We use cookies to improve your experience. By using our site you are accepting our cookie policy. 
Read our privacy policy to learn more.

Innovation and Best Practice
for Business Success

Established 1967



IT Governance

IT Governance

An International Guide to Data Security and ISO27001/ISO27002

Alan Calder, Steve Watkins

£49.99

Offers a full understanding of how best to deal with information security risks, including an overview of the very latest industry standards in key markets around the world.

Buy product Buy now

About the book

Faced with constant and fast-evolving threats to information security and with a growing exposure to cyber risk, managers at all levels and in organizations of all sizes need a robust IT governance system. Now in its sixth edition, the bestselling IT Governance, 6th edition, provides guidance for companies looking to protect and enhance their information security management systems and protect themselves against cyber threats. IT Governance has been fully updated to take account of current cyber security and advanced persistent threats and reflects the latest regulatory and technical developments, including the 2013 updates to ISO 27001/ISO 27002. Changes for this edition include:

Full updates throughout in line with the revised ISO 27001 standard and accompanying ISO 27002 code of practice for information security controls
Full coverage of changes to data-related regulations in different jurisdictions and advice on compliance
Guidance on the options for continual improvement models and control frameworks made possible by the new standard
New developments in cyber risk and mitigation practices
The latest technological developments that affect IT governance and security
Guidance on the new information security risk assessment process and treatment requirements


Including coverage of key international markets, IT Governance is the definitive guide to implementing an effective information security management and governance system.


Table Of Contents

    • Chapter - 01: Why is information security necessary?;
    • Chapter - 02: The UK Combined Code, the FRC Risk Guidance and Sarbanes–Oxley;
    • Chapter - 03: ISO27001;
    • Chapter - 04: Organizing information security;
    • Chapter - 05: Information security policy and scope;
    • Chapter - 06: The risk assessment and Statement of Applicability;
    • Chapter - 07: Mobile devices;
    • Chapter - 08: Human resources security;
    • Chapter - 09: Asset management;
    • Chapter - 10: Media handling;
    • Chapter - 11: Access control;
    • Chapter - 12: User access management;
    • Chapter - 13: System and application access control;
    • Chapter - 14: Cryptography;
    • Chapter - 15: Physical and environmental security;
    • Chapter - 16: Equipment security;
    • Chapter - 17: Operations security;
    • Chapter - 18: Controls against malicious software (malware);
    • Chapter - 19: Communications management;
    • Chapter - 20: Exchanges of information;
    • Chapter - 21: System acquisition, development and maintenance;
    • Chapter - 22: Development and support processes;
    • Chapter - 23: Supplier relationships;
    • Chapter - 24: Monitoring and information security incident management;
    • Chapter - 25: Business and information security continuity management;
    • Chapter - 26: Compliance;
    • Chapter - 27: The ISO27001 audit



Book Details

  • EAN: 9780749474058
  • Edition: 6
  • Published: 3rd September 2015
  • Paperback
  • Dimensions: 234x156
  • 360 pages

About the Author

Alan Calder is founder-director of IT Governance Ltd, which provides IT governance, compliance, risk management and information security books, trading tools, consultancy and training. Alan consults with companies internationally on matters relating to information security.

Steve Watkins
is a director at IT Governance, Chair of the ISO/IEC 27001 User Group - the UK Chapter of the ISMS International User Group - and contracted Technical Assessor for UKAS, assessing certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He sits on the UK national standards body's technical committees RM/1, IST/33 and sub-committee IST/33/1 , and is Chair of IST/33/1 Panel 2, which is responsible for the UK's contributions to standards including ISO 27006, 27007, 27008 and 27021.


Alan Calder


Steve Watkins