“Like” our page on Facebook
Related articles
Dec 06 2014
Top 50 InfoSec Blogs
DigitalGuardian Top 50 Infosec Blogs list. Top 50 Infosec Blogs
DigitalGuardian by Verdasys offers solution in the DLP area including advanced threat protection. Seems like a worth while list.
Below are the Top 10 InfoSec Blogs from the list.
2. Roger’s Information Security Blog
3. Dark Reading
5. ThreatPost
9. Kevin Townsend’s IT Security
10. BH Consulting IT Security Watch
Related articles
May 15 2014
Cyber Resilience Implementation Suite
Cyber security is not enough – you need to become cyber resilient
The document toolkits – created by experienced cyber security and business continuity professionals – provide you with all the document templates you’ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.
Whether you know it or not, your organization is under cyber attack. Sooner or later, a hacker or cyber criminal will get through, so you need to ensure that you have the systems in place to resist such breaches and minimize the damage caused to your organization’s infrastructure, and reputation.
You need to develop a system that is cyber resilient – combining the best practice from the international cyber security and business continuity standards ISO22301 and ISO27001.
This specially-priced bundle of eBooks and documentation toolkits gives you all the tools you need to develop a cyber-resilient system that will both fend off cyber attacks, and minimize the damage of any that get through your cyber defenses.
The books in this suite will provide you with the knowledge to plan and start your project, identify your organization’s own requirements and help you to apply these international standards.
The document toolkits – created by experienced cyber security and business continuity professionals – provide you with all the document templates you’ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.
Download your copy today
This suite includes:
- ISO 22301 Business Continuity Management System (BCMS) Implementation Toolkit
- ISO27001 2013 ISMS Standalone Documentation Toolkit
- Disaster Recovery & Business Continuity 3rd ed (eBook)
- A Manager’s Guide to ISO22301 (eBook)
- Nine Steps to Success, Second Edition (eBook)
- Resilient Thinking (eBook)
Related articles
May 12 2014
Bestselling Books at Infosecurity 2014
by Lewis Morgan @ITG
It has now been a week since Infosecurity Europe 2014. This year was my first at Infosec, and I found it to be one of the most interesting and diverse events I have ever been to.
During my short time on the IT Governance stand, I spoke to several people who were showing a keen interest in our wide range of books. It was a common opinion that our range of books is one of the broadest in the industry – something of which we are very proud.
To demonstrate our range of books and their popularity, We have created the below list of the 5 bestselling books at Infosecurity 2014*. All of the following books are available in multiple formats.
- A quick guide for anyone dealing with the PCI DSS and related issues. Now also covers PCI DSS version 3.0.
ISO27001 / ISO27002 Pocket Guide
- Now updated for the 2013 editions of ISO27001/ISO27002, this pocket guide gives a useful overview of two important information security standards.
Governance of Enterprise IT based on COBIT®5
- A perfect introduction to the principles and practice underpinning the governance of enterprise IT using COBIT®5.
Penetration Testing – Protecting Networks and Systems
- An essential guide to penetration testing and vulnerability assessment, which can be used as a preparation guide for Certified Penetration Testing Engineer exams.
- This book provides an overview of security architecture processes, and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud.
Related articles
Jan 06 2014
IT Governance Top 5 Bestsellers of 2013
With 2013 coming to a close, ITG is reflecting on what a year it’s been for the IT governance, risk management and compliance (IT-GRC) industry. In 2013 we’ve seen the highly-awaited release of ISO 27001:2013, the requirements for PCI DSS v3.0 and the Adobe breach which affected at least 38 million users.
Throughout it all, IT Governance has been there to serve IT professionals in America and assist them in implementing management systems, protecting their organizations and making their IT departments run more efficiently by implementing IT-GRC frameworks.
Below we have listed the top 5 IT Governance USA bestsellers from 2013:
ISO IEC 27001 2013 and ISO IEC 27002 2013
Cyber Risks for Business Professionals: A Management Guide
No 3 Comprehensive ISO27001 2005 ISMS Toolkit
The True Cost of Information Security Breaches and Cyber Crime
ITIL Foundation Handbook (Little ITIL) – 2011 Edition
Related articles
Jul 22 2013
Your employees aren’t the only threat to InfoSec and Compliance
Information security (Photo credit: Wikipedia)
July 22nd, 2013 by Lewis Morgan
I overheard a conversation the other day, one which left me so stunned that I’ve decided to write about it….
