Jul 21 2015

Information Security ā€“ A Practical Guide: one of the most ā€˜impressiveā€™ books from ITGP

Category: Information SecurityDISC @ 8:30 am

by

Information Security A Practical Guide

Corporate information security is often hindered by a lack of adequate communication between the security team and the rest of the organization. Many consider information security an obstacle to reaching business goals, and view security professionals with suspicion if not outright hostility.

Information Security A Practical Guide
As a security professional, how can you get broader buy-in from your colleagues?

Mark Rowe, Editor at Professional Security Magazine, has reviewed one of ITGPā€™s information security titles which aims to address this issue, Information Security ā€“ A Practical Guide: Bridging the gap between IT and management.

One of the most impressive books from IT Governance Publishing.

Quick and dirty does it: weā€™ve reviewed several books on information and IT security published by IT Governance. The latest is one of the most impressive.

Tom Mooney begins this neat little book by recalling that he was struck when starting his career in information security how little he engaged with non-infosec people. IT would shy away from speaking to him, ā€˜as they feared security would stick its nose inā€™, and the business viewed security as a ā€˜dark artā€™. He likens security to brakes on a car: you would hardly drive a car without any, but you only use them when you have to, as a control. Without them, you will have an accident. As the bookā€™s subtitle suggests, infosec is about ā€˜Bridging the gap between IT and managementā€™.

Like many books, this would have been half as good if it had been twice as long. As it is, Mooney has provided non-security and indeed security people with a very high ratio of good sense thatā€™s worthwhile to read.

ā€œOffers more than the title suggestsā€

Weā€™ve known for a while that itā€™s wisest to do computer security and physical security. In the old days, someone could walk out of a building with your server; now we have the Cloud, people can steal data even more simply, as Edward Snowden and others have. For a dozen years or more, that truth has been reflected in the British Standard for information security management, 27001, that covers the IT and physical sides. Books telling you how to do the two equally well have been hard to find; either the author is a tech guy, lacking know-how of electronic and personnel security; or the other way round. Information Security ā€“ A Practical Guide, by Tom Mooney, offers more than the title suggests.

Itā€™s a short book, of ten chapters each of about ten pages each ā€“ and thatā€™s something of merit, given how busy the likely reader is likely to be. I would suggest the reader who can learn from this is either the physical security and guarding person who wants to gen up on infosec, or an IT guy who likewise wants to tighten up security. Mooney keeps it plain and simple, in style and content, and again that is a compliment. A middle chapter, ā€œQuick and dirty risk assessmentsā€ as the title suggests takes you through how to do a risk assessment, and as important to keep doing them. Besides the nuts and bolts of the work, Mooney arguably does us more of a service in the chapters such as ā€œgetting buy-in from your peersā€ because as in so many other parts of the workplace, itā€™s no good doing a decent or even excellent job if your non-security staff arenā€™t doing their bit, or arenā€™t funding it. ā€œOften security is seen as a blocker or necessary evil at the end (some organizations are better than others.ā€ Mooney advises building relationships; letting people know that their input is valued, and that they can help steer security. If you find yourself working for a place that doesnā€™t have a high regard for security, using some ā€œfear, uncertainty and doubtā€ stories is a start, he suggests. Choose stories from the media, and again he advises explaining yourself in plain and simple English.

ā€œRecommendedā€

One observation rather than a criticism is that the author ought to have gone into more detail ā€“ but then he would not have written such a concise book. In fairness, he does introduce you to the necessary basics, such as the Senior Information Risk Owner (SIRO), a role often found in UK Government. Instead, Mooney points you in the right direction on such topics as penetration testing (again, with a physical and IT component) and information security policy; first knowing what the ā€˜risk appetiteā€™ of your business is. While Mooney is writing for the information security professional, such is the spread of IT in the office and organization, this book can apply to anyone in security management. This book is well worth an hour of your time, whether as a refresher, or if you are finding yourself facing more work on the info security side. Recommended.

Reviewed by Mark Rowe, Editor at Professional Security Magazine

Information Security A Practical Guide
Covering everything from your first day at work as an information security professional to developing and implementing enterprise-wide information security processes, this book explains the basics of information security, and how to explain them to management and others so that security risks can be appropriately addressed.

