A Comprehensive Guide to Information Security Management and Audit
Autor Rajkumar Banoth, Gugulothu Narsimha, Aruna Kranthi Godishalaen Limba Engleză Paperback – 7 oct 2024
The book explores information security concepts and applications from an organizational information perspective and explains the process of audit planning and preparation. It further demonstrates audit techniques and collecting evidence to write important documentation by following the ISO 27001 standards.
The book:
- Elaborates on the application of confidentiality, integrity, and availability (CIA) in the area of audit planning and preparation
- Covers topics such as managing business assets, agreements on how to deal with business assets, and media handling
- Demonstrates audit techniques and collects evidence to write the important documentation by following the ISO 27001 standards
- Explains how the organization’s assets are managed by asset management, and access control policies
- Presents seven case studies
Toate formatele și edițiile | Preț | Express |
---|---|---|
Paperback (1) | 309.97 lei 6-8 săpt. | |
CRC Press – 7 oct 2024 | 309.97 lei 6-8 săpt. | |
Hardback (1) | 799.14 lei 6-8 săpt. | |
CRC Press – 30 sep 2022 | 799.14 lei 6-8 săpt. |
Preț: 309.97 lei
Preț vechi: 355.64 lei
-13% Nou
Puncte Express: 465
Preț estimativ în valută:
59.34€ • 61.68$ • 49.20£
59.34€ • 61.68$ • 49.20£
Carte tipărită la comandă
Livrare economică 06-20 februarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781032344478
ISBN-10: 1032344474
Pagini: 194
Ilustrații: 36
Dimensiuni: 156 x 234 mm
Greutate: 0.36 kg
Ediția:1
Editura: CRC Press
Colecția CRC Press
Locul publicării:Boca Raton, United States
ISBN-10: 1032344474
Pagini: 194
Ilustrații: 36
Dimensiuni: 156 x 234 mm
Greutate: 0.36 kg
Ediția:1
Editura: CRC Press
Colecția CRC Press
Locul publicării:Boca Raton, United States
Public țintă
Academic, Postgraduate, Professional, and Undergraduate AdvancedCuprins
Chapter 1: Information Security & Management System
1. Information Security Overview
1.1 The OSI Security Architecture
1.2 Information Security
1.3 Security Services
1.4 Security Mechanisms
1.5 The CIA and DAD Triads
1.6 ISMS Purpose and Objectives
1.7 Frameworks
1.8 Security Standards
1.9 Standard
1.10 Security Procedures
1.11 Security Guidelines
1.12 Compliance vs. Conformance
Chapter: 2 Audit Planning and Preparation
2.1 Reasons for Auditing
2.2 Audit Principles
2.2.1 Planning
2.2.2 Honesty
2.2.3 Secrecy
2.2.4 Audit Evidence
2.2.5 Internal Control System
2.2.6 Skill and Competence
2.2.7 Work Done by Others
2.2.8 Working Papers
2.2.9 Legal Framework
2.2.10 Audit Report
2.3 Process of Audit Program Management
2.3.1 Preparing for an Audit
2.3.2 Audit Process
2.4 Audit Competence and Evaluation Methods
2.4.1 Audit of Individuals
2.4.2 Audit of Sole-Trader’s Books of Accounts
2.4.3 Audit of Partnership Firm
2.4.4 Government Audit
2.4.5 Statutory Audit
2.4.6 Audit of Companies
2.4.7 Audit of Trust
2.4.8 Audit of Co-operative Societies
2.4.9 Audit of other Institutions
2.4.10 Tax Audit
2.4.11 Balance Sheet Audit
2.4.12 Partial Audit
2.4.13 Internal Audit
2.4.14 Management Audit
2.4.15 Post & Vouch Audit
2.4.16 Audit in Depth
2.4.17 Interim Audit
2.5 Audit Responsibilities
2.5.1 Reporting on the Financial Statements
2.5.2 Unmodified Opinions
2.5.3 Modified Opinions
2.5.4 Emphasizing Certain Matters without Modifying the Opinion
2.5.5 Communicating "Other Matters"
2.5.6 Other Information Included in the Annual Report
2.5.7 Other Legal and Regulatory Requirements
2.5.8 Reporting on the Financial Statements
2.6 Audit Time and Process Flow
2.6.1 What is a Process?
2.6.2 Process Description
2.6.3 Control of Processes
2.6.4 Advanced Process and System Modelling
2.7 ISMS Audit Check List
2.7.1 Why ISO 27001 Checklist is Required? What is the Importance of ISO 27001 Checklists? 2.7.2 Who all can use ISO 27001 Audit Checklist?
