Read more
Achieve cybersecurity excellence by implementing a robust information security management system that meets the requirements of information security standard ISO 27001, its supporting guidance ISO 27002 and data security framework SOC 2.
List of contents
Section - ONE: Foundations of ISO 27001, Objective Setting, Internal Auditing, Strategic Advantages, and Risks of Technical Decision Making Chapter - 01: introduction to ISO 27001; Chapter - 02: Historical Evolution: From BS7799 to ISO 27001; Chapter - 03: Demystifying ISO 27001: Objectives to Training; Chapter - 04: Creating Objectives, KPIs, and Metrics; Chapter - 05: Internal Audit and Gap Analysis; Chapter - 06: Continuous Auditing; Chapter - 07: Strategic Advantages of ISO 27001; Chapter - 08: Risks of Relying on Technical Decision Making; Section - TWO: Practical Applications, Leadership, and Documentation Chapter - 09: Practical Cyber Risk Mitigation Plans; Chapter - 10: Comprehensive Audit Management; Chapter - 11: Expert Documentation & Procedures; Chapter - 12: Presenting Documentation for Steering Group Approval; Chapter - 13: Architecture of Documents; Chapter - 14: Leadership in Steering Group Management; Section - THREE: Excellence in Auditing, Stakeholder Engagement, Leadership Buy-in, and Leveraging Key Domains under ISO 27001 Chapter - 15: Preparing for Audit; Chapter - 16: Briefing Stakeholders; Chapter - 17: Ensuring Senior Leadership Buy-in; Chapter - 18: Detailed Audit Micro-management; Chapter - 19: Exceeding Industry Benchmarks; Chapter - 20: Continuous Support & Expertise; Chapter - 21: Leveraging Key Domains for ISO 27001 Excellence; Section - FOUR: Designing Awareness and Training Programs, Challenges, Nonconformity Management, Technical Audits Integration, Responsibilities, and Strategic Incident Management Chapter - 22: Designing Awareness and Training Programs; Chapter - 23: Challenges in ISO 27001 Implementation; Chapter - 24: Managing Nonconformities; Chapter - 25: Integrating Results of Technical Audits into ISO Management; Chapter - 26: Joint, Shared, Cost, and Regulatory Responsibilities; Chapter - 27: Leveraging Incident Response and Vendor Due Diligence; Chapter - 28: Business Continuity Planning and Influencing Incident Outcomes; Chapter - 29: Change Control and Best Practice Implementation Auditing; Chapter - 30: Building an SOA (Statement of Applicability); Section - FIVE: The Future of ISO 27001, Regulatory Compliance, and A Legacy of Excellence Chapter - 31: Bridging ISO 27001 with SOC2; Chapter - 32: Navigating the Surge of Global Cyber and Data Regulations; Chapter - 33: Understanding WISP: Mandates Across 25 US States; Chapter - 34: Expertise in ISO 27001 and Beyond: A Legacy of Excellence; Chapter - 35: A Journey from BS7799 to ISO 27001; Chapter - 36: Proven Documentation & Global Recognition; Chapter - 37: ISO 27001 as a Business Enabler; Chapter - 38: Board and Senior Management Engagement; Chapter - 39: Holistic Integration: Transactionally, Intellectually, and Operationally; Chapter - 40: The Surge of Cyber and Data Regulation; Chapter - 41: A Legacy Since 2005
About the author
David Clarke is an internationally known security, ISO 27001 and GDPR advisor and has been recognized by multiple outlets including Onalytica, Thomson Reuters and Thinkers 360 as a top thought leader in cybersecurity, privacy and security. His company, Visco, offers risk and compliance services to organizations to help them meet privacy and cybersecurity requirements and standards.
Clarke has held multiple security management and leadership positions for a number of Global FTSE 100 companies, has managed multiple global security operations centres and is the founder of the GDPR Technology Forum. He also authored the only online data breach course accredited by the National Cyber Security Centre (NCSC) and is the co-author of a GDPR Audit Scheme approved by The ICO (Information Commissioner's Office). He is based in London, UK.
