Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Buy Now $79.96
Standard view
Full view
of .
Save to My Library
Look up keyword or section
4Activity

Table Of Contents

1 Introduction
1.1 What is Information Security?
1.2 Why is information security needed?
1.3 History of ISO/IEC 27002
1.4 The Future of ISO/IEC 27002
2 Security Categories
3 The ISO/IEC 27002 Scope
4 Common Terminology
5 Information Security
5.1 Diference between data and information
5.2 Information systems
5.3 Value of information
5.4 Information as production factor
6 Confdentiality, Integrity and Availability
6.1 Confdentiality
6.2 Integrity
6.3 Availability
6.4 Information analysis
6.5 Information management
6.6 Informatics
6.7 Review Questions—Block 1
7 Risk Analysis
7.1 Types of risk analysis
8 Measures
8.1 Types of security measures
8.2 Prevention
8.3 Detection
8.4 Repression
8.5 Correction (Recovery)
9.3 Types of damage
9.4 Types of Risk Strategy
9.5 Guidelines for implementing security measures
9.6 Review Questions—Block 2
10 PDCA—The Deming Cycle
10.1 Monitoring information security policy
10.2 The organization of information security
11 ISO 27002—Control areas
11.1 Security policy
11.2 Organization of information security
11.3 Asset Classifcation and Control
11.4 Personnel Security
11.5 Physical and Environmental Security
11.6 Communications and Operations Management
11.7 Access Control
11.8 System Development and Maintenance
11.9 Business Continuity Management
11.10 Incident Management
11.11 Compliance
11.12 Review Questions—Block 3
12 Asset Management
12.1 What are Business Assets
• Classifcation
12.2 Classifcation
12.3 Managing Business Assets
12.4 Acceptable use of Business Assets
12.5 Use of Business Assets
13 Information Security Incident Management
13.1 Incident Cycle
13.2 Reporting information security incidents
13.3 Management of information security incidents and improvements
13.4 Review Questions—Block 5
14 Physical and Environmental Security
14.1 Security Guards
14.2 The Working Space
14.3 Intruder detection
14.4 Special rooms
14.5 The Object
14.6 Equipment
14.8 Alarms
14.10 Storage Media
14.11 Cabling
14.12 Review Questions—Block 6
15 Access Control
15.1 Electronic Access Management
15.2 User Access Management
15.3 Network Access Control
15.4 Operating system access control
15.5 Application and information access control
15.6 Mobile computing and teleworking
15.7 Review Questions—Block 7
16 Information Systems Development & Maintenance
16.1 Security requirements of information systems
16.2 Correct Processing in Applications
16.3 Cryptography
16.4 Key management
16.5 Types of cryptographic systems
16.6 Access management for program source codes
16.7 Security in Development and Support Processes
16.8 Technical vulnerability management
17 Communications and Operations Management
17.1 Operating Procedures and Responsibilities
17.2 Management of Services by a Third Party
17.3 Systems Planning and Acceptance
17.4 Protection against Malware, Phishing and Spam
17.5 Backup and restore
17.6 Managing network security
17.7 Media handling
17.8 Exchanging information
17.9 Review Questions—Block 9
18. Security Policy
18.1 Security Policy
18.2 Hierarchy of Policy Document
18.3 Evaluating the Information Security Policy
18.4 Review Questions—Block 10
19. Organizing Information Security
19.1 Internal Organization
19.2 External Parties
19.3 Review Questions—Block 11
20 Business continuity management
20.1 Continuity
20.2 What are disasters?
20.3 Review Questions—Block 12
21 Human Resources Security
21.1 Prior to Employment
21.2 During Employment
21.3 Termination or Change of Employment
21.4 Review Questions—Block 13
22 Compliance—Legislation and Regulations
22.1 Compliance
22.2 Observing security policy and security standards
22.3 Monitoring measures
22.4 Review Questions—Block 14
23 Associated Frameworks
23.1 ITIL®
23.2 CobiT
23.3 MoF
23.4 Six Sigma
23.5 CMMi
23.6 Other ISO/IEC Standards
24 Certifcation
24.1 ISO/IEC 27002 Certifcation Pathways
24.2 ISO/IEC 20000 Certifcation Pathways
24.3 ITIL® Certifcation Pathways
24.4 Cloud Computing Certifcation Pathways
24.5 Customer Service Certifcation Pathway
24.6 Help Desk Certifcation Scheme
25 ISO/IEC 27002 Foundation Exam Tips
26 Answers to Review Questions
26.3 Block 3 (end of chapter 11)
26.4 Block 4 (end of chapter 12)
26.5 Block 5 (end of chapter 13)
26.6 Block 6 (end of chapter 14)
26.7 Block 7 (end of chapter 15)
26.8 Block 8 (end of chapter 16)
26.9 Block 9 (end of chapter 17)
26.10 Block 10 (end of chapter 18)
26.11 Block 11 (end of chapter 19)
26.12 Block 12 (end of chapter 20)
26.13 Block 13 (end of chapter 21)
26.14 Block 14 (end of chapter 22)
P. 1
ISO/IEC 27002 Foundation Complete Certification Kit - Study Guide Book and Online Course - Second edition

