ABSTRACT
The purpose of this book is to assist the reader in establishing an effective information security management system (ISMS) and achieving ISO 27001 certification. The process to establish an ISMS is one instance of an overall compliance management process, where the compliance requirements in context of achieving ISO 27001 certification are ISO 27001 and ISO 27002. It is possible to abstract the ISO 27001 certification process described thus far into a general compliance management process accommodating many compliance requirements. Other compliance requirements may be Sarbanes-Oxley, Health Insurance Portability and Accountability Act (HIPAA), or legislation applicable to civilian government (e.g., Federal Information Security Management Act [FISMA]). This chapter presents material regarding an abstract approach to compliance management applicable to all these and more.
