10 Bestselling InfoSec eBooks of 2015


The top titles your peers have been reading this year

IT Governance Publishing (ITGP) publishes industry-leading titles on all aspects of IT governance, risk management, and compliance.

ITGP 2015 bestsellers will give you the knowledge you need to transform your working life in 2016. Browse through top 10 below:


1) Web Application Security is a Stack
Understand the threat from web application attacks and learn how to defend your organization.

2) Two-Factor Authentication
Gain a comprehensive evaluation of popular secondary authentication methods.

3) Directing the Agile Organisation
Learn how to improve business adaptability, staff engagement, and quality for the benefit of your customers.

4) Running IT Like a Business
Learn the secrets of an award-winning IT function with this real-life IT transformation case study, authored by Accenture’s former COO.

“Very innovative and ground breaking, this is an excellent book.”

Jeffrey D. Klauer

5) ISO27001/ISO27002 – A Pocket Guide
Packed with practical advice, this indispensable pocket guide provides a useful overview of two important information security standards.

6) Agile Governance and Audit
Discover how to dramatically improve communication between the auditor and the Agile team, improving audit and project outcomes.

“So far this book is paying handsomely and it is making me look good already at my new job. Thanks Chris!”


7) An Introduction to Information Security and ISO27001:2013 – A Pocket Guide
The perfect introduction to the principles of information security management and ISO 27001:2013.

8) Nine Steps to Success – An ISO27001:2013 Implementation Overview
Learn the six secrets and nine steps that significantly increase your chances of getting ISO 27001 registered first time.

“It’s like having a $300/hr consultant at your elbow…”

Thomas F. Witwicki

9) ITIL Lifecycle Essentials
An official ITIL-licensed product, this book covers the entry-level ITIL Foundation syllabus and gives you a solid grounding in the key elements, concepts, and terminology used in the ITIL service lifecycle.

10) In Hindsight – A compendium of Business Continuity case studies
Learn from real life how and why to avoid business continuity disasters.

“…an interesting, thought provoking and stimulating collection of studies”


Available in:
Softcover – Adobe eBook – ePub – Kindle

Leave a Comment

Assessing Information Security

AssessingInfoSec Assessing Information Security – Strategies, Tactics, Logic and Framework draws on the work of Clausewitz and Sun Tzu, and applies it to the understanding of information security that the authors have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.

Assessing Information Security – Strategies, Tactics, Logic and Framework, Second edition
  • Shows how to use principles of military strategy to defend against cyber attacks, enabling organizations to have a more structured response to malicious intrusions.
  • Explains the priorities for robust cybersecurity , helping readers to decide which security measures will be the most effective.
  • Buy today and discover how to integrate cybersecurity into your organization’s normal operations.

Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001.

“Gives you new practical perspective and new way how to think about infosec, many views nicely packed in one book.” Ivan Kopacik

Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2103.


Product overview:

  1. Information Security Auditing and Strategy

  2. Security Auditing, Governance, Policies and Compliance

  3. Security Assessments Classification

  4. Advanced Pre-Assessment Planning

  5. Security Audit Strategies and Tactics

  6. Synthetic Evaluation of Risks

  7. Presenting the Outcome and Follow-Up Acts

  8. Reviewing Security Assessment Failures and Auditor Management Strategies

Available in: Softcover, Adobe eBook, ePub, Kindle              ===>>>  Buy now  

Buy today and discover how to integrate cyber security into your organisation’s everyday operations >>

Leave a Comment

Keep certification simple using ITGP’s toolkits


When implementing ISO management systems, most of us would like to:

  • get it right first time,
  • keep it as straightforward as possible,
  • be able to integrate the system with other frameworks,
  • reduce common errors that are made during the process, and
  • cut implementation costs where possible.


Implementing management systems has never been easier with ITGP’s toolkits

Authored by industry experts and used by over 4,000 organisations worldwide, ITGP’s toolkits will help you do all of the above and more.

Comprising pre-written templates, customisable worksheets, policies and helpful guidance, the documentation toolkits are perfect for organisations seeking certification, compliance and/or best-practice implementation.

