In this interview, we talk to Dr. Edward Humphreys, author of the book Implementing the ISO/IEC 27001 Information Security Management System Standard, Third Edition. We discuss the motivation behind writing the book, the target audience, the most useful aspects of the book, the challenges of writing the book, and advice for other engineers who are considering writing a book.
Edward Humphreys is a visiting professor across Europe and Asia for short courses in ISMS, cyber resilience, risk management and risk psychology. He is the convener of the ISO/IEC JTC 1/SC 27 responsible for the development and maintenance of the family of ISO/IEC 27001 ISMS standards.
1. Could you summarize the main content of your book? What are the key topics addressed?
This book is a one-stop resource on all you need to know about the international standard ISO/IEC 27001. This third edition provides much needed practical information on the design, implementation and maintenance of an information security management system based on ISO/IEC 27001. It covers key topics such as risk assessment, mitigation of risks, on-going monitoring of your information security management, continual improvement and other key aspects required for the management and preservation the confidentiality, integrity and availability of information.
2.What is the primary purpose of your book? How do you envision it helping readers in their work or studies?
The primary purpose is the preservation the confidentiality, integrity and availability of information through the management of risk and the mitigation of risks. The book provides many case studies and examples to illustrate how the standard can be used, and this will help readers to understand and deploy the standard in their own business environment and risk environment. The book will also help readers understand the process of ISO/IEC 27001 certification.
3.What sets your book apart from other works in the same field? Are there any innovative concepts, methodologies, or insights that make it stand out?
This book is authored by the internationally recognized leading voice and doyen on all things relating to ISO/IEC 27001. The author is internationally known as the “father of ISO/IEC 27001 and ISO/IEC 27002” for his pioneering work in developing the first editions of these standards and for leadership in ISO in revising and managing these standards. This sets the book apart from other works as no other person has led this work on these standards from the very beginning to the current state of play, in such an official and world renowned capacity. The text of this book thus provides the definitive guide from the authoritative voice behind the standard.
The concepts and methodologies presented in this 3rd edition are based on the highly success previous editions and have been updated and revised to reflect to current needs of business requirements and the needs and developments in information security management.
4.Who is the intended readership for your book? Are there specific industries, professionals, or fields of study that would benefit most from this content?
As the book is about one of ISO’s best-selling, high-profile standard it will appeal to an international audience. The book will be useful to professionals in all market sectors and for all sizes of company, from micro, small and medium sized businesses through to the very large businesses. It will be of benefit to a wide spectrum of users and implementors, different levels of management, security officers, risk and compliance managers and auditors. It would also be useful to students studying business studies, cyber-security and computer-science.
5. What are the most important lessons or insights you want readers to take away from this book?
This book emphasizes the critical need to manage risks by assessing the risks and then implementation controls to mitigate the risks. It also sets out the importance of management support, commitment and control as an essential component of information security. Other lessons the book identifies is the need to keep the information security management system up to date which means monitoring its performance, carrying out audits and reviews and making improvements to ensure the information security remains effective in combating cyber risks, there is suitable management controls for mitigating the risks and that there is adequate information security coverage to meet business requirements and needs.
6.Does your book include any original research, case studies, or data? If so, could you highlight some of the most significant findings?
The book provides many case studies and examples to illustrate how the standard can be used, and this will help readers to understand and deploy the standard in their own business environment and risk environment.
7.Does your book address any new or emerging trends in the field? How does it prepare readers for future developments?
This book addresses new and emerging trends in information security management. It also helps readers prepare, manage and keep up to date their information security in the face emerging cyber-risks.
8.What personal experiences, if any, have shaped your perspective or approach to the topics discussed in your book?
The subject of this book on information security management, is the culmination of over thirty years of development and revision of ISO/IEC 27001 and this involves several periods of personal real-world experiences and knowledge that shaped its content, including growth in management and business awareness and decision making regarding cyber-risks, advancement in information security practices, evolving threat intelligence and advancements in cyber risk profiles, emerging trends in technology, and many other important areas of relevant to protection the confidentiality, integrity and available of information.
Learn more about the book on our websites:
More Security and Privacy content here: Security and Privacy – Artech House Insider
