Information security - 2022 Edition

Risk management
Management systems
The ISO/IEC 27001:2022 standard
The ISO/IEC 27002:2022 controls

English version

Format: e-book (epub, kindle, mobi, pdf and others) and hardcopy.
Year: 2022.
ISBN: 9791220888851 (e-book in English) and 9791220388474 (hardcopy in English).

The book is on all on-line bookshops, usually in epub, kindle, mobi and other formats.

The publishers (self-publishing platforms) are

For the Italian version, see:


In this book, the following subjects are included: information security, the risk assessment and treatment processes (with practical examples), the information security controls.

The text is based on the 2022 editions of the ISO/IEC 27001 and the ISO/IEC 27002 standards. The author is a participant to the editing meetings for such standards.

Appendixes include short presentations on auditor managmeent, on ISO/IEC 27001 certifications, on Common Criteria and FIPS 140 (updated in 2022) and check lists for change management, contracts and for the transition from the 2013 to the 2022 controls.


The author

Cesare Gallotti has been working since 1999 in the information security and IT process management fields and has been leading many projects in Italy, Europe, Asia and Africa, for companies of various sizes and market sectors.

He has been leading projects as consultant or auditor for the compliance with ISO/IEC 27001, ISO 9001, ISO/IEC 20000 or ISO 22301 and has been designing and delivering ISO/IEC 27001, privacy and ITIL training courses.

Some of his certifications are: Lead Auditor ISO/IEC 27001, Lead Auditor 9001, CISA, ITIL Expert and CBCI, CIPP/e.

Since 2010, he has been Italian delegate for the ISO/IEC JTC 1 SC 27 WG 1, i.e. the editing group for the ISO/IEC 27000 standard family.

Web: Blog:

Nessun commento:

Posta un commento