With US businesses and organisations coming under intense regulatory pressure to secure their data and IT systems, a new management book from IT security authors Alan Watkins and Steve Richards explains in clear language how to create world class information security management systems that address US regulatory requirements and are compliant with the new global gold standard of information security, ISO 27001.
International IT Governance: An Executive Guide to ISO 17799/ISO 27001 provides comprehensive, executive-level guidance for the creation of an information security management system conforming to ISO27001/ISO17799, thereby ensuring that corporate data is secure, information assets protected and regulations complied with. The book is based on the authors existing guide to ISO 27001 compliance, which is recommended by the UKs Department for Trade & Industry, Institute of Directors and Open University. The work has been extensively revised to address US regulatory regimes including HIPAA, GLBA, SB 1386 and other State breach laws, PIPEDA, FISMA and EU Safe Harbor regulations.
By establishing an ISO/IEC 27001-certificated information security management system an organisation puts in place the general control environment that is essential for a successful SOX s404 report. Achieving this certification is significantly less costly than an SAS 70 audit (which frequently costs more than 100,000) and demonstrates to existing and potential customers as well as regulators that the organisation maintains a best-practice information security infrastructure.
International IT Governance is based on Alan Calders experience of leading the worlds first successful implementation of BS 7799, the standard on which the new ISO 27001 is based. Commenting on the new book, he said, US organisations are becoming very aware of the potential business benefits of a robust information security management system. However, until now it has been difficult for C-suite executives to gain a clear overview of the practical issues and regulatory concerns as they apply in the US. The book fills this knowledge gap and provides executives with an express route to securing information assets and satisfying regulators at comparatively little cost.
Related links: (Open in a new window.)
www.27001.com
alancalder.blogspot.com/
www.itgovernance.co.uk/
View printable version (opens in new window)
Back