Two men having dinner behind me (I got the impression they were both directors) were discussing the £200k fine the NHS received for losing patient data. Eventually, the conversation turned into a discussion about information security as a whole. I won’t go into all the details but one of them said, “We don’t particularly focus on cyber security, it’s always large organisations which are in the news about getting hacked and being a small company, we’re not under threat”. It bothered me (probably more than it should have) that someone in control of an organisation has that attitude to cyber security. If an organisation of 5 employees was hacked, the same day as, let’s say DELL, were hacked – who’d make it into the news? DELL would, why? Because it’s likely to be more of an interest to the readers/listeners and will have a bigger impact on the public compared to that of the smaller organisation.
I never see stories in the news of someone being hit by a bus in my local town, but it doesn’t mean I’ll walk in front of one holding a sign saying ‘hit me’. That’s effectively what this director is doing, turning a blind eye to a large threat just because he’s not seen an example of a small organisation being hacked – chances are he doesn’t even read the publications which cover those stories.
Ignorance
It’s a strong word, isn’t it? Personally I hate calling people ignorant, I’d rather use a more constructive word such as ‘unaware’, but I feel that using the word ignorance will raise some eyebrows.
As a director of a company, your aim is to maximise revenue, minimise costs and anything in between.
You need a future for your organisation; this is usually done by investing in your marketing efforts, improving your products/services and providing the best customer service possible. But what do you do to actually secure a future? It’s all good and well having a 5 year plan which see’s 400% growth in revenue, but how do you make sure that your organisation will even exist in 5 years?
2 years into your plan and you’re hitting your targets – but you’ve just discovered that there’s been a data breach and your customers credit card details have been sold online.
Your plans have now become redundant; they are depending on how prepared you are to handle the situation, so are your staff. The cost of recovering from a data breach for a small organisation is between £35 – 65K (and that’s not including fines). Can your organisation afford that? Probably not, but you could have afforded the costs which would have prevented this breach in the first place.
Let’s say that the breach happened because a new member of staff was unaware that they shouldn’t open emails in the spam folder. An email was opened, malicious software was installed and login credentials were stolen. You could have trained that member of staff on basic information security in under an hour, for £45. But instead, you chose to ignore your IT Manager who’s been raising spam issues at each monthly meeting but all you chose to hear is “we’ve not been hacked” and “invest” which is enough for you to move on.
What your IT Manager is really telling you is “We’ve recently been receiving a large amount of emails into our spam filter, and some are getting through. I think we need to invest in a more advanced spam filter, and perhaps train some of the staff on which emails to avoid. A virus from an email could lead to a hack, it’s not happened yet but there’s a chance it will.”
Forget blaming the IT Manager or the new member of staff when that breach happens, it comes down to you and your:
Inability to perceive cyber threats
Grey areas in appropriate knowledge
Naivety
Overhead cost restrictions
Refusal to listen to something you don’t understand
Absent mindedness
No interest in the customer’s best interests
Careless decisions
Eventual disaster
Cyber security threats are real, so why are you ignoring them?
To save money? Tell that to a judge
You don’t understand the threats? Read this book
Related articles
Jun 12 2013
Why you should care about your digital privacy?
English: Infographic on how Social Media are being used, and how everything is changed by them. (Photo credit: Wikipedia)
When we use internet browser for a web search, social media site, communication (skype), buy something from a site, we are leaving digital tracks all over the internet. Your service provider of the above services have access to this information because they are collecting this treasure trove to identify and figure out what you like and don’t like so they can serve you appropriate ads and services accordingly. Most importantly they want to know that what you may buy or do next on the internet.
Well now we know that our government is utilizing that data as well from these providers to figure out if you may have some ties with the bad elements out there. To elaborate a bit at this point, for example, if a bad guy call you and left a message on you voice mail, you are presumed guilty by association and you and your friends may come under heavy surveillance after this incident. So far all this collection and analysis of data has been done without your knowledge and permission.
