ISO27001 in a Windows (R) Environment

Аннотация

Make your ISO27001 system work with WindowsThe vast majority of ISO27001 implementations will, to one extent or another, take place in a Windows environment. ISO27001 project managers are not always Microsoft technical experts, but a large number of the ISO27001 controls require a technical implementation. Bridging the gap between non-technical ISO27001 project managers and IT specialists, this book explains what the controls are, and describes how to implement them in a Windows environment, equipping the ISO27001 project manager to succeed with the implementation.MCSEs who have security training (MCSE Security), but who may not understand the ISO27001 approach to selecting and implementing controls, will also benefit from this book. It provides them with the necessary rationale and links their technical understanding of Microsoft information security controls into the international best practice framework for information security. This book should be a core part of the technical library of every MCSE and information security practitioner. If you have a CISSP, CISM, GIAC, or another professional certification, you should read this book.Covering best practice implementation over a wide range of Windows environments, this second edition is completely up to date for Windows 7 and Server 2008.Benefits to business include:Enable successful implementationAlthough ISO27001 project managers are seldom Microsoft technical experts, a large number of the ISO27001 Annexe A controls demand a technical implementation. Now, thanks to this book, project managers can finally give a clear explanation to their technical people of what is required under ISO27001. Armed with this guide, a project manager will find it much easier to succeed with implementation of ISO27001Help security engineers to understand ISO27001 ISO27001 is the international best practice framework for information security. However, because ISO27001 takes a business risk approach, it is unfamiliar territory to many Microsoft Certified Systems Engineers (MCSEs), even if they already have security training (MCSE Security). With this book, MSCEs can fill a gap in their knowledge and thereby harness their technical understanding of the Microsoft information security controls to drive through implementation of ISO27001Improve security and reliability.The purpose of ISO27001 is to ensure the confidentiality, integrity and availability of your business information. By putting suitable controls in place you can achieve these &quote;CIA&quote; goals. In this way you will also make your storage and handling of data more reliableTake advantage of the tools you already have to hand.Since Microsoft products are so widely used, the technical details in this book are based on the Microsoft Windows platform. This book shows IT managers how to make effective use of the Microsoft technologies at their disposal to support implementation of ISO27001. As a result, your organisation should be able to achieve certification without having to buy additional third-party software.Security improvements from MicrosoftMicrosoft's latest desktop operating system, Windows 7, comes with many security improvements. You can use these to help you to develop an ISMS that complies with ISO27001. One of these features is BitLocker, an encrypting system that allows you to encrypt individual files and folders. You can also encrypt the entire contents of a computer's hard disk to make the data stored on it unavailable to unauthorised personnel. BitLocker To Go enables you to transport information securely from one system to another using portable devices such as a USB. Another feature of Windows 7, AppLocker, will allow your organisation to restrict the applications available to a user on a desktop. By preventing improper use of key applications by your staff, AppLocker can help your organisation to reduce security risks.This guide provides the IT manager with a detailed breakdown of the various controls required under ISO27001, together with the relevant Microsoft products that can be used to implement them. It should be a core part of the technical library of every MCSE and of every information security practitioner. If you have Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification, you should read this book: it tells you how to make the best of the Windows security capabilities.Succeed in implementing ISO27001 in a Windows environment with this step-by-step guide