One of the biggest projects I worked on last year was writing my first book. The book is called “Implementing ISO 27001 in a Windows Environment“. I wrote this book in response to the many questions clients have asked me on how best to put in place the various controls and goals outlined in the ISO 27001 Informration Security Standard (formerly BS 7799).
Very often these people were IT Managers who were mandated by their senior management to implement the standard in order to provide the business that they were using recognised best practises to secure their information assets.
However these managers suddenly faced a number of major challenges.;
- They had to first become familiar with the ISO 27001 Information Security Standard and understand how it works.
- Identify what controls were applicable to their organisation based on their risk assessment and resultant required controls.
- How to ensure that the controls that required technical configurations were being properly implement
- Last but not least how to do all the above in the most effective and cost efficient manner possible.
As someone who has a lot of experience with implementing the standard, and also a strong technical background, I decided to write this book to help address those issues. I also decided to focus on how to leverage some of the existing Microsoft technology, such as Microsoft Windows Server 2008, Microsoft Windows Vista and various other Microsoft secruity tools, that most organisations have employed.
So last summer my journey as an author began. It is been a long and at times challenging journey but I am happy to say that it is coming to an end.
My book “Implementing ISO 27001 In a Windows Environment” will be published on February the 3rd 2009 and is now available for pre-order at the IT Governance website. If you are considering rolling out ISO 27001 in your organisation, I would recommend that you purchase the book as it may save you a lot of time, money and frustration.