Information Security Based on ISO 27001 Strategies A Leadership Introduction to Information Security

The ISO 27001 certification of a company can be a complex and exhausting expereience. This doesn't need to be so. Gain insights from an experienced implementation expert and certified lead auditor. The advice you will gain from reading this book is valid for both versions of the standard: ISO 27001:2013 and ISO 27001:2022.

BECOME ISO 27001 COMPLIANT BY BEING FOCUSED

• Stay focused as you keep your ISMS Project on schedule.
• Reflect after each major way point what you have achieved
• Apply strategies with purpose and less frustration.
• Find better ways to improve security in a collaborative way.

"This pocket guide to ISO 27001 Certification helps you rapidly get an understanding of what Information Security actually means for your industry!" - Christian Bartsch

The book will answer following key questions in detail:

• Why should my organization bother implementing an ISMS and getting it certified?
• Why is ISO 27001 more than just writing a set of ISMS documents?
• How should we approach an ISO 27001 certification project?
• What will an audfitor expect to see during a stage 1 and stage 2 audit?

ADDITIONAL FREE MATERIAL

The book will provide you access to a range of additional free material to get you started on your very own ISO 27001 project. It includes Checklists, Video tutorials and Cross Reference Tables.

While you are considering to buy this book here are some quick answers:

Why will this book help me implement an ISMS with less pain?

This book is designed to provide a productive approach towards the standard. Irrelevant documentation will not contribute to achieving compliance but only add to the workload.

Use the guidance in this book to cut down the implementation time and avoid unnecessary consulting costs. Information Security starts with the people in your company and not in a pile of files nobody understands.

Auditors expect you to understand your ISMS. They want to see how you apply its policies, procedures and controls. ISO 27001 is a business project and not an IT Project. Leadership needs to be fully commited to it.

Why does Information Security affect your business?

Currently companies, government bodies and city owned suppliers are having to adjust their Operational Processes and Information Security to the growing cyber threats. The introduction of NIS 2.0 is adding more pressure on a variety of companies who never really needed to make a great effort in regards to cyber security.

On the other hand, privately owned companies are feeding the pressure of larger buyers to be compliant with a range of industry standards. The ISO 27001 standard requires comapnies of all sizes to implement and maintain an Information Security Management System, which ir relevant to their risk exposure and business model.

Companies from a range of industries are increasingly needing to become ISO 27001 compliant.

What are the risks of implementing ISO 27001 in my business?

If ISO 27001 concepts are applied in a far too rigid way, a business workflow will slow down and drive operational costs into a dangerous spiral. Staff will look for jobs elsewhere and company performance will be disappointing.

Get a shortcut to understand how the ISO 27001 Certification Process is going to be!

ABOUT THE AUTHOR:

CHRISTIAN BARTSCH is a Managing Partner of a German Information Security focused Company and Advising Director of a Dutch VC. His consultancy helps european companies become compliant with ISO 9001 and ISO 27001 standards. As a certified lead auditor, he also audits companies on behalf of several large European certification bodies. He has been an international speaker at congresses, government facilities and universities.