Oct 25 2012

Off Premises Equipment Security in ISMS

Category: Laptop SecurityDISC @ 11:22 am

Control  A 9.2.5 in annex A of ISO 27001 standard requires organization to have authorized policies and procedures in place for security of off-premises equipment and these controls should be implemented based on risk assessment of physical particular assets.  There should be a formal approval procedure before taking the equipment offsite. Approval authority will depend upon the classification of an asset and can be determined through risk assessment process for potential risk to an organization. Below are some of the ISO 27002 recommendations for taking equipments off site.

Laptop computers, mobile phones, USB flash drive should be encrypted and password  protected, especially when these equipments are carrying a classified or sensitive information and exposure of this information may significantly harm the organization. Laptop computers and flash drives should be carried in an unidentified secure laptop bags and your bag should stay in your possession at all time and never be unattended in any circumstance. Some organizations are allocating separate laptop for travel to avoid personal and corporate data exposure and placing a limit on data that can be carried on the laptop or USB drive. Some travelers are asked to backup their data on web based backup service in case they lose the equipment or it may get corrupted. Especially in case of laptop, screen saver and privacy screen are must policies to have in an organization which has a healthy group of folks on the road on a regular basis.

Awareness is a key to every successful implementation of security control. A special awareness session should be designed for off-site staff which covers the off premises security.  Completing this awareness training and risk assessment of an asset should be built in the user authorization form.

Related articles

Oct 23 2012

The Rise of Malicious Traffic on Networks and how it Infect

Category: MalwareDISC @ 4:12 pm

 

Malware logo Crystal 128.

Malware logo Crystal 128. (Photo credit: Wikipedia)

Sophisticated malicious attacks can go largely undetected by most antivirus software.  Defense in depth approach requires organizations to monitor for malicious activity, malware (bot traffic) at various levels of the network, perimeter layer, application level and subsequently at critical data level.

How an end user might become infected, the obvious scenario being possibly our less educated users who could potentially be clicking in links in email messages from senders they might not be aware of or people visiting some high-risk sites such as those offering free downloads. The second scenario which is less obvious is where a user may click a link from a known good site which may contain a link to a bad site. The most common situation here is where advertising may have been purchased and site owners may not have been able to perform the due diligence to make sure a reputable company has purchased the ad space. Finally we’ve got our third and scarier scenario where a trusted site has actually been compromised and infected with some kind of malware.

According to Symantec‘s most recent Internet Security Threat Report, Global networks faced more than 286 million cyberthreats in 2010, as attackers employed more sophisticated methods that make malware harder to detect and more difficult to remove. Furthermore, the number of Web-based attacks increased 93% in 2010, and malware writers have been turning their attention to social-networking sites such as Twitter and Facebook, where it’s estimated that 17% of links are connected to malware.

So the malicious activity is on the rise based on the Symantec report, which emphasis the point to monitor and evaluate the harmful traffic into your network.  Malicious activity monitoring also requires an effective incident handling procedures to analyze, evaluate and taking appropriate actions with malicious events at hand.  An incident handling procedures also differentiate the event from incident meaning when an event turn into an incident.

Real time malicious activity monitoring at perimeter will work nicely with ISO 27001 (ISMS) process. It will not only satisfy the auditor need for monitoring and maintaining of certain controls in the standard  but also new threats to the organization will serve as a feed to required risk assessment process which can be evaluated against relevant vulnerabilities.

Below are some of the famous malicious attacks which can be used to breach network:

 SQL injection—By analysing the URL syntax of targeted websites, hackers are able to embed instructions to upload malware that gives them remote access to the target servers.

 Exploiting system vulnerabilities in another method—In many cases, laptops, desktops, and servers do not have the latest security patches deployed, which creates a gap in the security posture. Gaps or system vulnerabilities can also be created by improper computer or security configurations. Cyber-criminals search for and exploit these weaknesses to gain access to the corporate network and confidential information.

 Targeted malware—Cybercriminals use spam, email, and instant message communications often disguised to come from known entities to direct users to websites that are compromised with malware. This section includes several different approaches that cybercriminals leverage to infect systems with malicious code.

Related articles

Tags: anti virus, facebook, Internet security, Malware, Security, Symantec

Oct 18 2012

ISO 27001 Securing offices and facilities

Category: ISO 27kDISC @ 2:56 pm
English: Physical security access control

Physical Security Titles

Control 9.1.3 of annex A requires organizations to secure perimeter to protect offices and facilities to protect information n and physical assets which have been classified as critical or within the scope of ISO 27001.