Buy Information Security ā€“ A Practical Guide now >>

Related articles

Tags: information security guide

Feb 08 2015

DISC InfoSec FB Page

Category: Information SecurityDISC @ 1:50 pm

ā€œLikeā€ our page on Facebook

DISC InfoSec Facebook Page

Related articles

Tags: InfoSec Page

Dec 06 2014

Top 50 InfoSec Blogs

Category: Information SecurityDISC @ 9:21 pm

blog

DigitalGuardianĀ Top 50 Infosec Blogs list. Top 50 Infosec Blogs

 

DigitalGuardian by Verdasys offersĀ solution in the DLP areaĀ including advanced threat protection.Ā Seems like aĀ worthĀ while list.

Below are the Top 10 InfoSec Blogs from the list.

1. Wiredā€™s Threat Level

2. Rogerā€™s Information Security Blog

3. Dark Reading

4. Krebs on Security

5. ThreatPost

6. IT Security Guru

7. Dan Kaminskyā€™s Blog

8. Security Weekly

9. Kevin Townsendā€™s IT Security

10. BH Consulting IT Security Watch

Related articles

May 15 2014

Cyber Resilience Implementation Suite

Category: BCP,Information Security,ISO 27kDISC @ 11:15 am

CyberResilience

Cyber security is not enough ā€“ you need to become cyber resilient

 

The document toolkits ā€“ created by experienced cyber security and business continuity professionals ā€“ provide you with all the document templates youā€™ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.

Whether you know it or not, your organization is under cyber attack. Sooner or later, a hacker or cyber criminal will get through, so you need to ensure that you have the systems in place to resist such breaches and minimize the damage caused to your organization’s infrastructure, and reputation.

You need to develop a system that is cyber resilient ā€“ combining the best practice from the international cyber security and business continuity standards ISO22301 and ISO27001.

This specially-priced bundle of eBooks and documentation toolkits gives you all the tools you need to develop a cyber-resilient system that will both fend off cyber attacks, and minimize the damage of any that get through your cyber defenses.

The books in this suite will provide you with the knowledge to plan and start your project, identify your organizationā€™s own requirements and help you to apply these international standards.

The document toolkits ā€“ created by experienced cyber security and business continuity professionals ā€“ provide you with all the document templates youā€™ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.

Download your copy today

This suite includes:

Related articles

Tags: business continuity, Computer security, Cyber Resilience, cyberwarfare, ISO/IEC 27001

May 12 2014

Bestselling Books at Infosecurity 2014

Category: cyber security,Information SecurityDISC @ 9:36 am

InfoseEurope2014

by Lewis Morgan @ITG

It has now been a week since Infosecurity Europe 2014. This year was my first at Infosec, and I found it to be one of the most interesting and diverse events I have ever been to.

During my short time on the IT Governance stand, I spoke to several people who were showing a keen interest in our wide range of books. It was a common opinion that our range of books is one of the broadest in the industry ā€“ something of which we are very proud.

To demonstrate our range of books and their popularity, We have created the below list of the 5 bestselling books at Infosecurity 2014*. All of the following books are available in multiple formats.

PCI DSS Pocket Guide

    A quick guide for anyone dealing with the PCI DSS and related issues. Now also covers PCI DSS version 3.0.

ISO27001 / ISO27002 Pocket Guide

    Now updated for the 2013 editions of ISO27001/ISO27002, this pocket guide gives a useful overview of two important information security standards.

Governance of Enterprise IT based on COBITĀ®5

    A perfect introduction to the principles and practice underpinning the governance of enterprise IT using COBITĀ®5.

Penetration Testing –Ā  Protecting Networks and Systems

    An essential guide to penetration testing and vulnerability assessment, which can be used as a preparation guide for Certified Penetration Testing Engineer exams.

Securing Cloud Services

    This book provides an overview of security architecture processes, and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the Cloud.

 

Related articles

Tags: Certified Penetration Testing Engineer, Cloud computing, cloud computing security, London, Payment Card Industry Data Security Standard, Penetration test

Jan 06 2014

IT Governance Top 5 Bestsellers of 2013

Category: Information Security,ISO 27kDISC @ 11:24 am

With 2013Ā coming to a close, ITG is reflecting on what a year itā€™s been for the IT governance, risk management and compliance (IT-GRC) industry.Ā In 2013Ā  weā€™ve seen the highly-awaited release of ISO 27001:2013, the requirements for PCI DSS v3.0 and the Adobe breach which affected at least 38 million users.
Throughout it all, IT Governance has been there to serve IT professionals in America and assist them in implementing management systems, protecting their organizations and making their IT departments run more efficiently by implementing IT-GRC frameworks.
Below we have listed the top 5 IT Governance USA bestsellers fromĀ 2013:

