We use cookies to improve your experience. By using our site you are accepting our cookie policy. 
Read our privacy policy to learn more.

IT Governance

IT Governance

An International Guide to Data Security and ISO27001/ISO27002

Steve Watkins, Alan Calder

From £41.66

Get a full understanding of how best to deal with information security risks, including an overview of the very latest industry standards in key markets around the world.

Buy product
Buy now

About the book

Faced with constant and fast-evolving threats to information security and with a growing exposure to cyber risk, managers at all levels and in organizations of all sizes need a robust IT governance system. Now in its sixth edition, the bestselling IT Governance provides guidance for companies looking to protect and enhance their information security management systems and protect themselves against cyber threats. This version has been fully updated to take account of current cyber security and advanced persistent threats and reflects the latest regulatory and technical developments, including the 2013 updates to ISO 27001/ISO 27002.

Changes for this edition include: updates in line with the revised ISO 27001 standard and accompanying ISO 27002 code of practice for information security controls; full coverage of changes to data-related regulations in different jurisdictions and advice on compliance; guidance on the options for continual improvement models and control frameworks made possible by the new standard; new developments in cyber risk and mitigation practices; guidance on the new information security risk assessment process and treatment requirements. Including coverage of key international markets, IT Governance is the definitive guide to implementing an effective information security management and governance system.

Table Of Contents

    • Chapter - 01: Why is information security necessary?;
    • Chapter - 02: The UK Combined Code, the FRC Risk Guidance and Sarbanes–Oxley;
    • Chapter - 03: ISO27001;
    • Chapter - 04: Organizing information security;
    • Chapter - 05: Information security policy and scope;
    • Chapter - 06: The risk assessment and Statement of Applicability;
    • Chapter - 07: Mobile devices;
    • Chapter - 08: Human resources security;
    • Chapter - 09: Asset management;
    • Chapter - 10: Media handling;
    • Chapter - 11: Access control;
    • Chapter - 12: User access management;
    • Chapter - 13: System and application access control;
    • Chapter - 14: Cryptography;
    • Chapter - 15: Physical and environmental security;
    • Chapter - 16: Equipment security;
    • Chapter - 17: Operations security;
    • Chapter - 18: Controls against malicious software (malware);
    • Chapter - 19: Communications management;
    • Chapter - 20: Exchanges of information;
    • Chapter - 21: System acquisition, development and maintenance;
    • Chapter - 22: Development and support processes;
    • Chapter - 23: Supplier relationships;
    • Chapter - 24: Monitoring and information security incident management;
    • Chapter - 25: Business and information security continuity management;
    • Chapter - 26: Compliance;
    • Chapter - 27: The ISO27001 audit


One of the greatest features of this guide is that it approaches IT governance from the prospective of a director or manager rather than an IT specialist, meaning you do not have to already be well versed in IT governance to glean the important points and lessons demonstrated within these pages.
Nikki Lazenby and Chris Moffitt, Internal Auditing

Book Details

  • EAN: 9780749474058
  • Edition: 6
  • Published: 3rd September 2015
  • Paperback
  • Format: 234x155
  • 360 pages

About the Author

Alan Calder is founder-director of IT Governance Ltd, which provides IT governance, compliance, risk management and information security books, trading tools, consultancy and training. Alan consults with companies internationally on matters relating to information security.

Steve Watkins is a director at IT Governance, Chair of the ISO/IEC 27001 User Group - the UK Chapter of the ISMS International User Group - and contracted Technical Assessor for UKAS, assessing certification bodies offering ISMS/ISO 27001 and ITSMS/ISO 20000-1 accredited certification. He sits on the UK national standards body's technical committees RM/1, IST/33 and sub-committee IST/33/1 , and is Chair of IST/33/1 Panel 2, which is responsible for the UK's contributions to standards including ISO 27006, 27007, 27008 and 27021.

Steve Watkins

Alan Calder