A Concise Introduction To Iso Iec 27001

A Concise Introduction to ISO/IEC 27001

A concise introduction to the NIS Directive - A pocket guide for digital service providers

This pocket guide is an introduction to the EU’s NIS Directive (Directive on security of network and information systems). It outlines the key requirements, details which digital service providers are within scope, and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance.

ISO 27001/ISO 27002

Understand ISO 27001 and 27002 standards with this hands-on guide. Navigate key clauses, Annex A, and practical controls to build or audit a robust information security system. Key Features Covers both ISO 27001 requirements and ISO 27002 guidance in depth Explains ISMS implementation using real-world context and examples Clarifies certification process and Annex A controls mapping Book DescriptionThis comprehensive guide demystifies the ISO 27001 and ISO 27002 standards, offering a clear roadmap to understanding, implementing, and managing an Information Security Management System (ISMS). It begins with foundational concepts, a history of ISO 27001, and introduces the ISO 27000 family. The book proceeds to cover the PDCA cycle, Annex SL structure, and the significance of "shall" vs. "should" in compliance language. Core chapters walk through ISO 27001’s clauses and requirements, from organizational context and leadership to performance evaluation and continual improvement. Annex A's security controls are explored in detail, linking theory with practical application. ISO 27002 is also thoroughly reviewed to offer guidance on selecting and implementing appropriate controls. By the end of the book, readers gain a strong understanding of ISMS design, certification processes, and control mapping. This resource supports IT managers, compliance officers, and auditors seeking to align with international security standards.What you will learn Define key ISO 27001 and ISO 27002 terms and structures Apply the Plan-Do-Check-Act cycle to ISMS processes Interpret ISO 27001 clause requirements for compliance Implement controls listed in Annex A effectively Distinguish between 'shall' and 'should' in ISO standards Prepare for ISO 27001 accredited certification audits Who this book is for This book is ideal for information security professionals, compliance officers, auditors, and IT managers seeking to implement or audit ISO 27001/27002 standards. Readers should have a basic understanding of risk management and information security principles.