وبلاگ بلیان

The Quarterback Sneak

معرفی کتاب «The Quarterback Sneak» نوشتهٔ Ana Shay، منتشرشده توسط نشر 2022 در سال 2022. این کتاب در فرمت epub، زبان انگلیسی ارائه شده است. «The Quarterback Sneak» در دستهٔ رمان خارجی قرار دارد.

Following the success of the first edition, this book has been re-released to reflect the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 updates. Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001:2022 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001:2022. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001:2022. The auditing guidance covers what evidence an auditor should look for to satisfy themselves that the requirement has been met. This guidance is useful for internal auditors and consultants, as well as information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit. This guide is intended to be used by those involved in Designing, implementing and/or maintaining an ISMS; Preparing for ISMS audits and assessments; or Undertaking both internal and third-party ISMS audits and assessments. Cover Title Copyright About the Author Disclaimer Contents Foreword Chapter 1: Scope of this guide Chapter 2: Field of application 2.1 Usage 2.2 Compliance Chapter 3: Meeting ISO/IEC 27001 requirements Chapter 4: Using control attributes Chapter 5: Organizational controls (ISO/IEC 27001, A.5) 5.1 Policies for information security (ISO/IEC 27001, A.5.1) 5.2 Information security roles and responsibilities (ISO/IEC 27001, A.5.2) 5.3 Segregation of duties (ISO/IEC 27001, A.5.3) 5.4 Management responsibilities (ISO/IEC 27001, A.5.4) 5.5 Contact with authorities (ISO/IEC 27001, A.5.5) .. 5.6 Contact with special interest groups (ISO/IEC 27001, A.5.6) 5.7 Threat intelligence (ISO/IEC 27001, A.5.7) 5.8 Information security in project management (ISO/IEC 27001, A.5.8) 5.9 Inventory of information and other associated assets (ISO/IEC 27001, A.5.9) 5.10 Acceptable use of information and other associated assets (ISO/IEC 27001, A.5.10) 5.11 Return of assets (ISO/IEC 27001, A. 5.11) 5.12 Classification of information (ISO/IEC 27001, A.5.12) 5.13 Labelling of information (ISO/IEC 27001, A.5.13) 5.14 Information transfer (ISO/IEC 27001, A.5.14) 5.15 Access control (ISO/IEC 27001, A. 5.15) 5.16 Identity management (ISO/IEC 27001, A.5.16) 5.17 Authentication information (ISO/IEC 27001, A.5.17) 5.18 Access rights (ISO/IEC 27001, A.5.18) 5.19 Information security in supplier relationships (ISO/IEC 27001, A.5.19) 5.20 Addressing information security within supplier agreements (ISO/IEC 27001, A.5.20) 5.21 Managing information security in the information and communication technology (ICT) supply chain (ISO/IEC 27001, A.5.21) 5.22 Monitoring, review and change management of supplier services (ISO/IEC 27001, A.5.22) 5.23 Information security for use of cloud services (ISO/IEC 27001, A.5.23) 5.24 Information security incident management planning and preparation (ISO/IEC 27001, A.5.24) 5.25 Assessment and decision on information security events (ISO/IEC 27001, A.5.25) 5.26 Response to information security incidents (ISO/IEC 27001, A.5.26) 5.27 Learning from information security incidents (ISO/IEC 27001, A.5.27) 5.28 Collection of evidence (ISO/IEC 27001, A.5.28) 5.29 Information security during disruption (ISO/IEC 27001, A.5.29) 5.30 ICT readiness for business continuity (ISO/IEC 27001, A.5.30) 5.31 Legal, statutory, regulatory and contractual requirements (ISO/IEC 27001, A.5.31) 5.32 Intellectual property rights (ISO/IEC 27001, A.5.32) 5.33 Protection of records (ISO/IEC 27001, A.5.33) 5.34 Privacy and protection of personal identifiable information (PII) (ISO/IEC 27001, A.5.34) 5.35 Independent review of information security (ISO/IEC 27001, A.5.35) 5.36 Compliance with policies, rules and standards for information security (ISO/IEC 27001, A.5.36) 5.37 Documented operating procedures (ISO/IEC 27001, A.5.37) Chapter 6: People controls (ISO/IEC 27001, A.6) 6.1 Screening (ISO/IEC 27001, A.6.1) 6.2 Terms and conditions of employment (ISO/IEC 27001, A.6.2) 6.3 Information security awareness, education and training (ISO/IEC 27001, A.6.3) 6.4 Disciplinary process (ISO/IEC 27001, A.6.4) 6.5 Responsibilities after termination or change of employment (ISO/IEC 27001, A.6.5) 6.6 Confidentiality or non-disclosure agreements (ISO/IEC 27001, A.6.6) 6.7 Remote working (ISO/IEC 27001, A.6.7) 6.8 Information security event reporting (ISO/IEC 27001, A.6.8) Chapter 7: Physical controls 7.1 Physical security perimeters (ISO/IEC 27001, A.7.1) 7.2 Physical entry (ISO/IEC 27001, A.7.2) 7.3 Securing offices, rooms and facilities (ISO/IEC 27001, A.7.3) 7.4 Physical security monitoring (ISO/IEC 27001, A.7.4) 7.5 Protecting against physical and environmental threats (ISO/IEC 27001, A.7.5) 7.6 Working in secure areas (ISO/IEC 27001, A.7.6) 7.7 Clear desk and clear screen (ISO/IEC 27001, A.7.7) 7.8 Equipment siting and protection (ISO/IEC 