In this updated edition, renowned ISO 27001/27002 experts Alan Calder and Steve Watkins:
IT Governance – An international guide to data security and ISO 27001/ISO 27002, Eighth edition provides:
As cyber threats continue to increase in prevalence and ferocity, it is more important than ever to implement a secure ISMS to protect your organization. Certifying your ISMS to ISO 27001 and ISO 27002 demonstrates to customers and stakeholders that your organization is handling data securely.
A key resource for forward-looking executives and managers in 21st-century organizations of all sizes.
Alan Calder founded IT Governance Ltd in 2002 and began working full-time for the company in 2007. He is now Group CEO of GRC International Group PLC, the AIM-listed company that owns IT Governance Ltd. Before this, Alan had a number of roles including CEO of Business Link London City Partners (a government agency focused on helping growing businesses to develop) from 1995 to 1998, CEO of Focus Central London (a training and enterprise council) from 1998 to 2001, and CEO of Wide Learning (a supplier of e-learning) from 2001 to 2003, and the Outsourced Training Company (2005). He was also chairman of CEME (a public-private sector skills partnership) from 2006 to 2011.
Alan is an acknowledged international cybersecurity guru and a leading author on information security and IT governance issues. He has been involved in the development of a wide range of information security management training courses that have been accredited by ITBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.
Steve Watkins is a director of Kinsnall Consulting Ltd, which provides strategic and tactical advice and training on cybersecurity, information security and privacy standards, and certification schemes.
He is a contracted technical assessor for UKAS, conducting assessments of certification bodies offering ISMS/ISO 27001, PIMS/ISO 27701, and ITSMS/ISO 20000-1 accredited certification. He also undertakes information security assessments of forensic science laboratories seeking accreditation to the Forensic Science Regulator’s codes of practice and conduct.
Steve is a member of ISO/IEC JTC 1/SC 27, the international technical committee responsible for information security, cybersecurity, and privacy protection standards, where he is a co-editor of ISO/IEC 27006-1. He chairs IST 33, the UK national standards body’s technical committee that mirrors SC 27, and is a member of the European Commission’s Stakeholder Cybersecurity Certification Group (SCCG).
Steve started working with ISMS standards in 1997. He has since supported a wide range of training and consultancy clients working with ISO/IEC 27001, including globally recognized brands, public-sector organizations, and a wide selection of SMEs. Steve was a director of IT Governance Ltd from 2008 and on the board of GRC International Group PLC through to May 2021.