ISO 27001/ISO 27002: A guide to information security management systems

IT Governance Publishing · Alan Calder

Jul 2025 · Packt Publishing Ltd

Ebook

Pages

Ratings and reviews aren’t verified Learn More

About this ebook

Understand ISO 27001 and 27002 standards with this hands-on guide. Navigate key clauses, Annex A, and practical controls to build or audit a robust information security system.Key Features

Covers both ISO 27001 requirements and ISO 27002 guidance in depth
Explains ISMS implementation using real-world context and examples
Clarifies certification process and Annex A controls mapping

Book DescriptionThis comprehensive guide demystifies the ISO 27001 and ISO 27002 standards, offering a clear roadmap to understanding, implementing, and managing an Information Security Management System (ISMS). It begins with foundational concepts, a history of ISO 27001, and introduces the ISO 27000 family. The book proceeds to cover the PDCA cycle, Annex SL structure, and the significance of "shall" vs. "should" in compliance language. Core chapters walk through ISO 27001’s clauses and requirements, from organizational context and leadership to performance evaluation and continual improvement. Annex A's security controls are explored in detail, linking theory with practical application. ISO 27002 is also thoroughly reviewed to offer guidance on selecting and implementing appropriate controls. By the end of the book, readers gain a strong understanding of ISMS design, certification processes, and control mapping. This resource supports IT managers, compliance officers, and auditors seeking to align with international security standards.What you will learn

Define key ISO 27001 and ISO 27002 terms and structures
Apply the Plan-Do-Check-Act cycle to ISMS processes
Interpret ISO 27001 clause requirements for compliance
Implement controls listed in Annex A effectively
Distinguish between 'shall' and 'should' in ISO standards
Prepare for ISO 27001 accredited certification audits

Who this book is for

This book is ideal for information security professionals, compliance officers, auditors, and IT managers seeking to implement or audit ISO 27001/27002 standards. Readers should have a basic understanding of risk management and information security principles.

About the author

IT Governance Publishing (ITGP) is the world's only specialist IT governance publisher. We produce books, toolkits and training aids on a wide range of topics including information security, IT governance, information risk, compliance, cyber security, IT service management, project management and management system standards.

Alan Calder is the Group CEO of GRC International Group PLC, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international Cyber Security Guru, and a leading Author on Information Security and IT Governance issues. He has been involved in the development of a wide range of Information Security Management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted for clients across the globe and is a regular Media Commentator and Speaker.

Rate this ebook

Tell us what you think.

Reading information

Smartphones and tablets

Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.

Laptops and computers

You can listen to audiobooks purchased on Google Play using your computer's web browser.

eReaders and other devices

To read on e-ink devices like Kobo eReaders, you'll need to download a file and transfer it to your device. Follow the detailed Help Center instructions to transfer the files to supported eReaders.

Report illegal content