ISO IEC 27001 2013 and ISO IEC 27002 2013
ISO 27001

Cyber Risks for Business Professionals: A Management Guide
CyberRisks

No 3 Comprehensive ISO27001 2005 ISMS Toolkit

ISMS toolkit

The True Cost of Information Security Breaches and Cyber Crime

Security Breaches

ITIL Foundation Handbook (Little ITIL) – 2011 Edition

ITIL

 

 

 

 

Related articles

Tags: Corporate governance of information technology, Information Security Management System, Information Technology Infrastructure Library, ISO 27001 2013

Jul 22 2013

Your employees arenā€™t the only threat to InfoSec and Compliance

Category: cyber security,Information SecurityDISC @ 1:18 pm
Information security

Information security (Photo credit: Wikipedia)

July 22nd, 2013 by Lewis MorganĀ 

I overheard a conversation the other day, one which left me so stunned that Iā€™ve decided to write about itā€¦.

Two men having dinner behind me (I got the impression they were both directors) were discussing the Ā£200k fine the NHS received for losing patient data. Eventually, the conversation turned into a discussion about information security as a whole. I wonā€™t go into all the details but one of them said, ā€œWe donā€™t particularly focus on cyber security, itā€™s always large organisations which are in the news about getting hacked and being a small company, weā€™re not under threatā€. It bothered me (probably more than it should have) that someone in control of an organisation has that attitude to cyber security. If an organisation of 5 employees was hacked, the same day as, letā€™s say DELL, were hacked ā€“ whoā€™d make it into the news? DELL would, why? Because itā€™s likely to be more of an interest to the readers/listeners and will have a bigger impact on the public compared to that of the smaller organisation.

I never see stories in the news of someone being hit by a bus in my local town, but it doesnā€™t mean Iā€™ll walk in front of one holding a sign saying ā€˜hit meā€™. Thatā€™s effectively what this director is doing, turning a blind eye to a large threat just because heā€™s not seen an example of a small organisation being hacked ā€“ chances are he doesnā€™t even read the publications which cover those stories.

Ignorance

Itā€™s a strong word, isnā€™t it? Personally I hate calling people ignorant, Iā€™d rather use a more constructive word such as ā€˜unawareā€™, but I feel that using the word ignorance will raise some eyebrows.

As a director of a company, your aim is to maximise revenue, minimise costs and anything in between.

You need a future for your organisation; this is usually done by investing in your marketing efforts, improving your products/services and providing the best customer service possible. But what do you do to actually secure a future? Itā€™s all good and well having a 5 year plan which seeā€™s 400% growth in revenue, but how do you make sure that your organisation will even exist in 5 years?

2 years into your plan and youā€™re hitting your targets ā€“ but youā€™ve just discovered that thereā€™s been a data breach and your customers credit card details have been sold online.

Your plans have now become redundant; they are depending on how prepared you are to handle the situation, so are your staff. The cost of recovering from a data breach for a small organisation is between Ā£35 ā€“ 65K (and thatā€™s not including fines). Can your organisation afford that? Probably not, but you could have afforded the costs which would have prevented this breach in the first place.

Letā€™s say that the breach happened because a new member of staff was unaware that they shouldnā€™t open emails in the spam folder. An email was opened, malicious software was installed and login credentials were stolen. You could have trained that member of staff on basic information security in under an hour, for Ā£45. But instead, you chose to ignore your IT Manager whoā€™s been raising spam issues at each monthly meeting but all you chose to hear is ā€œweā€™ve not been hackedā€ and ā€œinvestā€ which is enough for you to move on.

What your IT Manager is really telling you is ā€œWeā€™ve recently been receiving a large amount of emails into our spam filter, and some are getting through. I think we need to invest in a more advanced spam filter, and perhaps train some of the staff on which emails to avoid. A virus from an email could lead to a hack, itā€™s not happened yet but thereā€™s a chance it will.ā€

Forget blaming the IT Manager or the new member of staff when that breach happens, it comes down to you and your:

Inability to perceive cyber threats

Grey areas in appropriate knowledge

Naivety

Overhead cost restrictions

Refusal to listen to something you donā€™t understand

Absent mindedness

No interest in the customerā€™s best interests

Careless decisions

Eventual disaster

 

Cyber security threats are real, so why are you ignoring them?

To save money? Tell that to a judge

Introduction to Hacking & Crimeware

You donā€™t understand the threats? Read this book

 

Related articles

Tags: Computer security, data breach, Email spam, hackers, Information Security, Malware

Jun 12 2013

Why you should care about your digital privacy?

Category: Information Privacy,Information SecurityDISC @ 4:25 pm
English: Infographic on how Social Media are b...

