Information security issues impact all organizations; however measures used to implement effective measures are often viewed as a business barrier costing a great deal of money. This practical title clearly explains the approaches that most organizations can consider and implement which helps turn Information Security management into an approachable, effective and well-understood tool. It covers: the quality requirements an organization may have for information; the risks associated with these quality requirements; the countermeasures that are necessary to mitigate these risks; ensuring business continuity in the event of a disaster; when and whether to report incidents outside the organization. All information security concepts in this book are based on the ISO/IEC 27001 and ISO/IEC 27002 standards. But the text also refers to the other relevant international standards for information security. The book also contains many Case Studies which usefully demonstrate how theory translates...