دانلود کتاب پیاده‌سازی استاندارد سیستم مدیریت امنیت اطلاعات ISO/IEC 27001

Information security is a global issue affecting systems, processes and services used for international trading, electronic commerce, communications, social media and national infrastructures. Managing information security is an even more critical issue because it involves using and managing the policies, procedures, processes, control measures and supporting services and technologies that are needed to protect the information that organizations, governments, consumers and citizens rely on to carry out their business and to live their lives. Information security management needs to be effective, suitable and appropriate in order to protect information from the risks that business and society faces in this digital age. For example, processing information is essential for those systems and services on which we rely to provide transportation, telecommunications, healthcare, the supply of energy (such as electricity, water and gas) and many other common things we accept as being there when we want them. The information systems that provide vital management support for these different aspects of this public infrastructure are vulnerable to a wide range of information security risks. Our dependency on information in digital form is all pervasive and ubiquitous, as are the risks to this information. Information could be disclosed and accessible to unauthorized users, corrupted or modified either in some unauthorized or accidental way or lost or unavailable due to a system failure or disruption. These represent the three important security objectives: protecting the confidentiality, integrity and availability of information. Understanding what the risks are and assessing how these risks affect and impact business in terms of these objectives are central to being able to manage these risks effectively. An organization needs to assess its risks in terms of the potential impact of a security incident on its business and the likelihood of this security incident occurring. It needs to adopt an approach to risk assessment that is effective, suitable and appropriate to its business. The simple message to all organizations and governments is that investing in the management of information security risk is a wise investment. All organizations are dependent more than ever on information and technology for driving their business processes, productivity and efficiency and so the need to protect this information is vital to their survival in today’s digital driven economy. Assurance that the confidentiality, integrity and availability of this information as well as protecting personal data is at the core of business success. This book covers the requirements of the international standard ISO/IEC 27001 on information security management. This standard was developed around 30 years ago to meet the needs of the international business market to protect one of the important assets: information, a valuable currency and commodity for being able to survive and prosper in today’s dynamic business world. This book particularly looks at edition three of ISO/IEC 27001 (2022). Several narratives giving explanation and practical advice are provided to illustrate the use of these standards in business situations. It includes what is involved in establishing and designing, implementing and deploying, monitoring and reviewing and updating and improving an information security management system (ISMS). Using a well-tried and tested process model that is embedded in ISO/IEC 27001, the key ISMS standard, not only enables a business to establish an effective information security regime and risk management process and to deploy a number of management controls to continually improve the ISMS to ensure that they still have effective information security. The process of third-party certification is covered, which enables businesses to demonstrate through independent audits that they have in place an ISMS that effectively protects their information. The author cannot be held legally responsible or in any way liable for the real-world use, application, implementation or interpretation of the information given in this book by users, companies, businesses, organizations or any other third parties. Whilst every care has been taken in developing and producing the material in the book, the author accepts no liability for any loss, damage or harm caused, arising directly or indirectly in connection with the reliance on this book material. As the standards referenced in this book and their content will change over time, the material in this book will over time become out of date; therefore, users need to refer to the latest versions of the standards. Therefore, users and third parties of the material in the book are wholly liable and responsible for the correct use, application, implementation or interpretation of the information given in this book. Finally, the spelling of words used in this book are the internationally accepted spellings adopted and used in ISO and ISO/IEC standards and are from the Oxford English Dictionary (OED).