English: Infographic on how Social Media are being used, and how everything is changed by them. (Photo credit: Wikipedia)

Surveillance Countermeasures

When we use internet browser for a web search, social media site, communication (skype), buy something from a site, we are leaving digital tracks all over the internet. Your service provider of the above services have access to this information because they are collecting Ā this treasure trove to identify and figure out what you like and donā€™t like so they can serve you appropriate ads and services accordingly. Most importantly they want to know that what you may buy or do next on the internet.

Well now we know that our government is utilizing that data as well from these providers to figure out if you may have some ties with the bad elements out there. To elaborate a bit at this point, for example, if a bad guy call you and left a message on you voice mail, you are presumed guilty by association and you and your friends may come under heavy surveillance after this incident.Ā  So far all this collection and analysis of data has been done without your knowledge and permission.

As Mark Zukerberg said that Facebook only provide information which is required by law. Well in this case the law (PRISM) wants everything without warrant. By using social media we create a treasure trove of data, which can be analyzed to figure out patterns, one may deduce what that person may do next. You may want to remember that when you post next time on a social media.

Related articles

Tags: Business, facebook, Internet Marketing, PRISM, Social media, Social network, Twitter, YouTube

Apr 12 2013

Exploding the myths surrounding ISO9000

Category: Information SecurityDISC @ 10:05 am

EspaƱol: NORMAS ISO

Exploding the myths surrounding ISO9000 (Adobe eBook)

Thousands of companies worldwide are reaping the benefits from implementing the ISO9000 Quality Management standard. However, there are many conflicting opinions about the best approach. Some companies have delayed applying the standard, or have chosen not to implement it at all. This might be because of a lack of time and resources to investigate it properly, or because of misunderstandings about the way it works. So, how do we know who and what to believe?

The secrets of successful ISO9000 implementation

In Exploding the Myths Surrounding ISO9000, Andrew W Nichols debunks many of the common misconceptions about the standard, and describes the many advantages it brings. Drawing on more than 25 years of hands-on experience, Andy gives clear, practical and up-to-date advice on how to implement ISO9000 to maximum effect. Full of real-life examples, this book will enable you to:
ā€¢ read and interpret the ISO9000 documentation in order to realize its benefits for your company
ā€¢ estimate your company’s implementation needs
ā€¢ benefit from the results of this management system as positive change is effected throughout the company and down the supplier chain
ā€¢ increase efficiencies and reduce waste
ā€¢ grow sales as you understand and meet your customers’ needs

Read this unique book and make ISO 9000 work for you.

iso9000

Related articles

Tags: International Organization for Standardization, ISO 9000, Quality management, Quality management system

Mar 28 2013

Top Five IT Governance Titles

Category: Information Security,IT GovernanceDISC @ 12:18 pm

Download one ofĀ IT Governance industry leading ebooks.Ā IT Governance source and publish titles on cyber security, compliance, project management, risk andĀ  IT service management.

Fantastic Reads… All Better Priced Than Amazon

Learn and stay ahead on your topic of choice. download an ebook today!

Running IT like a Business: A Step-by-Step Guide to Accenture's Internal IT

ISO22301 A Pocket Guide

ISO22301: A Pocket Guide is designed to help you do what is necessary to satisfy the requirements of ISO22301. With the expert advice contained in this guide, you can ensure your organisation develops a business continuity plan that is fit for purpose.

30 Key Questions that Unlock Management

30 Key Questions that Unlock Management

30 Key Questions that Unlock Management is a book that provides direct responses to real questions posed by real people in management. Each section contains practical advice and immediate steps you can take to deal with the issue at hand.
Managing Business Transformation: A Practical Guide Managing Business Transformation: A Practical Guide

Brush up on your soft skills and see the working relationships with your IT Audit clients flourish. Exploring how and why an auditor can remain trapped in an ascribed role, this book fills a gap in the market by helping the reader to avoid the traditional finger-pointing stance and instead become a convincing partner with business and technology counterparts.
Running IT like a Business: A Step-by-Step Guide to Accenture's Internal IT Running IT like a Business: A Step-by-Step Guide to Accenture’s Internal IT

Running IT like a Business will show you how your IT function can add real value to your business, taking guidance from Accenture who doubled its revenue in ten years. With clear strategies, helpful diagrams and real-life examples, this book will give you the keys to unlocking your IT functionā€™s hidden potential.