View all toolkits >>

Leave a Comment

New York Stock Exchange cybersecurity guide recommends ISO 27001

by Neil Ford

The New York Stock Exchange (NYSE) has released a 355-page guide to cybersecurity (Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers), written by more than 80 individual contributors representing organizations including Booz Allen Hamilton, Dell SecureWorks, Georgia Institute of Technology, the Internet Security Alliance, Rackspace Inc., the US Department of Justice Cybersecurity Unit, Visa, Wells Fargo, and the World Economic Forum.

This ‘definitive guide’ collects “the expertise and experience of CEOs, CIOs, lawyers, forensic experts, consultants, academia, and current and former government officials”, and “contains practical and expert advice on a range of cybersecurity issues including compliance and breach avoidance, prevention and response.”

“No issue today has created more concern within corporate C-suites and boardrooms than cybersecurity risk.”

Tom Farley, President, New York Stock Exchange

Among the report’s many opinions is one that we at IT Governance have maintained for a long time: the recommendation that organizations align their cybersecurity program with “at least one standard… so progress and maturity can be measured. In determining which standard to use as a corporate guidepost, organizations should consider the comprehensiveness of the standard. […] ISO/IEC 27001… is a comprehensive standard and a good choice for any size of organization because it is respected globally and is the one most commonly mapped against other standards.”

All NYSE-listed company board members will receive a copy of the guide; if you are yet to receive your copy, it can be downloaded here >>

For more information on ISO 27001 and how it can help your organization with a best-practice cybersecurity posture, click here >>

“This is not simply an IT issue. It is a business problem of the highest level.”

Charles W. Scharf, CEO, Visa Inc.

ISO 27001 information security management

An information security management system (ISMS), as described by ISO 27001, provides a risk-based approach to information security that enables organizations of all sizes, sectors, and locations to mitigate the risks they face with appropriate controls. An ISMS addresses people, processes, and technology, providing an enterprise-wide approach to protecting information – in whatever form it is held – based on the specific threats the organization actually faces, thereby limiting the inadvertent threats posed by untrained staff, inadequate procedures, out-of-date software solutions, and more.

Priced from only $659, IT Governance’s ISO 27001 Packaged Solutions provide unique information security implementation resources for all organizations, whatever their size, budget, or preferred project approach. Combining standards, tools, books, training, and online consultancy and support, they allow all organizations to implement an ISMS with the minimum of disruption and difficulty.

Leave a Comment

Cyber crime costs the global economy $445 billion a year


A new report – A Guide to Cyber Risk: Managing the Impact of Increasing Interconnectivity – reveals that cyber crime costs the world $445 billion annually, with the top ten economies accounting for more than 50% of the costs. Since 2005 there have been 5,029 reported data breach incidents in the US alone, and at least 200 breaches in Europe involving 227 million records.

It is estimated that the average cost of a data breach is $3.8 million, which is up from $3.3 million a year earlier.


Source: A Guide to Cyber Risk: Managing the Impact of Increasing Interconnectivity, Allianz Global Corporate & Specialty (AGCS)

Cyber risks are underestimated

Published by Allianz Global Corporate & Specialty (AGCS), the report warns that “cyber risk is the risk most underestimated by businesses” and asserts that “everyone is a target”.

73% of respondents who took part in an Allianz Risk Barometer 2015 believe that underestimation of cyber risks is preventing companies from being better prepared for them. Other hindrances include budget constraints (59%), failure to analyze the problem (54%), IT infrastructure that is too sensitive for major changes (30%) and failure to identify the right personnel (10%).

The US shows higher levels of awareness of cyber risk due to having tougher legislation than other countries. The majority of US states require companies to notify individuals of a breach. Europe is heading in the same direction, with the European Union (EU) currently reviewing its data protection law and planning to introduce more stringent rules in terms of data breaches.

Data shows that cyber attacks are becoming more frequent and sophisticated. The number of detected cyber attacks was up by 48% in 2014 according to the Global State of Information Security Survey 2015.

