ISO 27001 ISMS Handbook: Implementing and auditing an Information Security Management System in small and medium-sized businesses

Love the content in the books, I haven't had chance to read the books as yet, but they look well structured. I am currently focus on completing some other courses before reading through these books for the ISO 27001 Lead Implementer exam and NIST. Looks very informative.

This is the best book about the standard I've ever read. The author gives us many tips, examples, and practice activities to meet the requirements. If you need to understand the standard AND implement an ISMS, this book is for you!

Really enjoy this book

One of the few books about ISO 27001 that not only explains what the ISO requirements mean, but also what you should do as an organization. Written very clearly and practically. The examples and common pitfalls iare very helpful. Very nice that I could find a good book about the 2022 version of the ISO 27001 standard, written by an experienced lead auditor. A must have for any information security professional.

Great 27001:2022 book with lot of usefull examples.

This book takes a difficult standard and explains it from the point of view of someone who assesses organizations against it; he has seen many different implementations of it! The standard is stepped through, with clarifying notes and observations throughout, as well as presenting a clear explanation of what the standard is about, and why. The book is very easy to read and understand; if it’s your job to implement the standard, this book makes clear what you have to do. If you are a manager, read the book to understand what you are asking your team to do. I strongly recommend that you read this book BEFORE hiring consultants; after reading the book, if you still don’t feel confident enough to implement the whole system yourself, you will at least have a very clear idea of what you want consultants to do, rather than giving them free reign! If you need ISO 27001, this book should be on your desk!

Good quality product. Good shopping experience.

Overall, the book is a well-written guide for those familiar with the ISO 27001 standard, and the author has done a commendable job. In my opinion, before delving into the Standard, the book should include an introductory chapter explaining the basics of ISO 27001 and its core concepts at a high level—e.g., provide an informal/formal definition of Information Security Management System (ISMS), etc. Secondly, the author often plays with the abstract nature of the standard as to avoid providing concrete definitions (even informal ones), which sometimes frustrates readers seeking practical guidance. Some paragraphs are repeated verbatim (e.g., discussing the benefits of keeping documentation in different chapters), which can be mildly annoying. Additionally, paragraphs starting with "Question:... Answer:" sound a bit professor-like. Finally, at €40, I think it is a bit pricey for a paperback and independently published work. Despite this, I believe the book may be a useful guide for experienced professionals seeking a second opinion on some obscure points in the standard.