As Mark Zukerberg said that Facebook only provide information which is required by law. Well in this case the law (PRISM) wants everything without warrant. By using social media we create a treasure trove of data, which can be analyzed to figure out patterns, one may deduce what that person may do next. You may want to remember that when you post next time on a social media.
Related articles
Apr 12 2013
Exploding the myths surrounding ISO9000
Exploding the myths surrounding ISO9000 (Adobe eBook)
Thousands of companies worldwide are reaping the benefits from implementing the ISO9000 Quality Management standard. However, there are many conflicting opinions about the best approach. Some companies have delayed applying the standard, or have chosen not to implement it at all. This might be because of a lack of time and resources to investigate it properly, or because of misunderstandings about the way it works. So, how do we know who and what to believe?
The secrets of successful ISO9000 implementation
In Exploding the Myths Surrounding ISO9000, Andrew W Nichols debunks many of the common misconceptions about the standard, and describes the many advantages it brings. Drawing on more than 25 years of hands-on experience, Andy gives clear, practical and up-to-date advice on how to implement ISO9000 to maximum effect. Full of real-life examples, this book will enable you to:
• read and interpret the ISO9000 documentation in order to realize its benefits for your company
• estimate your company’s implementation needs
• benefit from the results of this management system as positive change is effected throughout the company and down the supplier chain
• increase efficiencies and reduce waste
• grow sales as you understand and meet your customers’ needs
Read this unique book and make ISO 9000 work for you.
Related articles
Mar 28 2013
Top Five IT Governance Titles
Download one of IT Governance industry leading ebooks. IT Governance source and publish titles on cyber security, compliance, project management, risk and IT service management.
Fantastic Reads… All Better Priced Than Amazon
Learn and stay ahead on your topic of choice. download an ebook today!
|
|
ISO22301: A Pocket Guide is designed to help you do what is necessary to satisfy the requirements of ISO22301. With the expert advice contained in this guide, you can ensure your organisation develops a business continuity plan that is fit for purpose.
|
|
|
30 Key Questions that Unlock Management 30 Key Questions that Unlock Management is a book that provides direct responses to real questions posed by real people in management. Each section contains practical advice and immediate steps you can take to deal with the issue at hand.
|
 |
Managing Business Transformation: A Practical Guide
Brush up on your soft skills and see the working relationships with your IT Audit clients flourish. Exploring how and why an auditor can remain trapped in an ascribed role, this book fills a gap in the market by helping the reader to avoid the traditional finger-pointing stance and instead become a convincing partner with business and technology counterparts.
|
 |
Running IT like a Business: A Step-by-Step Guide to Accenture’s Internal IT
Running IT like a Business will show you how your IT function can add real value to your business, taking guidance from Accenture who doubled its revenue in ten years. With clear strategies, helpful diagrams and real-life examples, this book will give you the keys to unlocking your IT function’s hidden potential.
|
|
|
Understand how to bring your SAP projects in on time and within budget with the help of this guide, written by Project Management Professional and Certified ScrumMaster, Sean Robson.
|
Related articles
Mar 02 2013
Forward-thinking books on information security
Forward-thinking books on information security help organisations understand current challenges in the sector
/EINPresswire.com/ Keeping up-to-date with information security issues and responding to new cybersecurity challenges can be time-consuming. However, it is essential that anyone concerned with information security, from IT professionals through to the Board members, dedicates time to learning and understanding these issues.
Last week, for example, the UK’s National Audit Office highlighted a severe lack of skilled cybercrime fighters in the UK. Cybercrime is costing the UK economy an estimated £18-27 billion each year.
So, is there a fast route to getting up to speed with what’s happening and what the modern means are to fight cybercrime?
Information security experts at IT Governance advise there is an easy way to catch up with the latest developments and fill in the knowledge gap. They recommend three essential books that can greatly improve everyone’s understanding of information security, data protection and risk management, whilst providing them with enjoyable and useful reading.
