Bridget Kenyon

eBook, PDF

ISO 27001 Controls - A guide to implementing and auditing (eBook, PDF)

A must-have resource for anyone looking to establish, implement and maintain an ISMS.Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001.The book covers:Implementation guidance -what needs to beconsidered to fuli lthe requirements of thecontrols from ISO/IEC27001, Annex A. This guidance is aligned with ISO/IEC27002, which gives advice on implementing the controls;Auditing guidance -whatshouldbechecked, and how,whenexaminingthe ISO/IEC27001controls to ensure that the implementation coversthe ISMS control requirements.The implementation guidance gives clear descriptions covering what needs to be considered to achieve compliance against the requirements, with examples given throughout. The auditing guidance covers what evidence an auditor should look for in order to satisfy themselves that the requirement has been met. Useful for internal auditors and consultants, the auditing guidance will also be useful for information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit.This guide is intended to be used by those involved in:Designing, implementing and/or maintaining an ISMS;Preparing for ISMS audits and assessments; orUndertaking both internal and third-party ISMS audits and assessmentsAbout the authorBridget Kenyon (CISSP) is global CISO for Thales eSecurity. Her experience in information security started in 2000 with a role in network vulnerabilities at DERA, following which she has been a PCI Qualified Security Assessor, information security officer for Warwick University and head of information security for UCL, and has held a variety of roles in consultancy and academia.Bridget has been contributing to international standards since 2006, when she first joined BSI Panel 1, coordinating development of information security management system standards; she is currently editor for ISO/IEC 27014. Bridget has also co-authored three textbooks on information security. She strongly believes that "e;information security is fundamental to reliable business operations, not a nice-to-have"e;. In 2018, she was named one of the top 25 women in tech by UK publication PCR.

Bridget Kenyon is the Chief Information Security Officer for SSCL. She is responsible for managing strategy and information security activities for the whole organisation, including internal and customer-facing elements. In parallel to her main role, Bridget has been on the ISO editing team for ISMS standards since 2006; she has served as Lead Editor for ISO/IEC 27001:2022 and ISO/IEC 27014:2020. Joining DERA in 2000 to work on network vulnerabilities, Bridget discovered her passion for information and cyber security. Following this, she has been a Qualified Security Assessor against PCI DSS, Head of Information Security for UCL, and has held operational and consultancy roles in both industry and academia. She is a member of the UK Advisory Council for ISC2, and a Fellow of the Chartered Institute of Information Security.Bridget's interests lie in finding the edges of security which you can peel up, and the human aspects of system vulnerability. She's the sort of person who will always have a foot in both the technical and strategy camps. She enjoys helping people to find solutions to thorny problems, and strongly believes that cyber and information security are fundamental to resilient business operations, not "nice to haves".

• Verlag: IT Governance Publishing
• Seitenzahl: 237
• Erscheinungstermin: 16. September 2019
• Englisch
• ISBN-13: 9781787781450
• Artikelnr.: 66286021