2.7.3 How many ISO 27001 Checklists are Available?
2.7.4 How to find out which ISO 27001 Checklists are Suitable for me?
2.7.5 Important Information on ISO 27001 Checklist File
2.7.6 Who has Prepared and Who has Validated ISO 27001 Checklists?
2.7.7 What is the Basis of the ISO 27001 Checklists?
2.7.8 How to use ISO 27001 Checklist?
Chapter 3: Audit Techniques and Collecting Evidence
3.1 Auditor Quality and Selection
3.2 Audit Script
3.3 Audit Stages
3.4 Audit Techniques
3.5 Collecting Evidence Through Questions
3.6 Observation
3.7 Reporting to Audit Finding
3.8 Audit Team Meeting
3.9 Nonconformities and Observation
3.10 Corrective and Preventive Actions.
Chapter 4: ISO 27001
Overview of An Information Security and Management System (CIA And DAD Triads)
4.1 Purchase A Copy of the ISO/IEC Standards
4.2 Obtain Management Support
4.3 Determine the Scope of The ISMS
4.4 Identify Applicable Legislation
4.5 Define A Method of Risk Assessment
4.6 Create an Inventory of Information Assets to Protect
4.7 Identify Risks
4.8 Assess the Risks
4.9 Identify Applicable Objectives and Controls
4.10 Set Up Pol Icy, Procedures and Documented Information to Control Risks
4.11 Allocate Resources and Train the Staff
4.12 Monitor the Implementation of The Isms
4.13 Prepare for The Certification Audit
Chapter 5: Asset Management
Introduction
5.1 What Are Assets According to ISO 27001?
5.2 Why Are Assets Important for Information Security Management?
5.3 How to Build an Asset Inventory?
5.4 Who Should Be the Asset Owner?
5.5 ISO 27001/ISO 27005 Risk Assessment & Treatment – 6 Basic Steps
5.6 The Basic Steps Will Shed Light on What One Have to Do
5.6.1 ISO 27001 Risk Assessment Methodology
5.6.2 Risk Assessment Implementation
5.6.3 Risk Treatment Implementation
5.6.4 ISMS Risk Assessment Report
5.6.5 Statement of Applicability
5.6.6 Risk Treatment Plan
5.7 ISO 27001 Controls from Annex A
5.7.1 How many domains are there in ISO 27001?
5.7.2 What are the 14 domains of ISO 27001?
5.8 The Importance of Statement of Applicability for ISO 27001
5.8.1 Why it is needed
5.9 ISO 27001: A.8 Asset Management
5.9.1 Introduction
5.9.2 Level of Assets
5.9.3 Asset Management
5.9.4 The Principles of Asset Management
5.9.5 Asset Life Cycle
5.9.6 Seven steps to implement Asset Management
5.10 Responsibility for Assets
5.11 Information Classification
5.12 Media Handling
5.13 BYOD
5.13.1 What are the types of BYOD?
5.13.2 Why is BYOD important?
5.13.3 Benefits of BYOD
5.13.4 Risks of BYOD
5.13.5 Keys to effective BYOD
5.13.6 Guidelines to help plan and implement effective BYOD
1. Information Security Overview
1.1 The OSI Security Architecture
1.2 Information Security
1.3 Security Services
1.4 Security Mechanisms
1.5 The CIA and DAD Triads
1.6 ISMS Purpose and Objectives
1.7 Frameworks
1.8 Security Standards
1.9 Standard
1.10 Security Procedures
1.11 Security Guidelines
1.12 Compliance vs. Conformance
Chapter: 2 Audit Planning and Preparation
2.1 Reasons for Auditing
2.2 Audit Principles
2.2.1 Planning
2.2.2 Honesty
2.2.3 Secrecy
2.2.4 Audit Evidence
2.2.5 Internal Control System
2.2.6 Skill and Competence
2.2.7 Work Done by Others
2.2.8 Working Papers
2.2.9 Legal Framework
2.2.10 Audit Report
2.3 Process of Audit Program Management
2.3.1 Preparing for an Audit
2.3.2 Audit Process
2.4 Audit Competence and Evaluation Methods
2.4.1 Audit of Individuals
2.4.2 Audit of Sole-Trader’s Books of Accounts
2.4.3 Audit of Partnership Firm
2.4.4 Government Audit
2.4.5 Statutory Audit
2.4.6 Audit of Companies
2.4.7 Audit of Trust
2.4.8 Audit of Co-operative Societies
2.4.9 Audit of other Institutions
2.4.10 Tax Audit
2.4.11 Balance Sheet Audit
2.4.12 Partial Audit
2.4.13 Internal Audit
2.4.14 Management Audit
2.4.15 Post & Vouch Audit
2.4.16 Audit in Depth
2.4.17 Interim Audit
2.5 Audit Responsibilities
2.5.1 Reporting on the Financial Statements
2.5.2 Unmodified Opinions
2.5.3 Modified Opinions
2.5.4 Emphasizing Certain Matters without Modifying the Opinion
2.5.5 Communicating "Other Matters"
2.5.6 Other Information Included in the Annual Report
2.5.7 Other Legal and Regulatory Requirements
2.5.8 Reporting on the Financial Statements
2.6 Audit Time and Process Flow
2.6.1 What is a Process?
2.6.2 Process Description
2.6.3 Control of Processes
2.6.4 Advanced Process and System Modelling
2.7 ISMS Audit Check List
2.7.1 Why ISO 27001 Checklist is Required? What is the Importance of ISO 27001 Checklists? 2.7.2 Who all can use ISO 27001 Audit Checklist?