Once more unto the Breach – Managing information security in an uncertain world is based on a typical year in the life of an information security manager. The book examines how the general principles can be applied to all situations and discusses the lessons learnt from a real project. The book can be purchased as softcover and eBook from >> Once more unto the Breach – Managing information security in an uncertain world
IT Governance – An International Guide to Data Security and ISO27001/ISO27002 is the definitive guide to implementing an ISO27001 compliant Information Security Management System (ISMS). Written by industry experts, Alan Calder and Steve Watkins, it contains clear guidance on all aspects of data protection and information security. Book reviewers describe it as ‘unparalleled’, a critical source when preparing and managing the ISMS’ and ‘a comprehensive guide as to actions that should be taken’. The book can be ordered online at >> IT Governance – An International Guide to Data Security and ISO27001/ISO27002
Managing Information Security Breaches – Studies from real life provides a general discussion of, and a source of learning about, what information security breaches are, how they can be treated and what ISO27001 can offer in that regard, spiced with a number of real-life stories of information security incidents and breaches. This book is highly relevant and will help every team to prepare a strategic framework for handling information security breaches. Buy a softcover or eBook from >> Managing Information Security Breaches – Studies from real life
Related articles
Feb 28 2013
Cutting edge titles for IT professionals
IT Governance Publishing (ITGP) are at the forefront of sourcing and publishing cutting-edge titles in the cyber security, compliance, business continuity and IT service management sectors. ITGP top 10 cutting-edge latest titles.
ISO22301 A Pocket Guide
This handy pocket guide explains what the ISO22301 Business Continuity Standard is and how to start planning a Business Continuity Management System (BCM) that complies with this international standard.
Buy Today »
Ten Steps to ITSM Success
This book provides guidance on implementing ITSM Best Practices in an organisation using an easy to follow ten step approach.
Buy Today »
30 Key Questions that Unlock Management
A direct response to real questions posed by real people doing real jobs. Each section contains practical advice and immediate steps you can take to deal with the issue at hand.
Buy Today »
The Quantum Age of IT
‘Charles has really nailed it for any executive struggling with IT strategy. How IT got here and where it’s going.’ – Randy Steinberg, Author, ITIL Service Operation, 2011 Edition, Principal – Migration Technologies.
Buy Today »
Running IT Like A Business
Running IT like a Business will show you how your IT function can provide much more than products and services and add real value to your business.
Buy Today »
Exploding the Myths Surrounding ISO9000 – A Practical Implementation Guide – Published 25th March
In this book management systems expert Andrew Nichols, who has over 25 years industry experience, explains in detail how to implement ISO9000 to maxium effect.
Buy Today »
ITIL and Organizational Change – Published 5th March
Thousands of organisations every year adopt ITIL, however many fail to achieve significant benefits. This book examines how to avoid common pitfalls and how to clear the many hurdles that can obstruct progress.
Buy Today »
Governance and Internal Controls for Cutting Edge IT – Published 5th March
Based on practical experience and real-life models, this new book covers key principles and processes for the introduction of new technologies and examines how to establish an appropriate standard of security and control.
Buy Today »
ITIL Lifecycle Essentials – Published 28th March
This book doesn’t just cover the information required to pass the foundation exam, but goes beyond this in providing practical guidance for when newly qualified practitioners enter the real-world.
Buy Today »
Related articles
Jan 11 2013
Why SoD should be reviewed in every assessment
Similar to other controls SoD (Segragation of Duties) plays an important role in reducing certain potential risk of an organization.
SoD minimize certail risks, by deviding a task so it will take more than one individual to complete a task or a critical process. SoD control has been traditionally used in accounting to minimize risk of collusion. For separation of duties we don’t want to give any individual so much control that they become a security risk without proper check and balance inplace. SoD is utilized to avoid unauthorized modification of data and to make sure critical data is available when needed by authorized personals, which includes but not limited to the availability of the services.
Separation of Duties (SoD) is not only an important principle of security but SoD control A10.1.3 of ISO 27001 wants organizations to implement this control.
Possible Controls to Implement SoD:
- * Separate the IT Dept from user function, meaning user should not be able to perform its own IT duties.
- * Separate the InfoSec and IT Dept. The individual responsible for the InfoSec has unique knowledge of organization security infrastructure, basically a knowledgeable InfoSec individual will have keys to the knigdom and should be segregated from the rest of the IT department. Also InfoSec individual should not be reporting to the IT director which is not only independence issue but conflict of interest. IT Dept is responsible for the avaiability of service whereas security professional is responsible for security (adding controls) to the same service.