In order to protect themselves from breaches, businesses should identify key assets at risk and make decisions as to what risks to accept, avoid, mitigate or transfer.

Future cyber risk trends

The AGCS report makes predictions that businesses will be increasingly exposed to risks from the supply chain and that we are yet to witness “a major cyber event of truly catastrophic proportions”.

Jens Krickhahn, practice leader, Cyber & Fidelity at AGCS Financial Lines Central & Eastern Europe, explains:

“Business exchanges with partners are increasingly electronic.

“Even if a company is confident in its own IT controls, it is still exposed to cyber risk through its business partners, contractors and supply chains.”

The Internet of Things (IoT) is seen as one of the biggest factors that will change the face of cyber threats leading to interconnected risks. It will exacerbate vulnerabilities, bringing increasing potential for physical loss and data breaches.

ISO 27001 and cyber risks

Management of information security risks is at the core of the ISO 27001, the international standard that sets out the specifications of an information security management system (ISMS).

ISO 27001 requires compliant organizations to carry out risk assessments based on agreed criteria. The outcome of the risk assessment should enable the business to balance expenditure on controls against the business harm likely to result from security failures.

Download IT Governance’s free green paper, Risk Assessment and ISO 27001, to learn more about managing cyber risks.

Leave a Comment

North America has largest growth rate of ISO 27001 registrations

by Melanie Watson

North America is currently the fastest growing region in terms of ISO 27001 registrations, according to ISO Survey 2014.

Now totalling 836 registrations, North America boasts an annual growth rate of 17.42% in 2014.

Other regions include the Middle East with a growth rate of 13.53%, Central and South Asia with 12.54%, Europe with 9.53%, East Asia and Pacific with 4.07%, Central/South America with 1.84% and Africa with a decline of 18.18%.

ISO 27001 – The CyberSecurity Standard

ISO 27001, the international cybersecurity standard, has long been regarded as the leading framework for implementing an information security management system (ISMS) that enables organizations to obtain an independent registration to prove their cybersecurity credentials.

In fact, the US has the ninth largest number of ISO 27001 registrations globally (664), moving up one place from last year.


ISO27001 registration is often a supply chain requirement and, as such, can help organizations broaden their client base and supply chain network, while supporting business opportunities in international markets where the Standard is recognized.

Other ISO 27001 benefits include: enhanced reputation, increased stakeholder trust, meeting regulatory and compliance requirements, and improved internal processes.

Find out more about ISO 27001

More and more companies across North America have come to realise the benefits of implementing an ISO 27001-accredited information security management system, both in terms of improving security and gaining a competitive advantage.

Find out more about ISO 27001 >>

New to ISO 27001? Learn from the experts >>


Leave a Comment

International law firms see ISO 27001 certification as competitive differentiator

International law firms see ISO 27001 certification as competitive differentiator


ISO 27001 has long been regarded as the information security standard to protect a company’s sensitive information, but more recently law firms have been viewing it as a key competitive differentiator in their field.

Key selling point

Shook, Hardy & Bacon achieved ISO 27001 certification last year and described the standard as a key selling point for their firm. “We wanted to make sure we had the processes in place so [clients] had confidence that we were doing the best we could,” says the firm’s chair, John Murphy.

Strengthened position in the legal market

Murphy continues that certifying to ISO 27001 has strengthened SHB’s position in the legal market and that prospective clients ask the firms they’re evaluating about their data security policies and procedures; some even specifically ask firms whether they have an ISO 27001 certification.

Certification to ISO 27001 has been achieved by at least 12 large law firms, half of which are based in the United Kingdom, and another 16 US firms were identified as “working toward or investigating certification” (International Legal Technology Association’s LegalSEC conference, June 2014).

The importance of data security in the legal sector

Having worked with some of the top law firms in the country – including Eversheds, Freshfields, and Slaughter and May – we know how important data security is to those in the legal sector.

