ISO/IEC 27002 Foundation Complete Certification Kit - Study Guide Book and Online Course - Second edition

201 pages

English

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

ISO/IEC 27002 Foundation Complete Certification Kit - Study Guide Book and Online Course - Second edition , livre ebook

Emereo Publishing - Ivanka Menken

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

201 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

The first edition of this book and its accompanying eLearning course is regarded as a classic in its field. Now, in an expanded and updated version of The Art of Service's book, the authors once again present a step-by-step guide to getting your ISO/IEC 27002 Foundation Certificate.

Information security is more important than ever before. Globalization of the economy leads to a growing exchange of information between organizations (their employees, customers and suppliers) and a growing use of networks, such as the internal company network, connection with the networks of other companies and the Internet.

Furthermore, activities of many companies now rely on IT, and information has become a valuable asset.

Protection of information is crucial for the continuity and proper functioning of the organization: information must be reliable. The international standard, the Code of Practice for Information Security ISO/IEC 27002:2005 structures the organization of information security and tests organizational and managerial aspects of information security.

The target audience is people who are professionally involved with the implementation and evaluation of information security and this program is also suitable for small independent businesses for whom some basic knowledge of information security is necessary.

In addition this foundation level provides a good starting point for new information security professionals.

This certification kit contains both the study guide and access to our online program including presentations, exam preparation modules, the sample exam and forum to interact, that together provides everything you need to prepare for the ISO/IEC 27002 Foundation certification exam.

ISO/IEC 27002:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 27002:2005 contains best practices of control objectives and controls in the following areas of information security management:

- security policy;

- organisation of information security;

- asset management;

- human resources security;

- physical and environmental security;

- communications and operations management;

- access control;

- information systems acquisition, development and maintenance;

- information security incident management;

- business continuity management;

- compliance.

The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.

Considering the increasing number of IT Professionals and their Organizations who want to be actively involved in Identity and Access Management, this book, which leads to ISO/IEC 27002 Foundation, should do at least as well as the first edition, which is a bestseller.

Sujets

Certification Guides

Computers

Informatique

Informations

Publié par	Emereo Publishing
Date de parution	24 octobre 2012
Nombre de lectures	0
EAN13	9781743045824
Langue	English
Poids de l'ouvrage	3 Mo

Informations légales : prix de location à la page 0,3998€. Cette information est donnée uniquement à titre indicatif conformément à la législation en vigueur.

Extrait

Foreword

As an education and training organization within the IT Service Management (ITSM) industry since 1998, we have watched with enthusiasm as ISO/IEC 27000 has grown and progressed over the years. The evolution of the core principles and practices included in the standard provides the holistic guidance needed for an industry that continues to mature and develop at a rapid pace.

Our primary goal is to provide the quality education and support materials needed to enable the understanding and application of the ISO/IEC 27000 standard in a wide range of contexts.

The 27000 standard was designed to explain the terminology for all the 27000 series family of standards and to address global concerns on deînitions that varied from country to country so as to establish consistency. ISO/IEC 27000 deals with the principles and vocabulary, ISO/IEC 27001 deals with the ISMS requirements (formerly BS7799—Part 2), ISO/IEC 27002 (formerly ISO/ IEC 17799:2005) is the Code for Best Practices, ISO/IEC 27003 deals with ISMS implementation guidelines, ISO/ IEC 27004 deals with ISMS metrics and measurement and ISO/IEC 27005 deals with ISMS risk management.

This comprehensive book is designed to complement the detailed eLearn ISO/IEC 27002 Foundation program provided by The Art of Service. The interactive online course uses a combination of narrated Flash presentations with multiple-choice assessments.

We hope you înd this book to be a useful tool in your educational library and wish you well in your career!

The Art of Service

‘All of the information in this document is subject to copyright. No part of this document may in any form or by any means (whether electronic or mechanical or otherwise) be copied, reproduced, stored in a retrieval system, transmitted or provided to any other person without the prior written permission of The Art of Service Pty Ltd, who owns the copyright.’

1 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055

Notice of Rights

All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher.

Notice of Liability

The information in this book is distributed on an “As Is” basis without warranty. While every precaution has been taken in the preparation of the book, neither the author nor the publisher shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in this book or by the products described in it.