27001, A.7.8) 7.9 Security of assets off-premises (ISO/IEC 27001, A.7.9) 7.10 Storage media (ISO/IEC 27001, A.7.10) 7.11 Supporting utilities (ISO/IEC 27001, A.7.11) 7.12 Cabling security (ISO/IEC 27001, A.7.12) 7.13 Equipment maintenance (ISO/IEC 27001, A.7.13) 7.14 Secure disposal or re-use of equipment (ISO/IEC 27001, A.7.14) Chapter 8: Technological controls 8.1 User end point devices (ISO/IEC 27001, A.8.1) 8.2 Privileged access rights (ISO/IEC 27001, A.8.2) 8.3 Information access restriction (ISO/IEC 27001, A.8.3) 8.4 Access to source code (ISO/IEC 27001, A.8.4) 8.5 Secure authentication (ISO/IEC 27001, A.8.5) 8.6 Capacity management (ISO/IEC 27001, A.8.6) 8.7 Protection against malware (ISO/IEC 27001, A.8.7) 8.8 Management of technical vulnerabilities (ISO/IEC 27001, A.8.8) 8.9 Configuration management (ISO/IEC 27001, A.8.9) 8.10 Information deletion (ISO/IEC 27001, A.8.10) 8.11 Data masking (ISO/IEC 27001, A.8.11) 8.12 Data leakage prevention (ISO/IEC 27001, A.8.12) 8.13 Information backup (ISO/IEC 27001, A.8.13) 8.14 Redundancy of information processing facilities (ISO/IEC 27001, A.8.14) 8.15 Logging (ISO/IEC 27001, A.8.15) 8.16 Monitoring activities (ISO/IEC 27001, A.8.16) 8.17 Clock synchronization (ISO/IEC 27001, A.8.17) 8.18 Use of privileged utility programs (ISO/IEC 27001, A.8.18) 8.19 Installation of software on operational systems (ISO/IEC 27001, A.8.19) 8.20 Networks security (ISO/IEC 27001, A.8.20) 8.21 Security of network services (ISO/IEC 27001, A.8.21) 8.22 Segregation of networks (ISO/IEC 27001, A.8.22) 8.23 Web filtering (ISO/IEC 27001, A.8.23) 8.24 Use of cryptography (ISO/IEC 27001, A.8.24) 8.25 Secure development life cycle (ISO/IEC 27001, A.8.25) 8.26 Application security requirements (ISO/IEC 27001, A.8.26) 8.27 Secure system architecture and engineering principles (ISO/IEC 27001, A.8.27) 8.28 Secure coding (ISO/IEC 27001, A.8.28) 8.29 Security testing in development and acceptance (ISO/IEC 27001, A.8.29) 8.30 Outsourced development (ISO/IEC 27001, A.8.30) 8.31 Separation of development, test and production environments (ISO/IEC 27001, A.8.31) 8.32 Change management (ISO/IEC 27001, A.8.32) 8.33 Test information (ISO/IEC 27001, A.8.33) 8.34 Protection of information systems during audit testing (ISO/IEC 27001, A.8.34) Further reading A must-have resource for anyone looking to establish, implement and maintain an ISMS. Ideal for information security managers, auditors, consultants and organisations preparing for ISO 27001 certification, this book will help readers understand the requirements of an ISMS (information security management system) based on ISO 27001. Similarly, for anyone involved in internal or external audits, the book includes the definitive requirements that auditors must address when certifying organisations to ISO 27001. The book covers: Implementation guidance – what needs to be considered to fulfil the requirements of the controls from ISO/IEC 27001, Annex A. This guidance is aligned with ISO/IEC 27002, which gives advice on implementing the controls; Auditing guidance – what should be checked, and how, when examining the ISO/IEC 27001 controls to ensure that the implementation covers the ISMS control requirements. The implementation guidance gives clear descriptions covering what needs to be considered to achieve compliance against the requirements, with examples given throughout. The auditing guidance covers what evidence an auditor should look for in order to satisfy themselves that the requirement has been met. Useful for internal auditors and consultants, the auditing guidance will also be useful for information security managers and lead implementers as a means of confirming that their implementation and evidence to support it will be sufficient to pass an audit. This guide is intended to be used by those involved in: Designing, implementing and/or maintaining an ISMS; Preparing for ISMS audits and assessments; or Undertaking both internal and third-party ISMS audits and assessments About the author Bridget Kenyon (CISSP) is global CISO for Thales eSecurity. Her experience in information security started in 2000 with a role in network vulnerabilities at DERA, following which she has been a PCI Qualified Security Assessor, information security officer for Warwick University and head of information security for UCL, and has held a variety of roles in consultancy and academia. Bridget has been contributing to international standards since 2006, when she first joined BSI Panel 1, coordinating development of information security management system standards; she is currently editor for ISO/IEC 27014. Bridget has also co-authored three textbooks on information security. She strongly believes that “information security is fundamental to reliable business operations, not a nice-to-have”. In 2018, she was named one of the top 25 women in tech by UK publication PCR.
دانلود کتاب The Quarterback Sneak