Achieve cybersecurity excellence by implementing a robust information security management system that meets the requirements of information security standard ISO 27001, its supporting guidance ISO 27002 and data security framework SOC 2.
In an era where cybersecurity threats are escalating and complex global regulations are intensifying, the need for a comprehensive, actionable guide to ISO 27001, ISO 27002 and SOC 2 is more critical than ever.
Information Security Management provides an essential resource for building or improving a robust information security management system that achieves ISO 27001 and SOC 2 compliance. Drawing on best practice recommendations from ISO 27002, managers and leaders will learn not only how to achieve cybersecurity excellence but also how to gain buy-in from the wider business for long-term, effective change. It is supported by actionable strategies and checklists, making it a practical guide for immediate implementation in any organization.
Unique in its approach, this book shows how ISO 27001 compliance can serve as a foundational framework for achieving SOC 2 certification. It also features real-world examples of companies that have successfully implemented strong information security management systems and is supported by insights from industry experts, auditors and consultants on best practices and common pitfalls. Showing how organizations can implement ISO 27001, IS0 27002 and SOC 2, Information Security Management demonstrates how to build an information security management system built for compliance and long-term success in today's complex landscape.
Provides a comprehensive guide to how organizations can build a robust information management security system that meets the requirements of ISO 27001, ISO 27002 and SOC 2
Gives unique guidance on how to use ISO 27001 as a foundational framework for the implementation of SOC 2
Offers checklists for audit preparation, compliance and risk assessment, summaries of key ISO 27001 controls, objectives and requirements, flowcharts for risk assessment and compliance checks and sample documentation, procedures, objectives and KPIs
Online resources: Downloadable templates for creating ISMS documentation, risk assessments and audit plans
Features real-world examples of companies that have successfully implemented ISO 27001 and SOC 2, as well as lessons learned from challenges faced during the implementation process
David Clarke
David Clarke is an internationally known security, ISO 27001 and GDPR advisor and has been recognized by multiple outlets including Onalytica, Thomson Reuters and Thinkers 360 as a top thought leader in cybersecurity, privacy and security. His company, Visco, offers risk and compliance services to organizations to help them meet privacy and cybersecurity requirements and standards.
Clarke has held multiple security management and leadership positions for a number of Global FTSE 100 companies, has managed multiple global security operations centres and is the founder of the GDPR Technology Forum. He also authored the only online data breach course accredited by the National Cyber Security Centre (NCSC) and is the co-author of a GDPR Audit Scheme approved by The ICO (Information Commissioner's Office). He is based in London, UK.
ISO 27001 ISO 27002 auditing information security management information security governance IT Governance SOC 2 cyber risk management information security program 27001 compliance 27001 cybersecurity 27001 competitive advantage IT security risk assessment enterprise risk management