Find out how you can emulate top law firms and achieve internationally recognized data security status with ISO 27001 by downloading our free green paper, which reveals:

  • How top law firms successfully use ISO 27001 to grow their client base.
  • How ISO 27001 will benefit your firm as a whole.
  • Why stringent data security in the legal sector is a key business enabler.

Download now >>

Leave a Comment

Code of practice for protection of Personally Identifiable Information


ISO 27018 Code of practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors

by Microsoft Azure

ISO/IEC 27018 was published in July 2014 by the International Organization for Standardization (ISO), as a new component of the ISO 27001 standard. ISO 27018 adds controls to the ISO/IEC 27001/27002 standards to address processing personally identifiable information (PII) in a cloud computing environment.

The code of practice provides guidance for Cloud Service Providers (CSP) that act as processors of PII and recommends a set of controls. Furthermore, ISO 27018 provides guidance on what CSPs need to achieve in terms of contractual obligations related to processing PII.

ISO 27018 provides controls that reflect considerations specifically for protecting PII in public cloud services. For example, new controls prohibit the use of customer data for advertising and marketing purposes without the customer’s express consent. ISO 27018 also provides clear guidance to CSPs for the return, transfer and/or secure disposal of PII belonging to customers leaving their service. And it provides guidance to the CSP to identify any sub-processor before their use, and inform customers promptly of new sub-processors, to give customers an opportunity to object or terminate their agreement.

ISO 27018 is the first international set of privacy controls in the cloud, and Microsoft Azure was the first cloud computing platform to adopt ISO 27018 as validated during an independent audit by the British Standards Institution (BSI). Office 365, Dynamics CRM Online, and Microsoft Intune have also adopted ISO 27018.

Maintaining compliance with this and similar international standards is part of a broader commitment from Microsoft to protect the privacy of our customers, as described in this Microsoft on the Issues post from Brad Smith, General Counsel & Executive Vice President.

Microsoft will continue to conduct annual audits by independent third parties to confirm Azure compliance, which can then be relied upon by the customer to support their own regulatory obligations.

We understand that security and compliance are extremely important to our customers so we make it a core part of how we design and manage Azure. As we rapidly innovate in productivity services with Azure, we will continue to invest in fielding a service that emphasizes security and compliance with global as well as regional and industry specific standards and regulations.

Leave a Comment

Five ISO 27001 books you should read

Take a plunge into the world of ISO 27001 with these recommended reads


As a professional embarking on your first journey implementing ISO 27001, you are probably hungry for knowledge and eager to make progress. While starting a new project may be exciting, it can also be daunting if you lack relevant experience and cannot rely on internal support and guidance.

Many ISO 27001 practitioners attend ISO 27001 Lead Implementer courses to gain practical knowledge and skills to develop an information security management system (ISMS). Some go even further by securing a budget to call in an experienced ISO 27001 consultant to guide them through the process and help them with the more complex aspects of the project. But most information security professionals start the journey by simply reading a lot on the subject and doing initial preparation on their own – a method that is not only cost effective, but also gives them a good foundation to understand what is needed for successful ISO 27001 delivery.

Here are five books from IT Governance’s own ISO 27001 library that we believe can help ISO 27001 practitioners prepare for ISO 27001 implementation.

The Case for ISO 27001

As the title says, this book explains the business case for implementing ISO 27001 within an organisation. It highlights the importance and outlines the many benefits of the Standard, making it an ideal supporting document for developing an ISO 27001 project proposal.

The Case for ISO 27001 can be ordered from the IT Governance website.

IT Governance – An International Guide to Data Security and ISO27001/ISO27002

Now in its sixth edition, the bestselling IT Governance: An International Guide to Data Security and ISO27001/ISO27002 is the perfect manual for designing, documenting and implementing an ISO 27001-compliant ISMS, and seeking certification. Selected as the textbook for the Open University’s postgraduate information security course, this comprehensive book offers a systematic process and covers the main topics in depth.

Jointly written by renowned ISO 27001 experts Alan Calder and Steve Watkins, IT Governance: An International Guide to Data Security and ISO27001/ISO27002, sixth edition is due to be released 3 September 2015, and is now available for pre-order.