- * The development and testing of application should be segregated. There should be a complete segregation of App development and App testing function. Also the person who put the App into production/operation and maintain should be a different individual.
- * Operation of IT should be seprate from maintenance of IT function in different teirs, meaning avaiability of the information should be separated from support & maintenance.
- * The database admin should be segregated from other IT function. DBA individuals are very knowledgeable super user and should not have any other IT duties.
- * Last but not the least about the main Uber user the Sys Admin (router, FW, Server, DT) should have a separate account when performing regular user function. These super users should be logged and audited on regular basis.
Related reference topics on DISC InfoSec
Related reference topics on eBay
Nov 25 2012
Become Cyber Secure this Cyber Monday
Tips for staying safe this Cyber Monday
Cyber Monday is a marketing term for the Monday after Black Friday, the Friday following Thanksgiving in the United States, created by companies to persuade people to shop online. The term made its debut on November 28, 2005 in a Shop.org press release entitled “‘Cyber Monday’ Quickly Becoming One of the Biggest Online Shopping Days of the Year.
Cyber Secure this Cyber Monday
Cyber Monday is the well known one day online retail sale following the American holiday of Thanksgiving. What better time to top up your Cyber Security with our ‘Become Cyber Secure this Cyber Monday’ special offers?
No 3 Comprehensive ISO27001 ISMS Toolkit – Buy before the end of November and get half a day of Live Online Consultancy Free!
Cyber Monday deals for password protected and encrypted USB drive
Shop Amazon – Cyber Monday Deals Week
Nov 06 2012
New Tools for IT and Security professionals
IT Governance continually striving to create, source and deliver products that can help IT and Information Security professionals in the real world. Check out their latest on Business Continuity, ITIL & ITSM and Information Security products below to help you in your current and future projects. This is a perfect time of the year to start adding some of these tools in your wish list and stay abreast in your area of expertise.
| ISO22301 BCMS Implementation Toolkit New release |
| ITIL Lite: A Road Map to Full or Partial ITIL Implementation – ITIL 2011 Edition New release |
| ITIL Foundation Essentials: The exam facts you need Published on 6th November |
| Resilient Thinking: Protecting Organisations in the 21st Century Published on 8th November |
| ISO19770 SAM Process Guidance: A kick-start to your SAM programme Published 13th November
|
Related articles
- How to build an asset inventory for 27001 (infosecblog.antonaylward.com)
- Free calculator: Duration of ISO 27001/ISO 22301 implementation (net-security.org)
- ISO 27001 Securing offices and facilities (deurainfosec.com)
- Build resilience into your management system (deurainfosec.com)
Oct 11 2012
Make October YOUR Cyber Security Month
The US Government has declared this October is the National Cyber Security Awareness Month (NCSAM). The aim of this campaign is to: • Promote cyber security awareness amongst citizens and businesses • Educate individuals and businesses through a series of events and initiatives • Raise cyber awareness and increase the resilience of the nation in the event of a cyber incident Cyber security is not just about protecting your critical assets, it can also help improve your internal systems and help you win new business.
Make October YOUR Cyber Security Month with these essential reads:
Above the Clouds: Managing Risk in the World of Cloud Computing Assessing Information Security: Strategies, Tactics, Logic and Framework IT Governance: An International Guide to Data Security and ISO27001/ISO27002 21st Century Chinese Cyberwarfare CISSP All-in-One Exam Guide, 6th Edition More than 50 InfoSec topics in books available at DISC InfoSec store Find out more on National Cyber Security Awareness month at Homeland Security's website DISC online store for recommended InfoSec services/products
Additional online safety information:
What Teens Shouldn’t Put in Their Social Media Profiles Child Safety Guide: How to Keep Kids Safe When They're Home Alone Ways to Check if You’re Visiting a Safe Site Internet Safety Tips for Seniors How to Shop Safely Online Things You Should Never Post Online but Probably Are 11 Photos You Should Never, Ever Post on Social Media
Online Safety tips for kids:
Less screen, More Green: Outdoor Safety Tips for Kids
The Parents’ Guide to Teaching your Teen Online Safety
Keeping Kids Safe Outdoors as the World and the Roads Reopen
Sep 21 2012
Build resilience into your management system
ISO22301 and ISO27001 – The building blocks of organization management system resilience
The importance of mitigating the disruption to information technology services has been at the heart of disaster recovery and business continuity plans for many years. With the growth and dependency on IT and the increased risk of attack from outside sources (cyber-attack), the survival of all organisation will depend upon the protection of their critical information assets and building security at every layer.
