ISO27001 in a Windows Environment

Posted on by Ben Rothke

Imagine auto racing where none of the pit crew did things in synchronicity. No driver would keep such a crew. Yet in the world of IT, many firms have staff administering Windows systems, each individual doing it in a different way, with assorted and often conflicting techniques. Such a methodology often leads to chaos and makes the cost of management and administration skyrocket.

ISO27001 is an Information Security Management System (ISMS) standard published by the International Organization for Standardization (ISO) that details a formal management system for bringing information security under control. The benefit of a formal system is that with detailed and specific requirements, divergent members of the IT crew can all work off the same playbook.

In ISO27001 in a Windows Environment, my friend and author Brian Honan takes the higher level details of ISO27001 and enumerates them for Windows users. This is a huge benefit to the reader as far too many books detail everything you want to know about ISO­27001 but provide little to no guidance on how to actually implement the standard.

The book’s 11 chapters and two appendices provide the reader with a solid over­view on the fundamentals of ISO27001. This second edition of the book is updated for Windows 7 and Windows Server 2008. In addition, the author shows how one can use the internal Windows capabilities without having to purchase additional third-party software for compliance.

Anyone who will be using ISO27001 in a Windows environment and wants to make its implementation easier should certainly have ISO27001 in a Windows Environment at their side

Ben Rothke

Senior Information Security Manager, Tapad

data security

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community