. This must-have guide from expert Alan Calder will help you get to grips with the requirements of the Standard and make your ISO 27001 implementation project a success. The guide:
Details the key steps of an ISO 27001 project from inception to certification; Explains each element of the ISO 27001 project in simple, non-technical language; and Is ideal for anyone tackling ISO 27001 implementation for the first time.
To be resilient against cyber attacks, organisations must do more than just erect digital defences; a significant percentage of successful attacks originate in the physical world or are aided and exacerbated by environmental vulnerabilities. Effective cyber security therefore requires a comprehensive, systematic and robust ISMS (information security management system), with boards, customers and regulators all seeking assurance that information risks have been identified and are being managed.
Successfully implement ISO 27001 with this must-have guide.
Introduction
Chapter 1: Project Mandate
Chapter 2: Project Initiation
Chapter 3: ISMS Initiation
Chapter 4: Management Framework
Chapter 5: Baseline Security Criteria
Chapter 6: Risk Management
Chapter 7: Implementation
Chapter 8: Measure, Monitor and Review
Chapter 9: Audit
Alan Calder founded IT Governance Ltd in 2002 and began working full-time for the company in 2007. He is now Group CEO of GRC International Group PLC that owns IT Governance Ltd. Before this, Alan had a number of roles including CEO of Business Link London City Partners (a government agency focused on helping growing businesses to develop) from 1995 to 1998, CEO of Focus Central London (a training and enterprise council) from 1998 to 2001, and CEO of Wide Learning (a supplier of elearning) from 2001 to 2003 and the Outsourced Training Company (2005). He was also chairman of CEME (a public-private sector skills partnership) from 2006 to 2011.
Alan is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.