The idea of cyber resilience – that an organisation’s IT systems and processes should be resilient against natural disaster or outside attack is a key principle underlining the best practice and compliance to the ISO22301 and ISO27001 standards.
ISO 22301:2012 (formerly BS25999) is the international standard for business continuity within organisations and defines the specification and best practice for developing and implementing a robust business continuity management system.
ISO/IEC 27001:2013 helps businesses throughout the world mitigate the risks associated with cybercrime and provides the security assurance demanded by your board, shareholders, regulators and most importantly, your customers.
Related articles
- HR controls during employment and ISO 27001 (deurainfosec.com)
- ISO 27001 Information Security Incident Management (deurainfosec.com)
- Staff awareness training – an essential component of ISO27001 (deurainfosec.com)
- 5 reasons why vsRisk v1.6 is the definitive risk assessment tool (deurainfosec.com)
Sep 10 2012
5 Reasons Why Patch Management Is Vital To Your Information Security
Related Patch Management titles
Patching is a critical part of systems administration. I don’t think anyone would argue that. But if your patching regimen consists of turning on Automatic Updates and calling it a day, or staying up until the middle of a Saturday night logging on to each server at a time to apply patches, you are missing the point. Patching is a task; patch management is how to perform that task easily, completely and in a scalable way. Patch management is vital to your information security because it is the only way to be sure you have taken care of all of the patching needs in your environment, and that you can audit and confirm that. Let’s look at some of the reasons why patch management is so important.
1. Patch management is about more than just operating systems
While it’s extremely important to ensure you have patched your operating systems, there are dozens of other applications out there that your users are running, which could be exploited by an infected attachment, a malicious script, and/or a compromised web page. Patch management applications can go beyond a Windows Update, addressing patches for operating systems, Microsoft and other third party applications, web browsers, media players and more. Patch management helps you ensure that no vulnerable apps are on your network.
2. Patch management is the most efficient way to handle both servers and workstations
You could probably manage to patch by hand all of your servers, and there’s a limited number of apps running on them, but trying to patch all your workstations and all the third party apps would be an impossible task without a patch management application to assess all the systems and their software, delivering those critical updates to each and every system that needs it. 100% compliance is the surest way to avoid incidents.
3. Patch management makes testing easy
Patching involves testing, and that’s why so many admins don’t patch regularly. They fear a patch might introduce an incompatibility, and would rather take their chances since they don’t have to time test. Patch management applications make it easy to push a patch to a group of systems for testing, before deploying to the rest of the network.
4. Patch management makes rollbacks easy
Sometimes, a patch needs to be rolled back, and doing that manually is out of the question. You are much more likely to deploy patches fully and on time if you can easily roll back if something turns out to be incompatible with a critical app, and a patch management application can uninstall patches from any or all systems just as easily as it can push them out.
5. Patch management makes reporting easy
One of the scariest things about relying on Automatic Updates is that you have no idea whether or not systems are actually patched, until you check them, one by one. With a patch management application, you can quickly and easily run reports to confirm that critical update for the zero day exploit really did get out to all your servers and workstations, and if one was missed, you can immediately identify and remediate it, before something bad happens.
Patch management is not a silver bullet. It won’t stop users from sharing passwords and it cannot prevent an admin from leaving a default configuration in place, but what it will do is enable you to keep your workstations, servers and critical applications up-to-date, fully patched and as secure as possible from hackers looking to exploit vulnerabilities in the software. That way you can spend more time on training users and verifying configs, and less time running around trying to update Flash for the tenth time this year.
This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right patch management solution.
Related articles
- Microsoft gives users a patch break, and time to prep for certificate slaying (techworld.com.au)
- Simple Steps To Keep Your Computer Secure (techwench.com)
- 5 Systems You’re Forgetting To Patch (informationweek.com)
Aug 15 2012
Staff awareness training – an essential component of ISO27001
Staff awareness and training are key for effective information security management and for achieving compliance with the ISO/IEC 27001:2005 standard.
