An Introduction to Information Security and ISO 27001 (2013) A Pocket Guide, Second Edition Review

IT Governance – This book comes from IT Governance USA. Learn more about IT Governance and their role in securing your corporation by clicking here.

It Governance Discounts:

Book Summary:

Written by an acknowledged expert on the new ISO 27001 Standard, An Introduction to Information Security and ISO 27001:2013 is the ideal resource for anyone wanting a clear, concise, and easy-to-read primer on information security. It will ensure the systems you put in place are effective, reliable, and auditable.

An Introduction to Information Security and ISO 27001 (2013) A Pocket Guide, Second Edition Review:

Have you ever read a book that you wish could read again for the first time? I am always looking for books that provide enough information to change my practice but not so much it overloads me. Especially when the books are just a few hundred pages. Thankfully, I have found my ideal book.

It Governance, a leader in financial and information risk management, has recently published, An Introduction to Information Security and ISO 27001:2013 (A Pocket Guide, Second Edition). This 96 page book provides a clear and concise entry to the ISO 27001 framework, giving you the information you need to understand the framework and put it to use in your organizations risk management programs.

As you will recall, the new ISO 27001:2013 is a completely new version of the ISO 27001 framework and standard. It addresses not only information security risks but also a broader range of business risks and, along with the ISO 27001:2005, will be the go to standard for an information security management system (ISMS). It is the first information security framework designed with a business risk perspective, rather than just information security.

What I liked about An Introduction to Information Security and ISO 27001:2013

1) Gives practical information (not copious details) about the ISO 27001 update: ISO 27001:2013 provides practical information about the new standard. The book provides the IT professional with the information needed to understand and implement the changes being made to ISO 27001.

2) Easy to read with a lot of great diagrams and explanations. This is key if you are busy and just need to find out the essence of the information. I love the diagrams in Chapter 3, Information Security.

3) In a day and age where most survival information comes from videos, I think this book is a good addition to anyone’s bookshelf: I love this format. Information security and the ISO standard don’t lend themselves to quick information retrieval. I’m not saying you can’t learn from videos, I am just saying sometimes you need a non-convoluted approach to complex information that this book provides.

4) Truly written for the person and not the manager. The ISO 27001:2013 standard and its requirements are not always easy to apply to business. Fortunately, this book is written to help you, the busy IT professional, understand how to apply information security to real work. I love the easy to understand, step-by-step approach to information security management.

5) Provides a clear understanding of the sections of the standard that apply to you. I vote every book or training course should have the ISO 27001 section covered by the material printed in a book the same size as this one. (I know I’d be happy to pay more for that and I do anyway for CISA or ISO 27001 training.)

6) Highlights key sections of the standard. This is useful when you are looking for the specific requirements and clarifications in the standard itself.

7) Provides a roadmap for the requirements of ISO 27001:2013. This is often the most difficult part of moving to the new standard: figuring out the work steps and so on. This book makes it easy. Although, I still suggest having a qualified ISO 27001 consultant guide you during this process.

Is there anything I didn’t like?

1) Not enough pages in the book!

Learn more or buy this book here.