Agile SPA

Agile SAP

Understand how to bring your SAP projects in on time and within budget with the help of this guide, written by Project Management Professional and Certified ScrumMaster, Sean Robson.
Related articles

Mar 02 2013

Forward-thinking books on information security

Category: Information Security,ISO 27kDISC @ 8:01 pm

unto the breach

Forward-thinking books on information security help organisations understand current challenges in the sector

/EINPresswire.com/ Keeping up-to-date with information security issues and responding to new cybersecurity challenges can be time-consuming. However, it is essential that anyone concerned with information security, from IT professionals through to the Board members, dedicates time to learning and understanding these issues.

Last week, for example, the UKā€™s National Audit Office highlighted a severe lack of skilled cybercrime fighters in the UK. Cybercrime is costing the UK economy an estimated Ā£18-27 billion each year.

So, is there a fast route to getting up to speed with whatā€™s happening and what the modern means are to fight cybercrime?

Information security experts at IT Governance advise there is an easy way to catch up with the latest developments and fill in the knowledge gap. They recommend three essential books that can greatly improve everyoneā€™s understanding of information security, data protection and risk management, whilst providing them with enjoyable and useful reading.

Once more unto the Breach – Managing information security in an uncertain world is based on a typical year in the life of an information security manager. The book examines how the general principles can be applied to all situations and discusses the lessons learnt from a real project. The book can be purchased as softcover and eBook from >>Ā Once more unto the Breach – Managing information security in an uncertain worldĀ 

IT Governance – An International Guide to Data Security and ISO27001/ISO27002 is the definitive guide to implementing an ISO27001 compliant Information Security Management System (ISMS). Written by industry experts, Alan Calder and Steve Watkins, it contains clear guidance on all aspects of data protection and information security. Book reviewers describe it as ā€˜unparalleledā€™, a critical source when preparing and managing the ISMSā€™ and ā€˜a comprehensive guide as to actions that should be taken’. The book can be ordered online at >>Ā IT Governance – An International Guide to Data Security and ISO27001/ISO27002

Managing Information Security Breaches – Studies from real life provides a general discussion of, and a source of learning about, what information security breaches are, how they can be treated and what ISO27001 can offer in that regard, spiced with a number of real-life stories of information security incidents and breaches. This book is highly relevant and will help every team to prepare a strategic framework for handling information security breaches. Buy a softcover or eBook from >>Ā Managing Information Security Breaches – Studies from real life

 

Related articles

Feb 28 2013

Cutting edge titles for IT professionals

Category: Information SecurityDISC @ 10:37 am

IT professionals

IT Governance Publishing (ITGP) are at the forefront of sourcing and publishing cutting-edge titles in the cyber security, compliance, business continuity and IT service management sectors. ITGP top 10 cutting-edge latest titles.

 

ISO22301 A Pocket Guide

This handy pocket guide explains what the ISO22301 Business Continuity Standard is and how to start planning a Business Continuity Management System (BCM) that complies with this international standard.
Buy Today Ā»

Ten Steps to ITSM Success

This book provides guidance on implementing ITSM Best Practices in an organisation using an easy to follow ten step approach.
Buy Today Ā»

30 Key Questions that Unlock Management

A direct response to real questions posed by real people doing real jobs. Each section contains practical advice and immediate steps you can take to deal with the issue at hand.
Buy Today Ā»

The Quantum Age of IT

‘Charles has really nailed it for any executive struggling with IT strategy. How IT got here and where it’s going.’ – Randy Steinberg, Author, ITIL Service Operation, 2011 Edition, Principal ā€“ Migration Technologies.
Buy Today Ā»

Running IT Like A Business

Running IT like a Business will show you how your IT function can provide much more than products and services and add real value to your business.
Buy Today Ā»

Exploding the Myths Surrounding ISO9000 – A Practical Implementation Guide – Published 25th March

In this book management systems expert Andrew Nichols, who has over 25 years industry experience, explains in detail how to implement ISO9000 to maxium effect.
Buy Today Ā»

ITIL and Organizational Change – Published 5th March

Thousands of organisations every year adopt ITIL, however many fail to achieve significant benefits. This book examines how to avoid common pitfalls and how to clear the many hurdles that can obstruct progress.
Buy Today Ā»

Governance and Internal Controls for Cutting Edge IT – Published 5th March

Based on practical experience and real-life models, this new book covers key principles and processes for the introduction of new technologies and examines how to establish an appropriate standard of security and control.
Buy Today Ā»

ITIL Lifecycle Essentials – Published 28th March

This book doesn’t just cover the information required to pass the foundation exam, but goes beyond this in providing practical guidance for when newly qualified practitioners enter the real-world.
Buy Today Ā»

Related articles

Jan 11 2013

Why SoD should be reviewed in every assessment

Category: Information Security,Security Risk AssessmentDISC @ 2:33 pm

Similar to other controls SoD (Segragation of Duties) plays an important role in reducing certain potential risk of an organization.