As clause 8.2.2 of ISO 27002 (the Code of Practice for Information Security Management) sets out, it is imperative that security issues are addressed at the employee level and that a firm foundation is built for an employee to understand the implications of his/her actions and be mindful of these in their daily activities.
More importantly, you need to keep evidence that you have conducted formal staff awareness training.
What better way to obtain this evidence than deploying Information Security Staff Awareness eLearning within your organization?
The software enables your own corporate e-learning management portal to automatically retain records of which staff have accomplished the course. You can easily monitor the compliance status of the organization and see hard evidence of each employee’s level of understanding.
Information Security & ISO27001 Staff Awareness eLearning course offers you tangible benefits whilst enabling you to impart basic, and yet fundamental training on information security within your organization
Benefits of this eLearning include:
• Massive financial cost savings in comparison to traditional training options
• Minimal office disruption – staff train at their desks
• Minimal administration – comprehensive reports available
• Systematic evidence that training has actually been provided – underpinning disciplinary actions
• Simple to use with relevant and informative content
Related articles
- ISO 27001 Information Security Incident Management (deurainfosec.com)
- Download the full version of the ITIL and/or ISO27001 toolkit today! (deurainfosec.com)
- Achieve Best Practice & Win New Business with International IT Standards (deurainfosec.com)
- ISO 27001 implementation: How to make it easier using ISO 9001 (net-security.org)
May 25 2012
10 essential books for IT Professionals
All books are available in softcover, eBook and Kindle-compatible formats at a better price than Amazon! *
Below are 10 latest publications from IT Governance:
| 1) 30 Key Questions that Unlock Management by Brian Sutton and Robina Chatham |
||
| 2) The Concise PRINCE2 by Colin Bentley |
||
| 3) 50 Top IT Project Management Challenges by Premanand Doraiswamy and Premi Shiv |
||
| 4) Everything you wanted to know about Business Continuity by Tony Drewitt |
||
| 5) Everything you wanted to know about Agile by Jamie Lynn Cooke |
||
| 6) Cloud Computing: Assessing the Risks by Jared Carstensen, Bernard Golden and JP Morgenthal |
||
| 7) The ITSM Iron Triangle: Incidents, Changes and Problems by Daniel McLean |
||
| 8) Managing Business Transformation: A Practical Guide by Melanie Franklin |
||
| 9) Running IT like a Business: Accenture’s Step-by-Step Guide by Robert E. Kress |
||
| 10) 21st Century Chinese Cyberwarfare (Pre-order) by Lieutenant Colonel Hagestad
|
May 21 2012
Organisations can achieve ISO9001 QMS certification quicker with a bespoke toolkit
Ely, England, 21 May 2011 – IT Governance Ltd, the global leader in management system standards, information, books and tools, is advising organisations that the quicker they implement the Quality Management System standard ISO9001, the bigger their chances are to attract new customers in the current economic conditions.
Vendors who have been asked by their clients to implement the ISO9001 standard can now achieve this quickly and effectively by using the ISO9001 QMS Quality Management System Documentation Toolkit. It contains over 60 separate documents that will help organisations accelerate the development and implementation of an ISO9001 quality management system. The toolkit can be downloaded immediately here: QMS-ISO9001 Toolkit
ISO9001 is the best practice specification that helps businesses and organisations throughout the world to develop a best-in-class Quality Management System (QMS). According to BusinessLink UK Government more than 1 million organisations are currently certified against ISO9001. The advantages to businesses from implementing ISO9001 include:
•greater efficiency and less waste
•consistent control of major business processes, through key processes lists
•regulation of successful working practices
•risk management
•increased customer satisfaction
•greater consistency in the quality of products and services through better control of processes
•differentiation of your business from its competitors
•increased profits
The ISO9001 QMS Toolkit, developed by IT Governance, contains a quality management manual, and a full set of policies and procedures, in addition to the necessary forms, records and work instructions to underpin those policies and procedures. It is the complete toolkit for implementing an ISO9001 quality management system.
« Previous Page — Next Page »