Trademarks

Many of the designations used by manufacturers and sellers to distinguish their products are

claimed as trademarks. Where those designations appear in this book, and the publisher was aware

of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identiîed throughout this book are used in editorial fashion only and for the beneît of such companies with no intention of infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or other aïliation with this book.

2 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055

Write a review to receive any free eBook from our Catalog—$99 Value!

If you recently bought this book, we would love to hear from you! Beneît from receiving a free eBook from our catalog athttp://www.emereo.org/, if you write a review on Amazon (or the online store where you purchased this book) about your last purchase!

How does it work?

To post a review on Amazon, just login to your account and click on the Create Your Own Review

button (under Customer Reviews) of the relevant product page. You can înd examples of product

reviews in Amazon. If you purchased from another online store, simply follow their procedures.

What happens when ï submit my review?

Once you have submitted your review, send us an email atreview@emereo.orgwith the link to your review and the eBook you would like as our thank you fromhttp://www.emereo.org/. Pick any book you like from the catalog, up to $99 RRP. You will receive an email with your eBook as a download link. It is that simple.

3 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055

How to access the associated ïSO/ïEC 27002 Foundation eLearning Program:

1. 2. 3. 4.

Direct your browser to:www.theartofservice.org Click ‘Login’ (found at the top right of the page) Click ‘Create New Account’. If you already have an existing account, please move onto step 5. Follow the instructions to create a new account. You will need a valid email address to conîrm your account creation. If you do not receive the conîrmation email check that it has not been automatically moved to a junk mail or spam folder. Once your account has been conîrmed, email your User-ID for your new account to iso27002f@theartofservice.com. We will add your account to the ISO/IEC 27002 Foundation eLearning Program and let you know how to access the program from then onwards.

Minimum system requirements for accessing the eLearning Program:

Processor:RAM:OS:Browser:Plug-ïns:Other Hardware:Display Settings:ïnternet Connection:

Pentium III (600 MHz) or higher

128MB (256MB recommended)

Windows 98, NT, 2000, ME, XP, 2003, Mac OSX

Internet Explorer 5.x or higher (Cookies and JavaScript Enabled), Safari

Macromedia Flash Player 9

16-bit sound card, mouse, speakers or headphones

1024x768 pixels Due to multimedia content of the site, a minimum connection speed of 256kbs is recommended. If you are behind a îrewall and are facing problems in accessing the course or the learning portal, please contact your network administrator for help.

4 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055

ïf you are experiencing diIculties with the Flash Presentations within the eLearning Programs, please make sure that:

1) You have the latest version of Flash Player installed, by visitinghttp://www.adobe.com/ shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash 2) You check that your security settings in your web browser don't prevent these ash modules playing. There is support for these issues at the following page:http://kb.adobe.com/selfservice/ viewContent.do?externalId=tn_19166&sliceId=2#no_content

5 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055

Contents 1 ïntroduction 1.1 What is Information Security? 1.2 Why is information security needed? 1.3 History of ISO/IEC 27002 1.4 The Future of ISO/IEC 27002 2 Security Categories 3 The ïSO/ïEC 27002 Scope 4 Common Terminology 5 ïnformation Security 5.1 Dierence between data and information 5.2 Information systems 5.3 Value of information 5.4 Information as production factor 6 Conîdentiality, ïntegrity and Availability 6.1 Conîdentiality 6.2 Integrity 6.3 Availability 6.4 Information analysis 6.5 Information management 6.6 Informatics 6.7 Review Questions—Block 1 7 Risk Analysis 7.1 Types of risk analysis 8 Measures 8.1 Types of security measures 8.2 Prevention 8.3 Detection 8.4 Repression

6 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055

13 13 13 17 20 25 26 27 29 29

30 30 31 32 33 33 34 35 35 35 36 37 41 43 43 43 44 44

8.5 8.6 8.7 9 9.1 9.2 9.3 9.4 9.5 9.6

Correction (Recovery) Insurance Acceptance Threats Human threats

Nonhuman threats

Types of damage

Types of Risk Strategy

Guidelines for implementing security measures

Review Questions—Block 2

10 PDCA—The Deming Cycle 10.1 Monitoring information security policy 10.2 The organization of information security 11 ïSO 27002—Control areas 11.1 Security policy 11.2 Organization of information security 11.3 Asset Classiîcation and Control 11.4 Personnel Security 11.5 Physical and Environmental Security 11.6 Communications and Operations Management 11.7 Access Control

