3 must-read books on ISO 27001

As you start your ISO 27001 implementation project, you probably want to know about much as possible.

Some people attend training courses to pick up the knowledge of ISO 27001, and others go one step further, hiring an ISO 27001 consultant to guide them through the process.

Those are both excellent options for those with the time and budget, but what if you’re looking for a less expensive approach?

In those cases, you can never underestimate the influence of a book. Indeed, most information security professionals begin their journeys by picking up a book or two on ISO 27001, because it’s the most cost-effective way of getting to grips with the complexities of the Standard.

But with so many books to choose from, how should you get started? We’ve compiled a list of books designed to help readers get started with their ISO 27001 implementation project.

The Case for ISO 27001

As the suggests says, The Case for ISO 27001 explains the business case for implementing ISO 27001.

Written by Alan Calder, IT Governance’s founder and chief executive, this book explains the benefits of ISO 27001 and demonstrates how you can persuade the board to invest in an implementation project.

Specifically, it covers the ways in which the Standard will help protect your organisation from cyber attacks, recover from incidents in the event of a breach and improve your corporate governance.

IT Governance – An International Guide to Data Security and ISO 27001

Now in its seventh edition, IT Governance – An International Guide to Data Security and ISO 27001gives guidance on implementing effective information security management.

It also outlines international best practice for IT governance for organisations of all sizes and sectors, and demonstrates how to protect and enhance your organisation with an ISO 27001-compliant ISMS (information security management system).

You’ll also learn how to:

  • Design, develop and implement a robust governance system that covers all aspects of data protection and information security; and
  • Defend your organisation against advanced, persistent cyber threats.
  • This updated edition reflects changes to international legislation, including the GDPR (General Data Protection Regulation), and updates to BS 7799-3 and the ISO/IEC 27000 family.
  • It also covers key topics such as risk assessment, asset management, controls, security, supplier relationships and compliance.

Nine Steps to Success – An ISO 27001 Implementation Overview

This concise guide helps you get to grips with the requirements of the Standard and make your ISO 27001 implementation project a success.

Written by Alan Calder, Nine Steps to Success guides you through an ISO 27001 implementation project step-by-step, covering the most essentials aspects including gaining management support, scoping, planning, communication, risk assessment and documentation.

You’ll discover:

  • Details the key steps of an ISO 27001 project from inception to certification.
  • Explains each element of the ISO 27001 project in simple, non-technical language.
  • An ideal guide for anyone tackling ISO 27001 implementation for the first time.

A version of this blog was originally published on 21 August 2015.

One Response

  1. Simon Reynolds 27th August 2015