Five ISO 27001 books you should read

If you’re embarking on your first ISO 27001 compliance project, you probably want to learn as much as possible.

Many practitioners attend training courses to gain the practical knowledge and skills needed to develop an ISO 27001-compliant information security management system (ISMS). Some go even further, securing a budget to hire an experienced ISO 27001 consultant to guide them through the process and help them with the more complex aspects.

However, most security professionals start by simply reading a lot on the subject. Books contain huge amounts of information at a relatively low cost, you read them in your own time and you can go back to them whenever you want. But with so many guides on information security, it’s hard to know which ones are the most useful.

With that in mind, we’ve picked five books from our ISO 27001 library to get you started.

The Case for ISO 27001:2013

Written by Alan Calder, the founder and executive chairman of IT Governance, this book is the ideal primer. It explains the principles of ISO 27001, highlights the benefits of implementing the Standard and makes an ideal supporting document for developing an ISO 27001 project proposal.


Nine Steps to Success – An ISO 27001 Implementation Overview

Achieving and maintaining accredited certification to ISO 27001 can be complicated, especially if you’re new to the Standard. This book is the perfect guide for those tackling implementation for the first time, covering scoping, planning, how to gain management support, communication, risk assessments and documentation.


IT Governance: An International Guide to Data Security and ISO27001/ISO27002

This bestselling book is the perfect manual for designing, documenting and implementing an ISO 27001-compliant ISMS. It was selected as the textbook for the Open University’s postgraduate information security course and is the recommended text for all IBITGQ ISO 27001 courses.


ISO 27001 Assessments Without Tears

Organisations usually implement ISO 27001 with the aim of certifying to the Standard, which means they need to pass an independent audit. This pocket guide explains what an ISO 27001 assessment is, why it matters and what employees need to do if an auditor questions them.

ISO 27001 in a Windows Environment

Most ISO 27001 implementation projects involve a Windows environment at some point. Unfortunately, few people are knowledgeable about both ISO 27001 implementation and Windows’ best-practice controls. This guide helps you understand both of these, providing essential advice for anyone involved in a Windows-based ISO 27001 implementation project.

Subscribe to our Daily Sentinel for all the latest cyber security news and advice.