ISO27001 in a Windows environment : the best practice handbook for a Microsoft Windows environment / Brian Honan.

Format:

Book

Author/Creator:

Honan, Brian, author.

Language:

English

Subjects (All):

Microsoft Windows (Computer file).

Computer security--Standards.

Computer security.

Physical Description:

1 online resource (316 p.)

Edition:

3rd ed.

Place of Publication:

Cambridgeshire, [England] : IT Governance Publishing, 2009.

Language Note:

English

Summary:

<span> A step-by-step guide to implementing ISO27001 in a Microsoft® Windows® environment</span>

Contents:

Foreword; Preface; About the Author; Acknowledgements; contents; Introduction; Chapter 1: Information and Information Security; Information security concepts; Other information security concepts; The importance of information security; Chapter 2: Using an ISMS to Counter the Threats; System security versus information security; The structure of an ISMS; Information security policy; Acceptable usage policy; Remote access policy; Information management policy; Computer malware prevention and protection policy; Password policy; Managing exceptions to the policy

Chapter 3: An Introduction to ISO27001The ISO27000 standards family; History of ISO27001; What is in the ISO27001 standard?; Continual improvement; What are the benefits of ISO27001?; Chapter 4: Identify your Information Assets; Define the scope of the ISMS; Identifying your information security assets; Information asset classification; The value of information assets; Chapter 5: Conducting a Risk Assessment; What is risk?; Vulnerability; Threats to information; Theft; Loss; Intrusion; Corruption; Denial of service; Natural threats; Managing risks; Risk acceptance; Risk mitigation

Risk avoidanceRisk transfer; Risk deference; The different types of risk analysis; Quantitative risk analysis; The advantages of quantitative risk analysis; The disadvantages of quantitative risk management; Qualitative risk management; The advantages of qualitative risk management; The disadvantages of qualitative risk management; The quantitative versus qualitative approach; Risk management tools; Microsoft Security Risk Management Guide; Chapter 6: An Overview of Microsoft Technologies; Microsoft® Windows Server® 2008; Security features of Microsoft® Windows Server® 2008

Read-only domain controllerBitLockerTM drive encryption; Server Core; Network Access Protection; Routing and Remote Access service; Windows® Firewall with Advanced Security; Active Directory® Certificate Services; Active Directory® Rights Management Services; Group Policies; Microsoft® Windows Server® 2012; Security features of Microsoft® Windows Server® 2012; Microsoft® Windows® 7; Microsoft® Windows® 8; Windows® Backup and Restore Center; Automatic Backup; Complete Backup; BitLockerTM; DirectAccess; AppLockerTM; Windows® Firewall; Windows® Defender; User Account Control

Windows® Security CenterMicrosoft® ForefrontTM; Microsoft® Systems Center; Microsoft® Windows Server® Update Services; Microsoft® Baseline Security Analyzer; Microsoft Security Risk Management Guide; Microsoft® Threat Analysis and Modeling; Microsoft® CAT.NET; Microsoft® Source Code Analyzer for SQL Injection; Chapter 7: Implementing ISO27001 in a Microsoft environment; Section 4 Information security management system; Section A.6 Organisation of information security; Section A.7 Human resource security; Section A.8 Asset management; Section A.9 Access control; Section A.10 Cryptography

Table 22: A.11.2 Equipment

Notes:

Description based upon print version of record.

Includes bibliographical references and index.

Description based on online resource; title from PDF title page (ebrary, viewed August 10, 2014).

ISBN:

1-84928-604-3

OCLC:

890529946