SoD minimize certail risks, by deviding a task so it will take more than one individual to complete a task or a critical process. SoD control has been traditionally used in accounting to minimize risk of collusion. For separation of duties we donā€™t want to give any individual so much control that they become a security risk without proper check and balance inplace. SoD is utilized to avoid unauthorized modification of data and to make sure critical data is available when needed by authorized personals, which includes but not limited to the availability of the services.

Separation of Duties (SoD) is not only an important principle of security but SoD control A10.1.3 of ISO 27001 wants organizations to implement this control.

Possible Controls to Implement SoD:

    * Separate the IT Dept from user function, meaning user should not be able to perform its own IT duties.
    * Separate the InfoSec and IT Dept. The individual responsible for the InfoSec has unique knowledge of organization security infrastructure, basically a knowledgeable InfoSec individual will have keys to the knigdom and should be segregated from the rest of the IT department. Also InfoSec individual should not be reporting to the IT director which is not only independence issue but conflict of interest. IT Dept is responsible for the avaiability of service whereas security professional is responsible for security (adding controls) to the same service.
    * The development and testing of application should be segregated. There should be a complete segregation of App development and App testing function. Also the person who put the App into production/operation and maintain should be a different individual.
    * Operation of IT should be seprate from maintenance of IT function in different teirs, meaning avaiability of the information should be separated from support & maintenance.
    * The database admin should be segregated from other IT function. DBA individuals are very knowledgeable super user and should not have any other IT duties.
    * Last but not the least about the main Uber user the Sys Admin (router, FW, Server, DT) should have a separate account when performing regular user function. These super users should be logged and audited on regular basis.

Related reference topics on DISC InfoSec

Related reference topics on eBay

Nov 25 2012

Become Cyber Secure this Cyber Monday

Category: Information Security,ISO 27kDISC @ 9:50 pm

Ā Ā 

Ā 

Black Friday / Cyber Monday

Ā 

Tips for staying safe this Cyber Monday

Cyber Monday is a marketing term for the Monday after Black Friday, the Friday following Thanksgiving in the United States, created by companies to persuade people to shop online. The term made its debut on November 28, 2005 in a Shop.org press release entitled “‘Cyber Monday’ Quickly Becoming One of the Biggest Online Shopping Days of the Year.

Cyber Secure this Cyber Monday
Cyber Monday is the well known one day online retail sale following the American holiday of Thanksgiving. What better time to top up your Cyber Security with our ‘Become Cyber Secure this Cyber Monday’ special offers?

No 3 Comprehensive ISO27001 ISMS Toolkit – Buy before the end of November and get half a day of Live Online Consultancy Free!

Cyber Monday Security deals

Cyber Monday deals for password protected and encrypted USB drive

Shop Amazon – Cyber Monday Deals Week

Tags: CyberMonday, Online shopping

Nov 06 2012

New Tools for IT and Security professionals

Category: BCP,Information SecurityDISC @ 11:40 am

IT Governance continually striving to create, source and deliver products that can help IT and Information Security professionals in the real world. CheckĀ out their latest on Business Continuity, ITIL & ITSM and Information Security products below to help you in your current and future projects. This is a perfect time of the year to start adding some of these tools in your wish list and stay abreast in your area of expertise.

ISO22301 BCMS Implementation Toolkit
New release

Ā 

ITIL Lite: A Road Map to Full or Partial ITIL Implementation – ITIL 2011 Edition
New release

Ā 

ITIL Foundation Essentials: The exam facts you need
Published on 6th November

Ā 

Resilient Thinking: Protecting Organisations in the 21st Century
Published on 8th November

Ā 

ISO19770 SAM Process Guidance: A kick-start to your SAM programme
Published 13th November

Ā 
Ā 
Related articles

Tags: Business, business continuity, Information Security, Information Technology, Information Technology Infrastructure Library, it service management, SAM, Software asset management

Oct 11 2012

Make October YOUR Cyber Security Month

Category: cyber security,Information SecurityDISC @ 12:50 pm

Ā 

The US Government has declared this October is the National Cyber Security Awareness Month (NCSAM).