It is not just protection of computer room or telecomm room HR might need secured cabinet area and senior management may need their offices to be secured.
Physical security domain also provides guidance for protecting against external and environmental threats. Take this threat into consideration, when designing secure rooms from fire, flood, explosion and other form of human created and natural disasters. In external threats, all risks posed by neighboring premises should be considered such as but not limited to leakage of water and gases to secure areas. High security document storage area should have a comprehensive BCP and disaster recovery plan.

Following are some of the controls which ISO 27002 recommends in Physical domain:
o Key storage areas and keyed entrance areas should be sited to avoid access by unauthorized personnel’s.
o Data Processing center should give as little indication as possible of their presence.
o Faxes and photocopiers should have a separate secure zone and should be sited.
o Doors and windows should be locked when building are unattended.
o Information processing facility should be a separate zone, if managed by third party should be a separate cage or some other form of physical separation.
o Hazardous or combustible materials, particularly office stationary should not be bulk stored within the secure area
o Back-up equipment and media should not be stored with the equipment that they will back up

Related articles

Tags: Information Security Management System, ISO/IEC 27001, ISO/IEC 27002, Physical security

Oct 11 2012

Make October YOUR Cyber Security Month

Category: cyber security,Information SecurityDISC @ 12:50 pm

 

The US Government has declared this October is the National Cyber Security Awareness Month (NCSAM).

The aim of this campaign is to:
 • Promote cyber security awareness amongst citizens and businesses
 • Educate individuals and businesses through a series of events and initiatives
 • Raise cyber awareness and increase the resilience of the nation in the event of a cyber incident

Cyber security is not just about protecting your critical assets, it can also help improve your internal systems and help you win new business.

 

Make October YOUR Cyber Security Month with these essential reads:

Above the Clouds: Managing Risk in the World of Cloud Computing

Assessing Information Security: Strategies, Tactics, Logic and Framework

IT Governance: An International Guide to Data Security and ISO27001/ISO27002 

21st Century Chinese Cyberwarfare

CISSP All-in-One Exam Guide, 6th Edition

More than 50 InfoSec topics in books available at DISC InfoSec store

Find out more on National Cyber Security Awareness month at Homeland Security's website

DISC online store for recommended InfoSec services/products

 

 

Additional online safety information:

What Teens Shouldn’t Put in Their Social Media Profiles


Child Safety Guide: How to Keep Kids Safe When They're Home Alone


Ways to Check if You’re Visiting a Safe Site


Internet Safety Tips for Seniors


How to Shop Safely Online


Things You Should Never Post Online but Probably Are


11 Photos You Should Never, Ever Post on Social Media
 

Online Safety tips for kids:

Less screen, More Green: Outdoor Safety Tips for Kids

 

The Parents’ Guide to Teaching your Teen Online Safety
 
Guide to screen addictions and responsible digital use
 

Keeping Kids Safe Outdoors as the World and the Roads Reopen

Tags: Computer security, Federal government of the United States, Homeland Security, National Cyber Security Awareness Month, NCSAM, October, Security, U.S. government

Sep 21 2012

Build resilience into your management system

Category: Information Security,ISO 27kDISC @ 10:15 am

 

Related BCP titles

ISO22301 and ISO27001 – The building blocks of organization management system resilience

The importance of mitigating the disruption to information technology services has been at the heart of disaster recovery and business continuity plans for many years. With the growth and dependency on IT and the increased risk of attack from outside sources (cyber-attack), the survival of all organisation will depend upon the protection of their critical information assets and building security at every layer.

The idea of cyber resilience – that an organisation’s IT systems and processes should be resilient against natural disaster or outside attack is a key principle underlining the best practice and compliance to the ISO22301 and ISO27001 standards.

ISO 22301:2012 (formerly BS25999) is the international standard for business continuity within organisations and defines the specification and best practice for developing and implementing a robust business continuity management system.

ISO/IEC 27001:2013 helps businesses throughout the world mitigate the risks associated with cybercrime and provides the security assurance demanded by your board, shareholders, regulators and most importantly, your customers.

Related articles




Sep 18 2012

HR controls during employment and ISO 27001

Category: ISO 27kDISC @ 5:06 pm
196028_388219694546440_755335974_n

This post is the continuation of our previous post on this topic Human Resources Security and ISO 27001, where we discussed some HR misconceptions and ISO 27001 controls related to pre-employment, in this post we will address the importance of ISO 27001 controls during employment.

Control 8.2 states that the organization should make sure employees, contractors and vendors are well aware of information security controls related to HR and how these controls relate to them and more specifically what are they responsible and liable for when security threats materialized. The users who have assigned responsibilities to manage the Information Security Management System (ISMS) are aware of the threats and vulnerabilities related to their assigned controls.