Nine Steps to Success

If you are looking for a concise, practical guide to implementing an ISMS and achieving ISO 27001 certification, consider obtaining a copy of Nine Steps to Success. Written from first-hand experience, it guides you through an ISO 27001 implementation project step-by-step, covering the most essentials aspects including gaining management support, scoping, planning, communication, risk assessment and documentation.

ISO 27001 Assessments Without Tears

With ISO 27001 certification being the final goal for most organisations implementing the Standard, the pressure is usually on the ISO 27001 practitioners to ensure that staff are prepared to answer tricky auditor questions. ISO 27001 Assessments Without Tears is a succinctly written pocket guide that explains what an ISO 27001 assessment is, why it matters for the organisation, and what individual staff should and should not do if an auditor chooses to question them.

ISO 27001 in a Windows Environment

Most ISO 27001 implementations will involve a Windows® environment at some level. Unfortunately, there is often a knowledge gap between those trying to implement ISO 27001 and the IT specialists trying to put the necessary best-practice controls in place using Microsoft®’s technical controls. Written by information security expert Brian Honan, ISO27001 in a Windows Environment bridges that gap and gives essential guidance to everyone involved in a Windows-based ISO27001 project.

Leave a Comment

ISO/IEC 20000 Implementation Toolkit

ITSM, ITIL & ISO/IEC 20000 Implementation Toolkit

Implement IT service management (ITSM) best practice the easy way with expert guidance and fully customizable pre-written documents created by ITIL® and ISO 20000 service management experts.

Guidance and documentation templates from service management experts to help all organizations improve their ITSM, adopt ITIL best practices, and/or achieve ISO 20000 registration

• Developed by service management gurus Shirley Lacy and Jenny Dugmore, the ITSM, ITIL & ISO/IEC 20000 Implementation Toolkit contains a complete set of tools and documentation templates, policies, and procedures that will enable organizations of all types and sizes to assess their current levels of service management and implement processes to deliver better services.
• Completely up to date with the latest editions of ITIL and ISO 20000, this toolkit makes administration and branding simple.
• The Office 2010 version features an integrated dashboard, allowing easy customization of templates, and one-click formatting.
• The ITSM, ITIL & ISO20000 Implementation Toolkit is the perfect investment for organizations that want an optimal route to implementing service management best practice, adopting ITIL, and/or achieving ISO/IEC 20000 registration.

Use SAVE15 at the checkout to save 15% on toolkit, containing all of the pre-written documents you need to accelerate your management system projects. Offer expires Monday August 31 2015.

To download copy of your toolkit: ITSM, ITIL & ISO/IEC 20000 Implementation Toolkit20000

Leave a Comment

CyberSecurity read which belong on every bookshelf

by zdnet.com

Take a plunge into the world of CyberSecurity with these recommended reads:

1) CountDown to Zero Day

2) Ghost in the Wires

3) Secrets and Lies

4) Spam Nation

5) The Art of Deception

6) Data and Goliath

7) Future Crimes

8) The Artocity Archives

The Artocity Archives

Leave a Comment

Information Security – A Practical Guide: one of the most ‘impressive’ books from ITGP


Information Security A Practical Guide

Corporate information security is often hindered by a lack of adequate communication between the security team and the rest of the organization. Many consider information security an obstacle to reaching business goals, and view security professionals with suspicion if not outright hostility.

Information Security A Practical Guide
As a security professional, how can you get broader buy-in from your colleagues?

Mark Rowe, Editor at Professional Security Magazine, has reviewed one of ITGP’s information security titles which aims to address this issue, Information Security – A Practical Guide: Bridging the gap between IT and management.

One of the most impressive books from IT Governance Publishing.

Quick and dirty does it: we’ve reviewed several books on information and IT security published by IT Governance. The latest is one of the most impressive.