11.8 System Development and Maintenance 11.9 Business Continuity Management 11.10 Incident Management

11.11 Compliance

11.12 Review Questions—Block 3 12 Asset Management 12.1 What are Business Assets 12.2 Classiîcation

7 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055

44 45 45 46 46 47 47 48 49 50 51 54 55 58 58 59 59 60 60 61 61 63 63 63 64 64 65 65 67

12.3 Managing Business Assets 12.4 Acceptable use of Business Assets 12.5 Use of Business Assets 13 ïnformation Security ïncident Management 13.1 Incident Cycle 13.2 Reporting information security incidents 13.3 Management of information security incidents and improvements 13.4 Review Questions—Block 5

14 14.1 14.2

Physical and Environmental Security

Security Guards

The Working Space

14.3 Intruder detection 14.4 Special rooms 14.5 The Object 14.6 Equipment 14.7 The Building 14.8 Alarms 14.9 Fire extinguishing agents 14.10 Storage Media

14.11 Cabling

14.12 Review Questions—Block 6

15 15.1 15.2 15.3 15.4

15.5 15.6 15.7

Access Control

Electronic Access Management

User Access Management

Network Access Control

Operating system access control

Application and information access control

Mobile computing and teleworking

Review Questions—Block 7

8 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055

69 69 70 72 72 74 76 80 81 82 82 82

82 84 86 87 87 89 89 91 96 97 98

99 99 101 101 102 103

16 16.1 16.2 16.3 16.4 16.5 16.6 16.7 16.8 17 17.1 17.2 17.3 17.4 17.5 17.6 17.7

17.8 17.9 18.

ïnformation Systems Development & Maintenance

Security requirements of information systems

Correct Processing in Applications

Cryptography

Key management

Types of cryptographic systems

Access management for program source codes

Security in Development and Support Processes

Technical vulnerability management

Communications and Operations Management

Operating Procedures and Responsibilities

Management of Services by a Third Party

Systems Planning and Acceptance

Protection against Malware, Phishing and Spam

Backup and restore

Managing network security

Media handling

Exchanging information

Review Questions—Block 9

Security Policy

18.1 Security Policy 18.2 Hierarchy of Policy Document 18.3 Evaluating the Information Security Policy 18.4 Review Questions—Block 10 19. Organizing ïnformation Security 19.1 Internal Organization 19.2 External Parties 19.3 Review Questions—Block 11 20 Business continuity management

9 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055

104 104 106 108 109 109 111 112 114 117 117 119 120 120 121 121 122 124 126 127 127 128 129

129 130 130 133 137 138

20.1 Continuity 20.2 What are disasters? 20.3 Review Questions—Block 12 21 Human Resources Security 21.1 Prior to Employment 21.2 During Employment 21.3 Termination or Change of Employment 21.4 Review Questions—Block 13 22 Compliance—Legislation and Regulations

22.1 Compliance 22.2 Observing security policy and security standards 22.3 Monitoring measures 22.4 Review Questions—Block 14 23 Associated Frameworks 23.1 ITIL® 23.2 CobiT 23.3 MoF 23.4 Six Sigma 23.5 CMMi 23.6 Other ISO/IEC Standards

24 24.1 24.2

24.3 24.4 24.5 24.6 25 26

Certiîcation

ISO/IEC 27002 Certiîcation Pathways

ISO/IEC 20000 Certiîcation Pathways

ITIL® Certiîcation Pathways

Cloud Computing Certiîcation Pathways

Customer Service Certiîcation Pathway

Help Desk Certiîcation Scheme

ïSO/ïEC 27002 Foundation Exam Tips

Answers to Review Questions

10 Copyright The Art of Service I Brisbane, Australia I Email:service@theartofservice.com Web:http://store.theartofservice.comI eLearning:http://theartofservice.orgI Phone: +61 (0) 7 3252 2055