Control 8.2.1 requires management to ensure that everyone in an organization if following the security policies and procedures in their area of responsibility. This control also ensures that staff are properly trained and briefed on their responsibilities before they are granted an access to classified information.

Control 8.2.2 is related to information security awareness and training, which is basically an extension of previous control. All employees who are responsible of maintaining, managing and improving of ISMS must receive appropriate awareness training. Make sure you keep the records of all these training for the auditors to verify later.

Here are the general areas which should be included in the awareness training:

  • General ISMS awareness – importance of maintain and improving ISMS
  • Asset classification and information assets within the scope
  • How to report an incident and difference between event and an incident
  • User access controls and procedures
  • Business continuity and procedures
  • Related legal compliance
  • Internal audit and certification audit schedule
Related articles




Sep 10 2012

5 Reasons Why Patch Management Is Vital To Your Information Security

Category: Information SecurityDISC @ 10:53 am

Related Patch Management titles

Patching is a critical part of systems administration. I don’t think anyone would argue that. But if your patching regimen consists of turning on Automatic Updates and calling it a day, or staying up until the middle of a Saturday night logging on to each server at a time to apply patches, you are missing the point. Patching is a task; patch management is how to perform that task easily, completely and in a scalable way. Patch management is vital to your information security because it is the only way to be sure you have taken care of all of the patching needs in your environment, and that you can audit and confirm that. Let’s look at some of the reasons why patch management is so important.

1. Patch management is about more than just operating systems
While it’s extremely important to ensure you have patched your operating systems, there are dozens of other applications out there that your users are running, which could be exploited by an infected attachment, a malicious script, and/or a compromised web page. Patch management applications can go beyond a Windows Update, addressing patches for operating systems, Microsoft and other third party applications, web browsers, media players and more. Patch management helps you ensure that no vulnerable apps are on your network.

2. Patch management is the most efficient way to handle both servers and workstations
You could probably manage to patch by hand all of your servers, and there’s a limited number of apps running on them, but trying to patch all your workstations and all the third party apps would be an impossible task without a patch management application to assess all the systems and their software, delivering those critical updates to each and every system that needs it. 100% compliance is the surest way to avoid incidents.

3. Patch management makes testing easy
Patching involves testing, and that’s why so many admins don’t patch regularly. They fear a patch might introduce an incompatibility, and would rather take their chances since they don’t have to time test. Patch management applications make it easy to push a patch to a group of systems for testing, before deploying to the rest of the network.

4. Patch management makes rollbacks easy
Sometimes, a patch needs to be rolled back, and doing that manually is out of the question. You are much more likely to deploy patches fully and on time if you can easily roll back if something turns out to be incompatible with a critical app, and a patch management application can uninstall patches from any or all systems just as easily as it can push them out.

5. Patch management makes reporting easy
One of the scariest things about relying on Automatic Updates is that you have no idea whether or not systems are actually patched, until you check them, one by one. With a patch management application, you can quickly and easily run reports to confirm that critical update for the zero day exploit really did get out to all your servers and workstations, and if one was missed, you can immediately identify and remediate it, before something bad happens.

Patch management is not a silver bullet. It won’t stop users from sharing passwords and it cannot prevent an admin from leaving a default configuration in place, but what it will do is enable you to keep your workstations, servers and critical applications up-to-date, fully patched and as secure as possible from hackers looking to exploit vulnerabilities in the software. That way you can spend more time on training users and verifying configs, and less time running around trying to update Flash for the tenth time this year.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right patch management solution.

Related articles




Tags: GFI, Patch (computing), Security, Windows Update

Sep 04 2012

Human Resources Security and ISO 27001

Category: ISO 27kDISC @ 3:19 pm
English: A candidate icon for Portal:Computer ...

 
Pre-Employment Background Investigations for Public Safety Professionals

One of the most popular misconceptions about ISO27001 is that this standard may only deal with IT related information security controls. The truth is ISO27001 covers information security controls for several different business functions of an organization including human resources.

Section 8 of ISO27001 specification in annex A is regarding human resources security. Human resources domain addresses three different stages of the employment: pre-employment, during employment and post employment. In this post we will address the importance of pre-employment controls for personnel who may manage ISMS or handle the sensitive information in an organization. Control A8.1 deals with pre-employment. The basic objective of this control is to minimize the loss of information which may occur but not limited to fraud and human mishandling. This control requires organization to document the roles, responsibilities and accountability to manage and maintain ISMS (Information Security Management System)

Control A8.1.2 requires organization to perform verification checks on permanent employees, contractors and third parties. Any screening must be carried out in accordance with the relevant local laws. This may be especially true for the international organizations which have presence around the world. Control A8.1.3 requires organization to ensure that the employees, contractors and third parties all agree and sign the employment contract that contains terms and conditions covering, their and the organization’s responsibilities for information security.