Tom Mooney begins this neat little book by recalling that he was struck when starting his career in information security how little he engaged with non-infosec people. IT would shy away from speaking to him, ‘as they feared security would stick its nose in’, and the business viewed security as a ‘dark art’. He likens security to brakes on a car: you would hardly drive a car without any, but you only use them when you have to, as a control. Without them, you will have an accident. As the book’s subtitle suggests, infosec is about ‘Bridging the gap between IT and management’.

Like many books, this would have been half as good if it had been twice as long. As it is, Mooney has provided non-security and indeed security people with a very high ratio of good sense that’s worthwhile to read.

“Offers more than the title suggests”

We’ve known for a while that it’s wisest to do computer security and physical security. In the old days, someone could walk out of a building with your server; now we have the Cloud, people can steal data even more simply, as Edward Snowden and others have. For a dozen years or more, that truth has been reflected in the British Standard for information security management, 27001, that covers the IT and physical sides. Books telling you how to do the two equally well have been hard to find; either the author is a tech guy, lacking know-how of electronic and personnel security; or the other way round. Information Security – A Practical Guide, by Tom Mooney, offers more than the title suggests.

It’s a short book, of ten chapters each of about ten pages each – and that’s something of merit, given how busy the likely reader is likely to be. I would suggest the reader who can learn from this is either the physical security and guarding person who wants to gen up on infosec, or an IT guy who likewise wants to tighten up security. Mooney keeps it plain and simple, in style and content, and again that is a compliment. A middle chapter, “Quick and dirty risk assessments” as the title suggests takes you through how to do a risk assessment, and as important to keep doing them. Besides the nuts and bolts of the work, Mooney arguably does us more of a service in the chapters such as “getting buy-in from your peers” because as in so many other parts of the workplace, it’s no good doing a decent or even excellent job if your non-security staff aren’t doing their bit, or aren’t funding it. “Often security is seen as a blocker or necessary evil at the end (some organizations are better than others.” Mooney advises building relationships; letting people know that their input is valued, and that they can help steer security. If you find yourself working for a place that doesn’t have a high regard for security, using some “fear, uncertainty and doubt” stories is a start, he suggests. Choose stories from the media, and again he advises explaining yourself in plain and simple English.


One observation rather than a criticism is that the author ought to have gone into more detail – but then he would not have written such a concise book. In fairness, he does introduce you to the necessary basics, such as the Senior Information Risk Owner (SIRO), a role often found in UK Government. Instead, Mooney points you in the right direction on such topics as penetration testing (again, with a physical and IT component) and information security policy; first knowing what the ‘risk appetite’ of your business is. While Mooney is writing for the information security professional, such is the spread of IT in the office and organization, this book can apply to anyone in security management. This book is well worth an hour of your time, whether as a refresher, or if you are finding yourself facing more work on the info security side. Recommended.

Reviewed by Mark Rowe, Editor at Professional Security Magazine

Information Security A Practical Guide
Covering everything from your first day at work as an information security professional to developing and implementing enterprise-wide information security processes, this book explains the basics of information security, and how to explain them to management and others so that security risks can be appropriately addressed.

Buy Information Security – A Practical Guide now >>

Leave a Comment

Cyber Resilience Best Practices

Cyber Resilience

Cyber Resilience

RESILIA™ Cyber Resilience Best Practices

AXELOS’s new guide RESILIA™ Cyber Resilience Best Practices provides a methodology for detecting and recovering from cyber security incidents using the ITIL lifecycle

RESILIA™ Cyber Resilience Best Practices

Best guide on Cyber Resilience on the web – Cyber Resilience Best Practices
is part of the AXELOS RESILIA™ portfolio.

RESILIA™ Cyber Resilience Best Practices is aimed at anyone that is responsible for staff or processes that contribute to the cyber resilience of the organization.

The methodology outlined in this manual has been designed to complement existing policies and frameworks, helping create a benchmark for cyber resilience knowledge and skills.

