Introduction1 Why is information security necessary?2 The Corporate Governance Code, the FRC Risk Guidance and Sarbanes-Oxley3 lSO270014 Organizing information security5 Information security policy and scope6 The risk assessment and Statement of Applicability7 Mobile devices8 Human resources security9 Asset management10 Media handling11 Access control12 User access management13 System and application access control14 Cryptography15 Physical and environmental security16 Equipment security17 Operations security18 Controls against malicious software (malware)19 Communications management20 Exchanges of information21 System acquisition, development and maintenance22 Development and support processes23 Supplier relationships24 Monitoring and information security incident management25 Business and information security continuity management26 Compliance27 The lSO27001 auditAppendix 1: Useful websitesAppendix 2: Further readingIndex