An Introduction to ISO/IEC27001:2013

David Brewer

Published by

BSI

ISBN

9780580821653

RRP

£27

Reviewed by

A P Sutcliffe PG Dip CCI, MBCS

Score

7 out of 10

One of the key standards for those working with information technology relates to the security of data within information systems.

This standard provides guidance on how to develop a suitable data security policy within any organisation. Called an information security management system or ISMS for short, it is a structure that should meet the needs of most businesses.

The ISO 27001 standard was formally agreed in 2005 and since then, a very large number of organisations around the world have used the standard to produce their own ISMS.

The experiences of numerous individuals and businesses that have worked on those developments have shown where the original framework could be improved, and this book sets out to explain where the new version of the standard varies from the original.

Although the text does contain some information on the full standard, it does not provide all of the detail required in order to develop a full ISMS. The majority of the material concentrates on the main differences between the two versions and offers some explanation along with some justification of why the changes were felt appropriate. Some of this is in tabular form, making it easier to see the reforms and understand how they fit into the overall scheme.

Overall, the book is designed to be used as a reference work and the layout conforms to the framework of the standard, making it easier to identify the key components. This makes it a useful tool and one that would be of some significant benefit for those people working on updating their existing ISMS.

However, it should be highlighted that this book will not provide a complete understanding of the full standard. It is most suitable for those that have already completed accreditation or have undertaken the relevant study and wish to conduct an update. Those that have yet to undertake the work will not find the book too helpful and will need to use it in conjunction with other material that gives more in-depth detail on the original structure.

The book does partially achieve what it sets out to do and provides some good insight into the changes to the standard, although not as much as might be appropriate.  

Further information: BSI

December 2013