***** ISO27001 in a Windows Environment. By Brian Honan. IT Governance Ltd., www.itgovernanceusa.com; 322 pages; $59.95.
Imagine auto racing where none of the pit crew did things in synchronicity. No driver would keep such a crew. Yet in the world of IT, many firms have staff administering Windows systems, each individual doing it in a different way, with assorted and often conflicting techniques. Such a methodology often leads to chaos and makes the cost of management and administration skyrocket.
ISO27001 is an Information Security Management System (ISMS) standard published by the International Organization for Standardization (ISO) that details a formal management system for bringing information security under control. The benefit of a formal system is that with detailed and specific requirements, divergent members of the IT crew can all work off the same playbook.
In ISO27001 in a Windows Environment, author Brian Honan takes the higher level details of ISO27001 and enumerates them for Windows users. This is a huge benefit to the reader as far too many books detail everything you want to know about ISO27001 but provide little to no guidance on how to actually implement the standard.
The book’s 11 chapters and two appendices provide the reader with a solid overview on the fundamentals of ISO27001. This second edition of the book is updated for Windows 7 and Windows Server 2008. In addition, the author shows how one can use the internal Windows capabilities without having to purchase additional third-party software for compliance.
Anyone who will be using ISO27001 in a Windows environment and wants to make its implementation easier should certainly have this reference at their side.
Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is an information security manager with Wyndham Worldwide. The views expressed are exclusively his own.