Note: In this book, the following subjects are included: information security, the risk assessment and treatment processes (with practical examples), the information security controls. The text is based on the 2022 editions of the ISO / IEC 27001 and the ISO / IEC 27002 standards. The author is a participant to the editing meetings for such standards. Appendixes include short presentations on auditor managmeent, on ISO / IEC 27001 certifications, on Common Criteria and FIPS 140 (updated in 2022) and check lists for change management, contracts and for the transition from the 2013 to the 2022 controls. CESARE GALLOTTI has been working since 1999 in the information security and IT process management fields and has been leading many projects in Italy, Europe, Asia and Africa, for companies of various sizes and market sectors. He has been leading projects as consultant or auditor for the compliance with ISO / IEC 27001, ISO 9001, ISO / IEC 20000 or ISO 22301 and has been designing and delivering ISO / IEC 27001, privacy and ITIL training courses. Some of his certifications are: Lead Auditor ISO / IEC 27001, Lead Auditor 9001, CISA, ITIL Expert and CBCI, CIPP / e. Since 2010, he has been Italian delegate for the ISO / IEC JTC 1 SC 27 WG 1, i.e. the ISO / IEC 27000 standard family editing group. |