Secure & Simple – A Small-Business Guide to Implementing ISO 27001 On Your Own

In Secure & Simple Dejan Kosutic, an author and experienced information security consultant, is giving away all his practical know-how on successful ISO 27001 implementation. Whether you’re new or experienced in the field, this book gives you everything you will ever need to implement ISO 27001 on your own.

Dejan provides examples of implementing the standard in small and medium-sized organizations (i.e. companies with up to 500 employees). It is written primarily for beginners in the field and for people with moderate knowledge of ISO 27001. Even if you do have experience with the standard, but feel that there are gaps in your knowledge, you’ll find this book very helpful.

Secure & Simple is the definitive guide for implementing and maintaining the most popular information security standard in the world. The author leads you, step-by-step, from an introduction to ISO 27001 to the moment your company passes the certification audit. During that journey you will learn:


The most common ISO 27001 myths, like “The standard requires xyz;” “We’ll let the IT department handle it;” “We’ll implement it in a couple of months;” and others.
How to convince your top management to implement ISO 27001. “If you think that your management loves to listen to your great idea about a new firewall, or the perfect tool you've discovered for handling incidents, you're wrong – they just don't care.” This book will help you speak the language they want to hear.
How to write the Risk Assessment Methodology plus other policies and procedures.
How to identify potential risks. “Employees (and the organization as a whole) are usually aware of only 25 to 40% of risks – therefore, a thorough and systematic process needs to be carried out…” Learn how to identify all potential risks that could endanger the confidentiality, integrity, and availability of organization’s information.
What are the most important steps in order to prepare a company for the certification, and much more.

Written in plain English with a lot of practical examples, charts and diagrams, it is the only book you’ll need on the subject of ISO 27001 implementation.