Information security issues impact all organizations; however measures
used to implement effective measures are often viewed as a business
barrier costing a great deal of money. This practical title clearly
explains the approaches that most organizations can consider and
implement which helps turn Information Security management into an
approachable, effective and well-understood tool. It covers: the quality
requirements an organization may have for information; the risks
associated with these quality requirements; the countermeasures that are
necessary to mitigate these risks; ensuring business continuity in the
event of a disaster; when and whether to report incidents outside the
organization. All information security concepts in this book are based
on the ISO/IEC 27001 and ISO/IEC 27002 standards. But the text also
refers to the other relevant international standards for information
security. The book also contains many Case Studies which usefully
demonstrate how theory translates into an operating environment This
book is primarily developed as a study book for anyone who wants to pass
the ISFS (Information Security Foundation) exam of EXIN. In an appendix
an ISFS model exam is given, with feedback to all multiple choice
options, so that it can be used as a training for the real ISFS exam.