The aim of this campaign is to:
 ā€¢ Promote cyber security awareness amongst citizens and businesses
 ā€¢ Educate individuals and businesses through a series of events and initiatives
 ā€¢ Raise cyber awareness and increase the resilience of the nation in the event of a cyber incident

Cyber security is not just about protecting your critical assets, it can also help improve your internal systems and help you win new business.

Ā 

Make October YOUR Cyber Security Month with these essential reads:

Above the Clouds: Managing Risk in the World of Cloud Computing

Assessing Information Security: Strategies, Tactics, Logic and Framework

IT Governance: An International Guide to Data Security and ISO27001/ISO27002 

21st Century Chinese Cyberwarfare

CISSP All-in-One Exam Guide, 6th Edition

More than 50 InfoSec topics in books available at DISC InfoSec store

Find out more on National Cyber Security AwarenessĀ month at Homeland Security's website

DISC online store for recommended InfoSec services/products

Ā 

Ā 

Additional online safety information:

What Teens Shouldnā€™t Put in Their Social Media Profiles


Child Safety Guide: How to Keep Kids Safe When They're Home Alone


Ways to Check if Youā€™re Visiting a Safe Site


Internet Safety Tips for Seniors


How to Shop Safely Online


Things You Should Never Post Online but Probably Are


11 Photos You Should Never, Ever Post on Social Media
Ā 

Online Safety tips for kids:

Less screen, More Green: Outdoor Safety Tips for Kids

Ā 

The Parentsā€™ Guide to Teaching your Teen Online Safety
Ā 
Guide to screen addictions and responsible digital use
Ā 

Keeping Kids Safe Outdoors as the World and the Roads Reopen

Tags: Computer security, Federal government of the United States, Homeland Security, National Cyber Security Awareness Month, NCSAM, October, Security, U.S. government

Sep 21 2012

Build resilience into your management system

Category: Information Security,ISO 27kDISC @ 10:15 am

Ā 

Related BCP titles

ISO22301 and ISO27001 ā€“ The building blocks ofĀ organization management systemĀ resilience

The importance of mitigating the disruption to information technology services has been at the heart of disaster recovery and business continuity plans for many years. With the growth and dependency on IT and the increased risk of attack from outside sources (cyber-attack), the survival of all organisation will depend upon the protection of their critical information assets and building security at every layer.

The idea of cyber resilience ā€“ that an organisationā€™s IT systems and processes should be resilient against natural disaster or outside attack is a key principle underlining the best practice and compliance to the ISO22301 and ISO27001 standards.

ISO 22301:2012 (formerly BS25999) is the international standard for business continuity within organisations and defines the specification and best practice for developing and implementing a robust business continuity management system.

ISO/IEC 27001:2013 helps businesses throughout the world mitigate the risks associated with cybercrime and provides the security assurance demanded by your board, shareholders, regulators and most importantly, your customers.

Related articles




Sep 10 2012

5 Reasons Why Patch Management Is Vital To Your Information Security

Category: Information SecurityDISC @ 10:53 am

Related Patch Management titles

Patching is a critical part of systems administration. I donā€™t think anyone would argue that. But if your patching regimen consists of turning on Automatic Updates and calling it a day, or staying up until the middle of a Saturday night logging on to each server at a time to apply patches, you are missing the point. Patching is a task; patch management is how to perform that task easily, completely and in a scalable way. Patch management is vital to your information security because it is the only way to be sure you have taken care of all of the patching needs in your environment, and that you can audit and confirm that. Letā€™s look at some of the reasons why patch management is so important.

1. Patch management is about more than just operating systems
While itā€™s extremely important to ensure you have patched your operating systems, there are dozens of other applications out there that your users are running, which could be exploited by an infected attachment, a malicious script, and/or a compromised web page. Patch management applications can go beyond a Windows Update, addressing patches for operating systems, Microsoft and other third party applications, web browsers, media players and more. Patch management helps you ensure that no vulnerable apps are on your network.

2. Patch management is the most efficient way to handle both servers and workstations
You could probably manage to patch by hand all of your servers, and thereā€™s a limited number of apps running on them, but trying to patch all your workstations and all the third party apps would be an impossible task without a patch management application to assess all the systems and their software, delivering those critical updates to each and every system that needs it. 100% compliance is the surest way to avoid incidents.

3. Patch management makes testing easy
Patching involves testing, and thatā€™s why so many admins donā€™t patch regularly. They fear a patch might introduce an incompatibility, and would rather take their chances since they donā€™t have to time test. Patch management applications make it easy to push a patch to a group of systems for testing, before deploying to the rest of the network.

