ISO 27001 Controls Handbook: Implementing and auditing 93 controls to reduce information security risks

Description

The international standard ISO/IEC 27001:2022 contains requirements for setting up and maintaining an information security management system (ISMS). It also contains an Annex A with 93 controls. ISO 27001 Controls Handbook is about those 93 controls. The wording of the 93 controls is often difficult to understand. Studying the normative texts and searching for their meaning sometimes leads to more questions than answers. Why are the controls so general and vague? The ISO/IEC 27001 standard is intended “ to be applicable to all organizations, regardless of type, size or nature ”. This also applies to the 93 controls mentioned in the Standard: they are intended for all types of organizations, in all countries of the world. This handbook explains in detail what the 93 controls of the ISO/IEC 27001:2022 standard are about. Once you understand the idea and scope of a control , you can implement it in a way that suits the information security risks of your organization. This book bridges the world of ISO/IEC 27001 and the real world, introduces you to topics that may be of interest to explore further, and discusses connections with the GDPR (EU). In addition, this handbook is also intended for auditors who want to investigate whether the controls have been implemented effectively and in accordance with the Standard. This book contains suggestions for conducting audits for all 93 controls. Don't be afraid to get started. Be creative, collaborate and try to organize everything as simply as possible. Good luck! ISO 27001 Controls Handbook is a supplement to the main book "ISO 27001 ISMS Handbook". In Chapter 1 to 4, you will find a summary of this main book . Cees van der Wens (1965) studied industrial automation in the Netherlands. In his role as Lead Auditor, the author has carried out dozens of ISO/IEC 27001 certification audits at a wide range of organizations. As a consultant, he has also helped many organizations obtain the ISO/IEC 27001 certificate. His "ISO27001 Handbook", published in 2020, became a worldwide bestseller. Review: Highly recommended! - Implementing ISO 27001 can be a bit daunting, especially when you get to the controls. This book is a great resource. It will get you thinking and you may even find that your organization is already doing some of the required activities. If you've already implemented ISO 27001, it will help you improve your ISMS. I especially liked how the controls were linked to other controls, as there is a good amount of overlap in these activities. At the end of each control chapter, you'll see questions that an auditor might ask to determine compliance. These are very helpful as well and will get you thinking about what you can provide as evidence during certification audits. Review: Great to learn about ISO 270001 - Great reference for learning about ISO 270001