Below are the basic job verification checks which must be completed:

  1. Character reference check for at least one personal and one business reference. Take comprehensive notes for the records.
  2. Verify the accuracy of employee’s resume.
  3. Conformation of academic and professional qualifications.
  4. Passport verification for identity check
  5. Verify that an individual has an authorization to work in the country

Bear in mind the personnel vetting process may vary for government jobs or for the personnel handling highly classified material/data.

Related articles




Tags: Human resources, Information Security Management System, iso 27001, ISO/IEC 27001

Aug 22 2012

5 reasons why vsRisk v1.6 is the definitive risk assessment tool

Category: ISO 27k,Security Risk AssessmentDISC @ 12:36 pm

by Melanie Watson

It is extremely difficult to carry out a risk assessment that will meet the requirements of ISO27001 without using a specialist information security risk assessment tool. While there are a wide range of products on the market that claim to meet these requirements, the reality is that there are very few.

There’s just one risk assessment tool that IT Governance recommends; the vsRisk™ v1.6 – the Cybersecurity Risk Assessment Tool.

It’s so straightforward, and so quick to use, it can save you a significant amount of the budget you might otherwise spend on consultancy advice at this stage of the project.

5 reasons why vsRisk is the definitive risk assessment tool:

  • This tool automates and delivers an ISO/IEC 27001-compliant risk assessment
  • Can uniquely assess confidentiality, integrity & availability (CIA) for each of business, legal and contractual aspects of information assets – as required by ISO27001
  • Gives comprehensive best-practice alignment
  • It’s easy and straight-forward to use
  • Cost-effective route to assessing risks within your business

Download the definite risk assessment tool >>

Related articles




Tags: Information Security Management System, iso 27001, Risk Assessment

Aug 15 2012

Staff awareness training – an essential component of ISO27001

Category: Information Security,ISO 27kDISC @ 1:53 pm

Staff awareness and training are key for effective information security management and for achieving compliance with the ISO/IEC 27001:2005 standard.

As clause 8.2.2 of ISO 27002 (the Code of Practice for Information Security Management) sets out, it is imperative that security issues are addressed at the employee level and that a firm foundation is built for an employee to understand the implications of his/her actions and be mindful of these in their daily activities.
More importantly, you need to keep evidence that you have conducted formal staff awareness training.

What better way to obtain this evidence than deploying Information Security Staff Awareness eLearning within your organization?

The software enables your own corporate e-learning management portal to automatically retain records of which staff have accomplished the course. You can easily monitor the compliance status of the organization and see hard evidence of each employee’s level of understanding.

Information Security & ISO27001 Staff Awareness eLearning course offers you tangible benefits whilst enabling you to impart basic, and yet fundamental training on information security within your organization

Benefits of this eLearning include:
• Massive financial cost savings in comparison to traditional training options
• Minimal office disruption – staff train at their desks
• Minimal administration – comprehensive reports available
• Systematic evidence that training has actually been provided – underpinning disciplinary actions
• Simple to use with relevant and informative content

Related articles




Aug 11 2012

ISO 27001 Information Security Incident Management

Category: ISO 27k,Security IncidentDISC @ 10:37 pm

English: ISMS activities and their relationshi...

English: ISMS activities and their relationship with Risk Management (Photo credit: Wikipedia)

Section 13 of Annex A handle information security incident management. One of the important thing to know about this section is the difference between an event and an incident.

Information Securty Event: is an occurance of a system, service or netwrok state indicating a possible breach of information security policy or failure of safeguards.

Informtaion Security Incident: is indicated by a single or series of unwanted information security events that have a significant probability of compromising business operations.

IT Governance: An International Guide to Data Security and ISO27001/ISO27002

This video covers Section A.13 of ISO 27001. This refers to the reporting of information security events and weaknesses and the management of information security.

Related articles




Tags: Information Security, Information Security Management System, ISO 27001 Lead Implementer, ISO/IEC 27001, Policy

Jul 30 2012

Six main benefits of Information Security Management System

Category: ISO 27kDISC @ 3:11 pm

 

Information Security Wordle: RFC2196 - Site Se...

Information Security Wordle: RFC2196 - Site Security Handbook (Photo credit: purpleslog)

 

1. Business managers of the organizations will make informed decisions regarding potential risk and should be able demonstrate compliance with standards and regulations such as SOX, GLBA, HIPAA, DPA to their critical information on regular basis.

