- Security TWENTY Home
Author Alan Calder
ISBN No 9781 849285308
Review date 25/10/2016
No of pages 112
Publisher IT Governance
Publisher URL http://www.itgovernance.co.uk
Year of publication 17/12/2013
The Case for ISO 27001
A book making the case for the information security management standard ISO 27001 is in fact much more than that - it’s as good a short introduction to info-security, and security management in general, as you could wish to find, writes Mark Rowe.
The author starts by reminding us how far we have come in 20 years; from paper records and faxes to intangible assets, mostly intellectual capital, worth much more than tangible assets. “Information is the lifeblood of the modern business.” It has to be available, yet kept confidential, and with integrity intact (you don’t want a nought taken off your bank account, any more than the bank wants one added by mistake). Alan Calder goes through the threats; and yet notes that business rewards come from taking risks. Hardware or software solutions from vendors ‘no longer cut the mustard’ and on their own are in fact ‘dangerously inadequate’ he argues, because as he reminds us data security is a mix, of technology, procedure and human behaviour. He whizzes through what the ISO 27001 standard can offer: he calls it ‘a vendor-independent, system-agnostic information security framework’ that anyone can apply to manage risks. Info-security he says is a governance issue, and not simply for the IT department. Given that it does not make commercial sense to protect every asset against every risk, and you cannot have 100 per cent security, you need guidelines, and priorities. It’s one for the board. Calder has done a grand job of setting out the case, briefly.
The Case for ISO 27001 (2013), by Alan Calder, second Edition, published 2013 by IT Governance. Visit www.itgovernance.co.uk. Paperback, 112 pages, £24.95, ISBN 9781 849285308.