Managementsysteme für Informationssicherheit (ISMS) mit DIN EN ISO/IEC 27001 betreiben und verbessern

Operating and improving information security management systems (ISMS) in accordance with DIN EN ISO/IEC 27001

(Please note: This publication is only available in German.)

Operating a certified information security management system (ISMS) is not only sensible, but also a legal requirement for some industries. The ISO/IEC 27000 series provides a framework in which the measures and objectives, responsibilities and control options are defined. This book is intended as a working aid for fulfilling the requirements. The 2nd edition also takes into account the changes resulting from the revisions that have been made to the series of standards. The DIN Media Praxis volume provides an overview of the standardization environment of the ISO/IEC 27000 series and the function and significance of the individual standards. It explains interrelationships and provides specific advice on the implementation and operation of the ISMS, and also addresses successful re-certification.

In the 2nd edition, all chapters have been updated and adapted to the currently valid standards. Two chapters dealing with the evaluation and optimization of ISMS have been significantly expanded; the chapter on critical infrastructures has been supplemented.

The following topics, among others, can be found in this DIN Media Praxis volume:

• legal framework conditions
• operational documentation in accordance with ISO/IEC 27001:2013
• risk management
• resources
• continuous evaluation and improvement
   

Up-to-date, legally compliant information security management

As the operator of an information security management system, you need clear and easy-to-understand technical information that helps you to make the best decisions at all times and fulfil the requirements arising from EU regulations, for example. Even experts will have to get to grips with the topic again due to the new version of DIN EN ISO/IEC 27001 published in 2024. This book aims to offer just that: It is intended to provide valuable and clear instructions for concrete practice. This book from the DIN Media Praxis series contains:

• A comprehensive overview of standards and specifications
  The large number of standards and specifications that are available and must be fulfilled can be confusing even for experienced operators; for laypersons, the complex structures are sometimes difficult to comprehend. The book is therefore intended as a useful overview of the current framework conditions.
   
• Individual ISMS set-up
  The requirements for the ISMS are based on the individual circumstances derived from the requirements of European cybersecurity regulation. In this book, you will find out how this affects you and what you need to consider.
   
• Evaluation and improvement in practice
  An ISMS must be continuously evaluated and improved over the course of the Check and Act phases. But what does this mean in practice and what is the best way to proceed? The book provides answers and backs them up with examples that make the procedures easy to understand.

This reference book provides experts and beginners alike with the information they need to operate and optimize the information security management systems entrusted to them.
 

Included in this book:

• Introduction
• Legal framework
• Background to standardization
• Overview of the standards in the ISO 27000 series
• Integrated management systems
• Operational documentation of an ISMS in accordance with DIN EN ISO/IEC 27001
• Providing resources and ensuring expertise
• Creating awareness and improving communication
• Managing information security risks
• Evaluating an ISMS
• Improving an ISMS

This book is for:
Security officers, consultants, IT service providers, students and people changing career, management system officers (especially in energy supply companies)