In this book, the following subjects are included: information security, the risk assessment and treatment processes (with practical examples), the information security controls.
The text is based on the ISO/IEC 27001 and ISO/IEC 27002 standards and on the discussions held during the editing meetings, attended by the author.
Appendixes include short presentations (on auditor managmeent, on ISO/IEC 27001 certifications, on Common Criteria and FIPS 140) and check lists (for change management and contracts).
This book is addressed to those who want to learn about and deepen their knowledge of information security. Many ideas may be of interest to those who already know the subject.
Cesare Gallotti has been working since 1999 in the information security and IT process management fields and has been leading many projects in Italy, Europe, Asia and Africa, for companies of various sizes and market sectors.
He has been leading projects as consultant or auditor for the compliance with ISO/IEC 27001, ISO 9001, ISO/IEC 20000 or ISO 22301 and has been designing and delivering ISO/IEC 27001, privacy and ITIL training courses.
Some of his certifications are: Lead Auditor ISO/IEC 27001, Lead Auditor 9001, CISA, ITIL Expert and CBCI, CIPP/e.
Since 2010, he has been Italian delegate for the ISO/IEC JTC 1 SC 27 WG 1, i.e. the editing group for the ISO/IEC 27000 standard family.
Web: www.cesaregallotti.it; Blog: blog.cesaregallotti.it