| 000 | 05546cam a22004937i 4500 | ||
|---|---|---|---|
| 999 |
_c95182 _d95182 |
||
| 005 | 20260405165240.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 260405s2024 enk ob 000 0 eng d | ||
| 020 | _a9781787784307 | ||
| 020 |
_a9781787784321 _qelectronic book |
||
| 035 | 9 | _a(OCLCCM-CC)1449569976 | |
| 040 |
_aORMDA _beng _erda _epn _cORMDA _dOCLCO _dEBLCP _dTOH _dOCLCQ _dYDX _dOCLCL _dN$T _dK6U _dUKKRT _dSFB _dJFN _dVLB _dCOF |
||
| 041 | _aeng | ||
| 049 | _aMAIN | ||
| 050 | 4 |
_aQA76.9.A25 _bK46 2024 |
|
| 082 | 0 | 0 | _223 |
| 100 | 1 |
_aKenyon, Bridget, _eauthor. _0http://id.loc.gov/authorities/names/nb2015012658 |
|
| 245 | 1 | 0 |
_aISO 27001 controls : _ba guide to implementing and auditing / _cBridget Kenyon. |
| 250 | _aSecond edition. | ||
| 264 | 1 |
_aEly, Cambridgeshire : _bIT Governance Publishing, _c[2024] |
|
| 300 | _a1 online resource (249 pages) | ||
| 336 |
_atext _btxt _2rdacontent |
||
| 337 |
_acomputer _bc _2rdamedia |
||
| 338 |
_aonline resource _bcr _2rdacarrier |
||
| 490 | 0 | _aITpro collection | |
| 504 | _aIncludes bibliographical references. | ||
| 505 | 0 | _aCover -- Title -- Copyright -- About the Author -- Disclaimer -- Contents -- Foreword -- Chapter 1: Scope of this guide -- Chapter 2: Field of application -- 2.1 Usage -- 2.2 Compliance -- Chapter 3: Meeting ISO/IEC 27001 requirements -- Chapter 4: Using control attributes -- Chapter 5: Organizational controls (ISO/IEC 27001, A.5) -- 5.1 Policies for information security (ISO/IEC 27001, A.5.1) -- 5.2 Information security roles and responsibilities (ISO/IEC 27001, A.5.2) -- 5.3 Segregation of duties (ISO/IEC 27001, A.5.3) -- 5.4 Management responsibilities (ISO/IEC 27001, A.5.4) | |
| 505 | 8 | _a5.5 Contact with authorities (ISO/IEC 27001, A.5.5) .. -- 5.6 Contact with special interest groups (ISO/IEC 27001, A.5.6) -- 5.7 Threat intelligence (ISO/IEC 27001, A.5.7) -- 5.8 Information security in project management (ISO/IEC 27001, A.5.8) -- 5.9 Inventory of information and other associated assets (ISO/IEC 27001, A.5.9) -- 5.10 Acceptable use of information and other associated assets (ISO/IEC 27001, A.5.10) -- 5.11 Return of assets (ISO/IEC 27001, A. 5.11) -- 5.12 Classification of information (ISO/IEC 27001, A.5.12) -- 5.13 Labelling of information (ISO/IEC 27001, A.5.13) | |
| 505 | 8 | _a5.14 Information transfer (ISO/IEC 27001, A.5.14) -- 5.15 Access control (ISO/IEC 27001, A. 5.15) -- 5.16 Identity management (ISO/IEC 27001, A.5.16) -- 5.17 Authentication information (ISO/IEC 27001, A.5.17) -- 5.18 Access rights (ISO/IEC 27001, A.5.18) -- 5.19 Information security in supplier relationships (ISO/IEC 27001, A.5.19) -- 5.20 Addressing information security within supplier agreements (ISO/IEC 27001, A.5.20) -- 5.21 Managing information security in the information and communication technology (ICT) supply chain (ISO/IEC 27001, A.5.21) | |
| 505 | 8 | _a5.22 Monitoring, review and change management of supplier services (ISO/IEC 27001, A.5.22) -- 5.23 Information security for use of cloud services (ISO/IEC 27001, A.5.23) -- 5.24 Information security incident management planning and preparation (ISO/IEC 27001, A.5.24) -- 5.25 Assessment and decision on information security events (ISO/IEC 27001, A.5.25) -- 5.26 Response to information security incidents (ISO/IEC 27001, A.5.26) -- 5.27 Learning from information security incidents (ISO/IEC 27001, A.5.27) -- 5.28 Collection of evidence (ISO/IEC 27001, A.5.28) | |
| 505 | 8 | _a5.29 Information security during disruption (ISO/IEC 27001, A.5.29) -- 5.30 ICT readiness for business continuity (ISO/IEC 27001, A.5.30) -- 5.31 Legal, statutory, regulatory and contractual requirements (ISO/IEC 27001, A.5.31) -- 5.32 Intellectual property rights (ISO/IEC 27001, A.5.32) -- 5.33 Protection of records (ISO/IEC 27001, A.5.33) -- 5.34 Privacy and protection of personal identifiable information (PII) (ISO/IEC 27001, A.5.34) -- 5.35 Independent review of information security (ISO/IEC 27001, A.5.35) | |
| 520 | _aIdeal for information security managers, auditors, consultants and organisations preparing for ISO 27001:2022 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001:2022. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001:2022. The auditing guidance covers what evidence an auditor should look for to satisfy themselves that the requirement has been met. This guidance is useful for internal auditors and consultants, as well as information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit. | ||
| 588 | _aDescription based on online resource; title from digital title page (viewed on June 23, 2025). | ||
| 650 | 0 |
_aBusiness enterprises _xComputer networks _xSecurity measures _xAuditing. |
|
| 650 | 0 |
_aComputer security _xManagement _xStandards. |
|
| 650 | 0 |
_aData protection _xManagement _xStandards. |
|
| 650 | 0 |
_aConfidential business information. _0http://id.loc.gov/authorities/subjects/sh2002009896 |
|
| 650 | 0 |
_aRisk management _xEvaluation. |
|
| 650 | 0 |
_aRisk assessment. _0http://id.loc.gov/authorities/subjects/sh87002638 |
|
| 655 | 0 | _aElectronic books. | |
| 856 |
_uhttps://research.ebsco.com/linkprocessor/plink?id=73b4d2ca-b258-35d4-ae50-4f619dcc17ad _yFull text is available at EBSCOhost. Click here to view. |
||
| 942 |
_2ddc _cER |
||