  • Designed to help organizations better prepare themselves to deal with the increasing range and complexity of cyber threats.
  • Provides a management approach to assist organizations with their compliance needs, complementing new and existing policies and frameworks.
  • Developed by experts in hands-on cyber resilience and systems management, working closely with subject and technology experts in cyber security assessment.
  • Supports the best-practice training and certification that is available to help organizations educate their staff by providing a defined benchmark for cyber resilience knowledge and skills.
  • Aligned with ITIL®, which is the most widely accepted service management framework. The best practice is equally suitable for organizations to adopt within other systems, such as COBIT® and organization-specific frameworks.


Target market


  • Managers who are responsible for staff and processes where cyber resilience practices are required – for example those processing payment card information, sensitive commercial data or customer communications.
  • IT service management teams, IT development and security teams, cyber teams and relevant team leaders that operate the information systems that the organization relies on.
  • IT designers and architects, those responsible for the design of the information systems and the controls that provide resilience.
  • The chief information security officer (CISO), the chief security officer (CSO), IT director, head of IT and IT managers.


Buy this guide and gain practical guidance on assessing, deploying and managing cyber resilience within business operations.
RESILIA™ Cyber Resilience Best Practices

Leave a Comment

10 Facts Every Cyber Security Professional Should Know


If you hold any job related to security operations analysis and reporting, you’ve likely been inundated with news stories about data breaches and attacks by hackers on businesses of all sizes across numerous verticals. But with all that noise, it can be difficult to sort out the information that truly matters, like the hard data that helps you decide which solutions to adopt, gives you a powerful case to bring to your executive team for a larger cyber security budget next quarter, or simply reassures you that your peers are facing similar challenges.

For that reason, SwinLane.com have assembled some of the most impactful, telling statistics related to information security in one place

1. Cyber attacks cost businesses $400 billion every year—Lloyd’s of London, 2015

2. Some 42 percent of survey respondents said security education and awareness for new employees played a role in deterring a potential criminal. — “US cybercrime: Rising risks, reduced readiness; Key findings from the 2014 US State of Cybercrime Survey,” PwC

3. There are more than 1 million unfilled information security jobs globally; by 2017 that number may be as high as 2 million — “2014 Annual Security Report,” Cisco; UK Parliament Lords’ Digital Skills Committee witness interview

4. The malware used in the Sony hack would have slipped past 90 percent of defenses today. — Joseph Demarest, assistant director of the FBI’s cyber division, during a U.S. Senate hearing

5. The average U.S. business deals with 10,000 security alerts per day. — “State of Infections Report Q1 2014,” Damballa

6. A significant 90 percent of CISOs cite salary as the top barrier to proper staffing. — “State governments at risk: time to move forward,” Deloitte/NASCIO

7. About 43 percent of businesses experienced a data breach in 2014. — “Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness,” Experian/Ponemon Institute

8. Just 21 percent of IT professionals are confident that their information security technologies can mitigate risk. — “2015 Vulnerability Study,” EiQ Networks

9. As many as 75 percent of breaches go undiscovered for weeks or months. — Michael Siegel, research scientist at MIT, at a recent cyber security conference

10. In an effort to combat the growing threat of cybercrime, the U.S. Department of Homeland Security increased its cyber security budget 500 percent during the past two years; and President Obama included $14 billion for cyber security spending in his 2016 budget. GCN.com, 2015

Leave a Comment

Cyber Security safeguard offers much more than just protection

What is most beneficial about cyber security safeguards, Well, you will not only benefit from the better protection of your own information, but you will also gain a competitive advantage by demonstrating your cyber credentials.

English: ISMS activities and their relationshi...

English: ISMS activities and their relationship with Risk Management (Photo credit: Wikipedia)

For example, certification to ISO 27001 or evidence of compliance with the PCI DSS (for merchants and service providers) is often a tender or contractual requirement because it proves that an organization has been independently audited against internationally recognized security standards.

Those that implement an information security management system (ISMS) will benefit hugely from improved processes and control of data within the organization.

Furthermore, improving and having demonstrable cyber security can also reduce your cyber security insurance. And finally, it will also dramatically reduce the chances of you experiencing a cyber attack. That’s kind of improvement.

Comments (1)

SEO Powered By SEOPressor