Essential guidance for everyone involved in a Windows®-based ISO27001 project
Most ISO27001 implementations will involve a Windows® environment at some level. Unfortunately, there is often a knowledge gap between those trying to implement ISO27001 and the IT specialists trying to put the necessary best practice controls in place using Microsoft®’s technical controls. ISO27001 in a Windows® Environment bridges that gap and gives essential guidance to everyone involved in a Windows®-based ISO27001 project.
Successfully implement ISO27001 in a Windows® environment with this step-by-step guide
The third edition of ISO27001 in a Windows® Environment covers Windows® 8 and Microsoft® Windows Server® 2012. It is also completely aligned to ISO27001:2013, the latest version of the international standard for information security management.
•Details the various controls required under ISO27001, together with the relevant Microsoft® products that can be used to implement them.
•Explains how to make the most of Windows® security features.
•Ideal for bridging the knowledge gap between ISO27001 and Windows® security.
Contents
1. Information and Information Security; 2. Using an ISMS to Counter the Threats; 3. An Introduction to ISO27001; 4. Identify your Information Assets; 5. Conducting a Risk Assessment; 6. An Overview of Microsoft Technologies; 7. Implementing ISO27001 in a Microsoft environment; 8. Securing the Windows® environment; 9. Securing the Microsoft® Windows Server® platform; 10. Auditing and Monitoring; 11. Securing your Servers; 12. Appendix 1: Overview of security settings for Windows Server® 2008 and 2012 servers and domain controllers; 13. Appendix 2: Bibliography, Reference and Further Reading
About the Author
Brian Honan is a recognised industry expert on information security, in particular the ISO27001 information security standard. An independent consultant, Brian provides consulting services to clients in various industry segments and his work includes advising various government security agencies and the European Commission. Brian also established Ireland’s first ever Computer Security Incident Response Team.
Most ISO27001 implementations will involve a Windows® environment at some level. Unfortunately, there is often a knowledge gap between those trying to implement ISO27001 and the IT specialists trying to put the necessary best practice controls in place using Microsoft®’s technical controls. ISO27001 in a Windows® Environment bridges that gap and gives essential guidance to everyone involved in a Windows®-based ISO27001 project.
Successfully implement ISO27001 in a Windows® environment with this step-by-step guide
The third edition of ISO27001 in a Windows® Environment covers Windows® 8 and Microsoft® Windows Server® 2012. It is also completely aligned to ISO27001:2013, the latest version of the international standard for information security management.
•Details the various controls required under ISO27001, together with the relevant Microsoft® products that can be used to implement them.
•Explains how to make the most of Windows® security features.
•Ideal for bridging the knowledge gap between ISO27001 and Windows® security.
Contents
1. Information and Information Security; 2. Using an ISMS to Counter the Threats; 3. An Introduction to ISO27001; 4. Identify your Information Assets; 5. Conducting a Risk Assessment; 6. An Overview of Microsoft Technologies; 7. Implementing ISO27001 in a Microsoft environment; 8. Securing the Windows® environment; 9. Securing the Microsoft® Windows Server® platform; 10. Auditing and Monitoring; 11. Securing your Servers; 12. Appendix 1: Overview of security settings for Windows Server® 2008 and 2012 servers and domain controllers; 13. Appendix 2: Bibliography, Reference and Further Reading
About the Author
Brian Honan is a recognised industry expert on information security, in particular the ISO27001 information security standard. An independent consultant, Brian provides consulting services to clients in various industry segments and his work includes advising various government security agencies and the European Commission. Brian also established Ireland’s first ever Computer Security Incident Response Team.
