ISO/IEC 27001:2022: An introduction to information security and the ISMS standard

By Steve Watkins

Written by an acknowledged expert on the ISO/IEC 27001 Standard, ISO 27001:2022 – An Introduction to information security and the ISMS standard is an ideal primer for anyone implementing an information security management system aligned to ISO 27001:2022.

The guide is a must-have resource giving a clear, concise and easy-to-read introduction to information security, providing guidance to ensure the management systems you put in place are effective, reliable and auditable.

This pocket guide will help you to:

1. Make informed decisions

Using this guide will enable the key employees in your organisation to make better decisions before embarking on an information security project.

1. Ensure everyone is up to speed

This guide will give the non-specialists on the project board and in the project team a clearer understanding of what an information security management system involves, reflecting the ISO 27001:2022 version of the Standard.

1. Raise awareness among staff

Ensure that your staff know what is at stake with regard to information security and understand what is expected of them with this pocket guide.

1. Enhance your competitiveness

Use this guide to begin your ISO 27001:2022 implementation journey and let your customers know that the information you hold about them is managed and protected appropriately.

Get up to speed with the ISO 27001:2022 updates and keep your information secure About the author:

Steve is a Director of Kinsnall Consulting Ltd, providing board-level advice on cyber security and related standards.

Steve is an active member of SC 27, the international committee responsible for cyber security, information security and privacy protection standards, including the ISO 27001 family. He Chairs the UK national committee (IST 33) that mirrors SC 27 and is the Chair of the UK ISO/IEC 27001 User Group.

He is also a contracted ISMS and ITSMS Technical Assessor for UKAS, supporting the assessment of certification bodies offering accredited certification to ISO/IEC 27001 and ISO/IEC 20000-1.

TOC:

Introduction

Chapter 1: Information security – What’s that?

Chapter 2: It’s not IT

Chapter 3: ISO 27001 and the management system requirements

Chapter 4: Legal, regulatory and contractual requirements and business risk

Chapter 5: Information security controls

Chapter 6: Certification

Chapter 7: Signposting

Further reading

• Language: English
• Publisher: itgovernance
• Release date: Nov 15, 2022
• ISBN: 9781787784055

Steve Watkins

STEVE WATKINS is a professor of English at the University of Mary Washington. He is the author of a collection of stories, My Chaos Theory, and two young adult novels, Down Sand Mountain and What Comes After. Watkins is also an award-winning journalist whose work has appeared in publications including LA Weekly, Poets and Writers, and the Nation.

Book preview

INTRODUCTION

This pocket guide is intended to meet the needs of two groups:

1. Individual readers who have turned to it as an introduction to a topic that they know little about.

2. Organisations implementing, or considering implementing, some sort of information security management regime, particularly if using ISO/IEC 27001:2022, that wish to raise awareness.

In either case the guide gives readers an understanding of the basics of information security, including:

•A definition of information security;

•How managing information security can be achieved using an approach recognised worldwide as good practice;

•The factors that need to be considered in an information security regime, including how the perimeters of such a scheme can be properly defined;

•How an information security management system (ISMS) can ensure it is maximising the effect of any budget it has;

•Key areas of investment for a business-focused ISMS; and

•How organisations can demonstrate the degree of assurance they offer with regard to information security, how to interpret claims of adherence to the ISO 27001 standard and exactly what that means.

Corporate bodies will find this guide useful at a number of stages in any information security project, including:

•At the decision-making stage, to ensure that those committing to an information security project do so from a suitably informed position;

•At project initiation, as an introduction to information security for the project board, project team members and other key contributors; and

•As part of an ongoing awareness campaign, being made available to all staff ² and to new starters as part of their induction.

Corporate users may find they get the most benefit by making this pocket guide available and adding a small flyer inside it, which explains how various sections relate to their own specific environment, or where the issues raised in this guide are addressed in their own ISMS. For example:

This pocket guide is designed to be read without having to break frequently from the text, but there is a list of abbreviations along with terms and definitions in Chapter 7 for easy reference. Where footnotes have been added they are not essential reading, and it is recommended you ignore these on your first read through if you are new to the subject – on a second reading they will be of more relevance, and particularly if you are involved in an information security project or