A fundamental title that should be part of every information security practitioner s technical library! The vast majority of ISO27001 implementations will, to one extent or another, take place in a Windows environment. ISO27001 project managers are not always Microsoft technical experts, but a large number of the ISO27001 controls require a technical implementation. Bridging the gap between non-technical ISO27001 project managers and IT specialists, this book explains what the controls are, and describes how to implement them in a Windows environment, equipping the ISO27001 project manager to succeed with the implementation. MCSEs who have security training (MCSE Security), but who may not understand the ISO27001 approach to selecting and implementing controls, will also benefit from this book. It provides them with the necessary rationale and links their technical understanding of Microsoft information security controls into the international best practice framework for information security. This book should be a core part of the technical library of every MCSE and information security practitioner. If you have a CISSP, CISM, GIAC, or another professional certification, you should read this book. Covering best practice implementation over a wide range of Windows(r) environments, this second edition is completely up to date for Windows(r) 7 and Server(r) 2008. Benefits to business include: * Enable successful implementation Although ISO27001 project managers are seldom Microsoft technical experts, a large number of the ISO27001 Annexe A controls demand a technical implementation. Now, thanks to this book, project managers can finally give a clear explanation to their technical people of what is required under ISO27001. Armed with this guide, a project manager will find it much easier to succeed with implementation of ISO27001 * Help security engineers to understand ISO27001 ISO27001 is the international best practice framework for information security. However, because ISO27001 takes a business risk approach, it is unfamiliar territory to many Microsoft Certified Systems Engineers (MCSEs), even if they already have security training (MCSE Security). With this book, MSCEs can fill a gap in their knowledge and thereby harness their technical understanding of the Microsoft information security controls to drive through implementation of ISO27001 * Improve security and reliability. The purpose of ISO27001 is to ensure the confidentiality, integrity and availability of your business information. By putting suitable controls in place you can achieve these CIA goals. In this way you will also make your storage and handling of data more reliable * Take advantage of the tools you already have to hand. Since Microsoft products are so widely used, the technical details in this book are based on the Microsoft Windows(r) platform. This book shows IT managers how to make effective use of the Microsoft technologies at their disposal to support implementation of ISO27001. As a result, your organisation should be able to achieve certification without having to buy additional third-party software. Security improvements from Microsoft Microsoft s latest desktop operating system, Windows(r) 7, comes with many security improvements. You can use these to help you to develop an ISMS that complies with ISO27001. One of these features is BitLocker, an encrypting system that allows you to encrypt individual files and folders. You can also encrypt the entire contents of a computer s hard disk to make the data stored on it unavailable to unauthorised personnel. BitLocker To Go enables you to transport information securely from one system to another using portable devices such as a USB. Another feature of Windows 7, AppLocker, will allow your organisation to restrict the applications available to a user on a desktop. By preventing improper use of key