4. Patch management makes rollbacks easy
Sometimes, a patch needs to be rolled back, and doing that manually is out of the question. You are much more likely to deploy patches fully and on time if you can easily roll back if something turns out to be incompatible with a critical app, and a patch management application can uninstall patches from any or all systems just as easily as it can push them out.

5. Patch management makes reporting easy
One of the scariest things about relying on Automatic Updates is that you have no idea whether or not systems are actually patched, until you check them, one by one. With a patch management application, you can quickly and easily run reports to confirm that critical update for the zero day exploit really did get out to all your servers and workstations, and if one was missed, you can immediately identify and remediate it, before something bad happens.

Patch management is not a silver bullet. It wonā€™t stop users from sharing passwords and it cannot prevent an admin from leaving a default configuration in place, but what it will do is enable you to keep your workstations, servers and critical applications up-to-date, fully patched and as secure as possible from hackers looking to exploit vulnerabilities in the software. That way you can spend more time on training users and verifying configs, and less time running around trying to update Flash for the tenth time this year.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right patch management solution.

Related articles




Tags: GFI, Patch (computing), Security, Windows Update

Aug 15 2012

Staff awareness training ā€“ an essential component of ISO27001

Category: Information Security,ISO 27kDISC @ 1:53 pm

Staff awareness and training are key for effective information security management and for achieving compliance with the ISO/IEC 27001:2005 standard.

As clause 8.2.2 of ISO 27002 (the Code of Practice for Information Security Management) sets out, it is imperative that security issues are addressed at the employee level and that a firm foundation is built for an employee to understand the implications of his/her actions and be mindful of these in their daily activities.
More importantly, you need to keep evidence that you have conducted formal staff awareness training.

What better way to obtain this evidence than deploying Information Security Staff Awareness eLearning within your organization?

The software enables your own corporate e-learning management portal to automatically retain records of which staff have accomplished the course. You can easily monitor the compliance status of the organization and see hard evidence of each employeeā€™s level of understanding.

Information Security & ISO27001 Staff Awareness eLearning course offers you tangible benefits whilst enabling you to impart basic, and yet fundamental training on information security within your organization

Benefits of this eLearning include:
ā€¢ Massive financial cost savings in comparison to traditional training options
ā€¢ Minimal office disruption ā€“ staff train at their desks
ā€¢ Minimal administration ā€“ comprehensive reports available
ā€¢ Systematic evidence that training has actually been provided ā€“ underpinning disciplinary actions
ā€¢ Simple to use with relevant and informative content

Related articles




May 25 2012

10 essential books for IT Professionals

Category: Information SecurityDISC @ 11:54 am

All books are available in softcover, eBook and Kindle-compatible formats at a better price than Amazon! *

Below are 10 latest publications from IT Governance:

Ā  1)Ā Ā Ā Ā Ā  30 Key Questions that Unlock Management
by Brian Sutton and Robina Chatham
Ā  Ā  Ā 

Ā 

Ā  2)Ā Ā Ā Ā Ā  The Concise PRINCE2
by Colin Bentley
Ā  Ā  Ā 

Ā 

Ā  3)Ā Ā Ā Ā Ā  50 Top IT Project Management Challenges
by Premanand Doraiswamy and Premi Shiv
Ā  Ā  Ā 

Ā 

Ā  4)Ā Ā Ā Ā Ā  Everything you wanted to know about Business Continuity
by Tony Drewitt
Ā  Ā  Ā 

Ā 

Ā  5)Ā Ā Ā Ā Ā  Everything you wanted to know about Agile
by Jamie Lynn Cooke
Ā  Ā  Ā 

Ā 

Ā  6)Ā Ā Ā Ā Ā  Cloud Computing: Assessing the Risks
by Jared Carstensen, Bernard Golden and JP Morgenthal
Ā  Ā  Ā 

Ā 

Ā  7)Ā Ā Ā Ā Ā  The ITSM Iron Triangle: Incidents, Changes and Problems
by Daniel McLean
Ā  Ā  Ā 

Ā 

Ā  8)Ā Ā Ā Ā Ā  Managing Business Transformation: A Practical Guide
by Melanie Franklin
Ā  Ā  Ā 

Ā 

Ā  9)Ā Ā Ā Ā Ā  Running IT like a Business: Accenture’s Step-by-Step Guide
by Robert E. Kress
Ā  Ā  Ā 

Ā 

Ā  10)Ā  21st Century Chinese Cyberwarfare (Pre-order)
by Lieutenant Colonel Hagestad

Ā 
Ā 
Ā 




« Previous PageNext Page »