ISO/IEC 27002 Foundation Complete Certification Kit - Study Guide Book and Online Course - Second edition

Views: 1,824|Likes:
Published by Emereo Publishing

The first edition of this book and its accompanying eLearning course is regarded as a classic in its field. Now, in an expanded and updated version of The Art of Service's book, the authors once again present a step-by-step guide to getting your ISO/IEC 27002 Foundation Certificate.Information security is more important than ever before. Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet. Furthermore, activities of many companies now rely on IT, and information has become a valuable asset. Protection of information is crucial for the continuity and proper functioning of the organization: information must be reliable. The international standard, the Code of Practice for Information Security ISO/IEC 27002:2005 structures the organization of information security and tests organizational and managerial aspects of information security. The target audience is people who are professionally involved with the implementation and evaluation of information security and this program is also suitable for small independent businesses for whom some basic knowledge of information security is necessary. In addition this foundation level provides a good starting point for new information security professionals.This certification kit contains both the study guide and access to our online program including presentations, exam preparation modules, the sample exam and forum to interact, that together provides everything you need to prepare for the ISO/IEC 27002 Foundation certification exam.ISO/IEC 27002:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 27002:2005 contains best practices of control objectives and controls in the following areas of information security management:- security policy;- organisation of information security;- asset management;- human resources security;- physical and environmental security;- communications and operations management;- access control;- information systems acquisition, development and maintenance;- information security incident management;- business continuity management;- compliance.The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.Considering the increasing number of IT Professionals and their Organizations who want to be actively involved in Identity and Access Management, this book, which leads to ISO/IEC 27002 Foundation, should do at least as well as the first edition, which is a bestseller.

The first edition of this book and its accompanying eLearning course is regarded as a classic in its field. Now, in an expanded and updated version of The Art of Service's book, the authors once again present a step-by-step guide to getting your ISO/IEC 27002 Foundation Certificate.Information security is more important than ever before. Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet. Furthermore, activities of many companies now rely on IT, and information has become a valuable asset. Protection of information is crucial for the continuity and proper functioning of the organization: information must be reliable. The international standard, the Code of Practice for Information Security ISO/IEC 27002:2005 structures the organization of information security and tests organizational and managerial aspects of information security. The target audience is people who are professionally involved with the implementation and evaluation of information security and this program is also suitable for small independent businesses for whom some basic knowledge of information security is necessary. In addition this foundation level provides a good starting point for new information security professionals.This certification kit contains both the study guide and access to our online program including presentations, exam preparation modules, the sample exam and forum to interact, that together provides everything you need to prepare for the ISO/IEC 27002 Foundation certification exam.ISO/IEC 27002:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 27002:2005 contains best practices of control objectives and controls in the following areas of information security management:- security policy;- organisation of information security;- asset management;- human resources security;- physical and environmental security;- communications and operations management;- access control;- information systems acquisition, development and maintenance;- information security incident management;- business continuity management;- compliance.The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.Considering the increasing number of IT Professionals and their Organizations who want to be actively involved in Identity and Access Management, this book, which leads to ISO/IEC 27002 Foundation, should do at least as well as the first edition, which is a bestseller.

More info:

Published by: Emereo Publishing on Nov 02, 2012
Copyright:Traditional Copyright: All rights reservedISBN:9781743045824
List Price: $79.96 Buy Now

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
This book can be read on up to 6 mobile devices.
Visibility:Private
See more
See less

04/05/2014

201

9781743045824

$79.96

USD

You're Reading a Free Preview
Pages 7 to 44 are not shown in this preview.
You're Reading a Free Preview
Pages 48 to 201 are not shown in this preview.

Activity (4)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
eleumas liked this

You're Reading a Free Preview

Download