2.7.3 How many ISO 27001 Checklists are Available?
2.7.4 How to find out which ISO 27001 Checklists are Suitable for me?
2.7.5 Important Information on ISO 27001 Checklist File
2.7.6 Who has Prepared and Who has Validated ISO 27001 Checklists?
2.7.7 What is the Basis of the ISO 27001 Checklists?
2.7.8 How to use ISO 27001 Checklist?
Chapter 3: Audit Techniques and Collecting Evidence
3.1 Auditor Quality and Selection
3.2 Audit Script
3.3 Audit Stages
3.4 Audit Techniques
3.5 Collecting Evidence Through Questions
3.6 Observation
3.7 Reporting to Audit Finding
3.8 Audit Team Meeting
3.9 Nonconformities and Observation
3.10 Corrective and Preventive Actions.
Chapter 4: ISO 27001
Overview of An Information Security and Management System (CIA And DAD Triads)
4.1 Purchase A Copy of the ISO/IEC Standards
4.2 Obtain Management Support
4.3 Determine the Scope of The ISMS
4.4 Identify Applicable Legislation
4.5 Define A Method of Risk Assessment
4.6 Create an Inventory of Information Assets to Protect
4.7 Identify Risks
4.8 Assess the Risks
4.9 Identify Applicable Objectives and Controls
4.10 Set Up Pol Icy, Procedures and Documented Information to Control Risks
4.11 Allocate Resources and Train the Staff
4.12 Monitor the Implementation of The Isms
4.13 Prepare for The Certification Audit
Chapter 5: Asset Management
Introduction
5.1 What Are Assets According to ISO 27001?
5.2 Why Are Assets Important for Information Security Management?
5.3 How to Build an Asset Inventory?
5.4 Who Should Be the Asset Owner?
5.5 ISO 27001/ISO 27005 Risk Assessment & Treatment – 6 Basic Steps
5.6 The Basic Steps Will Shed Light on What One Have to Do
5.6.1 ISO 27001 Risk Assessment Methodology
5.6.2 Risk Assessment Implementation
5.6.3 Risk Treatment Implementation
5.6.4 ISMS Risk Assessment Report
5.6.5 Statement of Applicability
5.6.6 Risk Treatment Plan
5.7 ISO 27001 Controls from Annex A
5.7.1 How many domains are there in ISO 27001?
5.7.2 What are the 14 domains of ISO 27001?
5.8 The Importance of Statement of Applicability for ISO 27001
5.8.1 Why it is needed
5.9 ISO 27001: A.8 Asset Management
5.9.1 Introduction
5.9.2 Level of Assets
5.9.3 Asset Management
5.9.4 The Principles of Asset Management
5.9.5 Asset Life Cycle
5.9.6 Seven steps to implement Asset Management
5.10 Responsibility for Assets
5.11 Information Classification
5.12 Media Handling
5.13 BYOD
5.13.1 What are the types of BYOD?
5.13.2 Why is BYOD important?
5.13.3 Benefits of BYOD
5.13.4 Risks of BYOD
5.13.5 Keys to effective BYOD
5.13.6 Guidelines to help plan and implement effective BYOD
Notă biografică
Banoth Rajkumar, B.Tech, M.Tech & Ph.D, Associate Professor, Marwadi University, Rajkot, India. IEEE senior members, Cyber Security Operations Certified Trainer, Published six text books comprising domains Networking, Computer Organization and Architecture and Computer Forensic, Published eighteen Hi-indexed SCI and Scopus Journals and Presented nine Conference papers. Along with having membership in “The Institution of Engineers (India)” and so on.
Gugulothu Narsimha, B.Tech, M.Tech, PhD, Currently working as a Vice Principal & Professor in Department of Computer Science and Engineering at JNTUH College of Engineering Sultanpur, Telangana, India. An applauded academician and researcher possessing 22 years of experience in teaching, research and administration in well-reputed educational institutions majorly in state universities JNTU-Kakinada and JNTU-Hyderabad alongside private institutions.
Godishala Arunakranthi, B.Tech, M.Tech, Research Scholar, Brunei University Darussalam, Brunei.Pursued Bachelor of Technology in Computer Science and Engineering and Master of Technology in Software Engineering from Jawaharlal Nehru Technological University, Hyderabad.
Gugulothu Narsimha, B.Tech, M.Tech, PhD, Currently working as a Vice Principal & Professor in Department of Computer Science and Engineering at JNTUH College of Engineering Sultanpur, Telangana, India. An applauded academician and researcher possessing 22 years of experience in teaching, research and administration in well-reputed educational institutions majorly in state universities JNTU-Kakinada and JNTU-Hyderabad alongside private institutions.
Godishala Arunakranthi, B.Tech, M.Tech, Research Scholar, Brunei University Darussalam, Brunei.Pursued Bachelor of Technology in Computer Science and Engineering and Master of Technology in Software Engineering from Jawaharlal Nehru Technological University, Hyderabad.
Descriere
The book explores information security concepts and applications from an organizational information perspective and explains the process of audit planning and preparation. It further demonstrates audit techniques and collecting evidence to write important documentation by following the ISO 27001 standards.