Speakers corner – Foundations of information security Based on ISO27001 and ISO27002
1. Title: Foundations of IT security Based on ISO 27001/27002
Protecting Information and IT Security is hot nowadays, but for many also quite mystical. Everyone can read the news on stolen data and hacks, there are many examples of information system breaches today. What is information security and how do you practice it? This book was created by professionals to help anyone make a start in Security by explaining the basics of IT based on a well-known and accepted standard for IT security the NEN/ISO 27001:2103 and 27002:2013.
2. The Basics:
Foundations of IT security Based on ISO 27001/27002 provides an introduction on ICT security topics in a pragmatic way and is written for anyone that wants to start in IT security or needs a basic knowledge on key ICT security topics. Besides the ICT security specific topics attention is given to the organisation and governance of IT security, including people, technology, and processes essential for the security of corporate assets. The book is on purpose not very technical everyone should be able to understand it.
The purpose of this book is to describe all essential areas of IT security. The book is based on the same structure as the ISO 27002, making the topics recognisable and applicable in day to day security practices used by enterprises all around the world. Some of the topics in the book are for example:
• Definitions and security concepts
• Context of the organization
• Policies and the organization of Information Security
• Human resource security
• Access Control
• Cryptografy concepts
• Physical and environmental security
• Communications security
Providing a comprehensive and holistic approach on security topics helps to get a solid introduction in the field of information security. A very good starting point for further specialisation in the very broad area of information security areas of expertise.
The book contains besides the information security topics practical examples around a case and in the end of the book there is a 40 question multiple choice exam to test the knowledge on the topics in this book.
4. Target Audience:
• Managers – who are primarily responsible for implementing and governing IT security in their organizations and institutions.
• IT Professionals – that need a basis understanding of security concepts
• Executives – who are primarily responsible for developing and/or approving IT security strategy and then overseeing its implementation and governance (The “C” suite of Corporate Officers)
• Academicians, Graduate and upper level undergraduate students – who must teach and master a fundamental understanding of IT security.
• Everyone within an organization – who wants to know more about information security.
The book covers the various areas of IT security that are also addressed in the ISO 27001/27002, by explaining the basic concepts and technologies used and giving practical examples based on practical everyday