Implementing ISO27001 in a Windows® Environment

The information security management standard (ISMS), ISO/IEC 27001, provides a significant implementation challenge for all organizations. A significant number of the controls to be applied will, of necessity, be technical and will relate to how IT hardware and software are set up and configured. As a result, there is often a gulf in understanding as to what is required between the ISO27001 ISMS project manager and those responsible for implementing the technical controls. This book does an outstanding job of helping parties on both sides to bridge the gulf. It identifies the recommended technical controls of ISO27001 s Annex A and, for a Microsoft environment, provides guidance on how (if, on the basis of a risk assessment, they are considered necessary) to implement them. This book fills a major hole in the guidance literature for ISO27001 and makes a significant contribution to helping both project managers and IT and security staff get to grips with what controls are appropriate to mitigate identified risks. It is designed as a step-by-step guide through the journey of implementing ISO27001 in a Microsoft® Windows® environment.