ebook ebooks e-book e-books downloaden bei MyEbooks.ch downloaden

IT Governance An international guide to data security and ISO 27001/ISO 27002

:	Alan Calder, Steve G Watkins
:	IT Governance An international guide to data security and ISO 27001/ISO 27002
:	Packt Publishing
:	9781806383542
:	1
:	CHF 47.90
:

:	Management
:	English

:	486
:	DRM
:	PC/MAC/eReader/Tablet
:	ePUB

In the modern digital landscape, information security has never been more critical. This book introduces readers to the essential components of IT governance, focusing on frameworks like ISO 27001 and strategies for managing risks in today's complex information economy. The content explores key topics like cybersecurity, risk management, information security policies, and compliance with international standards.
As you progress, you'll learn to navigate the challenges of organizing and maintaining a secure IT environment, with insights into compliance regulations, security frameworks, and governance codes. The book provides hands-on guidance on applying security controls, setting up robust information security policies, and evaluating risks. Real-world scenarios and practical applications ensure the knowledge gained is immediately applicable to professional environments.
The journey culminates in an understanding of how to integrate IT governance within an organization. You'll learn to assess vulnerabilities, implement risk management strategies, and ensure that security measures align with both business goals and regulatory requirements. The book equips readers with the tools needed to strengthen IT systems against evolving threats and to stay ahead in the information security landscape.

INTRODUCTION

This book on IT governance is a key resource for forward-looking executives and managers in 21st-century organizations of all sizes. There are six reasons for this:

1. The development of IT governance, which recognizes the ‘information economy’-driven convergence between business management and IT management, makes it essential for executives and managers at all levels in organizations of all sizes to understand how decisions about IT in the organization should be made and monitored and, in particular, how information security risks are best dealt with.

2. Risk management is a big issue. In the UK, the FRC’s Risk Guidance (formerly the Turnbull Guidance on internal control) gives directors of Stock Exchange-listed companies a clear responsibility to act on IT governance, on the effective management of risk in IT projects, and on computer security. The US Sarbanes–Oxley Act – and more recent SEC regulations – places a similar expectation on directors of all US listed companies. Banks and financial-sector organizations are subject to the requirements of the Bank for International Settlements (BIS) and the Basel 3.1 frameworks, particularly around operational risk – which absolutely includes information and IT risk. Information security and the challenge of delivering IT projects on time, to specification, and to budget also affect private- and public-sector organizations throughout the world.

3. Particularly post-GDPR, information-related legislation and regulation are increasingly important to all organizations. Data protection, privacy and breach regulations, cyber resilience, computer misuse, and regulations around investigatory powers are part of a complex and often competing range of requirements to which directors must respond. There is, increasingly, the need for an overarching information security framework that can provide context and coherence to compliance activity worldwide.

4. As the intellectual capital value of ‘information economy’ organizations increases, their commercial viability and profitability – as well as their stock price – increasingly depend on the security, confidentiality, and integrity of their information and information assets.

5. The dramatic growth and scale of the information economy have created new, global threats and vulnerabilities for all organizations, particularly in cyberspace.

6. The world’s first, and only, globally-accepted standard for information security management systems is at the heart of a recognized framework for information security and assurance. As part of the series of ISO/IEC 27000 standards, the key standard, ISO/IEC 27001, has been updated to contain the latest international best practice, with which, increasingly, organizations are asking their suppliers to conform, and regulatory or licensing conditions rely on it. Compliance with the Standard should enable company directors to demonstrate a proper response – to customers as well as to regulatory and judicial authorities – to all the challenges identified above.

The information economy

Faced with the emergence and speed of growth in the information economy, organizations have an urgent need to adopt IT governance best practice. The main drivers of the information economy are:

• The ongoing globalization of markets, products, and resourcing (including ‘offshoring’ and ‘nearshoring’)

• Electronic information and knowledge intensity

• End-user device proliferation and the migration to the Cloud

• The geometric increase in the level of electronic networking and connectivity