2. An ISMS is a defensive mechanism to any APT (advanced persistent threat) to minimize the impact from these external threats of various cybercrime.

3. Informed information security decisions will be made based on risk assessment to implement technical, management, administrative and operational controls, which is the most cost effective way of reducing risk. Highest priority risks are tackled first to attain best ROI in information security.

4. Information security is not an IT responsibility; In general everybody in an organization is responsible for protecting information assets and more specifically business manager. The business manager may delegate their responsibility.

5. Organization will improve credibility and trust among internal stakeholder and external vendors. The credibility and trust are the key factors to win a business.

6. ISMS raises awareness throughout the business for information security risks, involve all employees throughout an organization and therefore lower the overall risk to the organization.

Related articles




Jul 11 2012

Comprehensive business continuity guide

Category: BCPDISC @ 3:01 pm

IT Governance Publishing, the specialist publishing arm of IT Governance, has launched its latest book on business continuity and disaster recovery planning Everything you want to know about Business Continuity

The book focuses particularly on the new ISO/IEC 22301:2012 standard and provides practical guidance on how to implement best practice business continuity management within your organisation.

Everything you want to know about Business Continuity will show you how business continuity management can help your organisation to:

    * Carry out realistic risk identification and assessment and focus on assets which need BCP
    * Put in place a cost-effective, ‘fit-for-purpose’ business continuity plan to be more competitive
    * Enjoy greater customer loyalty and return on investment
    * Conform to the legal requirements in terms of accountability, compliance, risk awareness
    * Return to ‘business as usual’ as quickly as possible after an unforeseen incident.

The author, Tony Drewitt, held a number of technical, commercial and senior management positions before becoming a full-time management consultant 10 years ago. He was one of the first consultants in the UK to achieve full certification under BS25999-2 and has been a practising business continuity consultant, trainer and technical expert since 2001.




Jul 03 2012

Information Security Awareness

Category: Security AwarenessDISC @ 2:06 pm

Managing an Information Security and Privacy Awareness and Training Program




Jun 27 2012

Download the full version of the ITIL and/or ISO27001 toolkit today!

Category: ISO 27kDISC @ 2:01 pm

Over the past several months IT Governance has been telling us about two of their most popular toolkits – the ITSM, ITIL and ISO20000 Implementation toolkit and the Standalone ISO27001 ISMS Documentation Toolkit.

You may have already downloaded free demo versions of these toolkits, in which case now is the perfect time to download the full version.

ITSM, ITIL® & ISO/IEC 20000 Implementation Toolkit
This toolkit is a collection of documents (policies, procedures and work templates) that will make IT Service Management easier to implement and improve.

Buy the full version here >>

Standalone ISO27001 ISMS Documentation Toolkit
The toolkit is a collection of documents (policies, procedures and work templates) that will ensure your Information Security Management System (ISMS) paperwork is in line with the requirements of ISO27001.

Buy the full version here >>




Tags: iso20000, ISO27001, ITIL

Jun 19 2012

Achieve Best Practice & Win New Business with International IT Standards

Category: cyber security,ISO 27kDISC @ 3:38 pm

International IT Standards help organizations achieve best practice systems and management of their IT processes. Certification against standards can help organizations protect their critical assets, rebuff cyber attacks, help win new business and achieve compliance against regulatory requirements.

ISO27001: Cyber Security Standard (Cheapest price on the web)
ISO27001 helps businesses create a best in class Information Security Management System (ISMS), safeguarding its information assets, protecting its reputation
.
ISO22301: Business Continuity Standard (Published last Month)
ISO22301 sets out the requirements for a Business Continuity Management System (BCMS) and helps organizations ensure they are prepared should an disruptive incident occur, and more importantly, continue trading and return to business as usual as quickly as possible

ISO20000: IT Service Management Standard (Best Seller)
ISO20000 enables IT organizations (whether in-house, outsourced or external) to ensure that their IT service management processes are aligned. This standard specifies the requirements for an service management system (SMS). This standard will help you develop, implement, establish an SMS.




Tags: BCMS, isms, iso 27001, iso20000, ISO22301, SMS

Jun 04 2012

Learn how to tackle the Flame

Category: cyber security,CybercrimeDISC @ 9:25 pm

A vicious piece of malware (known as Flame) was uncovered this week and is believed to have infected over 600 targets, be 20 times larger than Stuxnet and to have been backed by state sponsorship.
Realize the underground economy of hacking and crimeware with this handy pocket guide. It will provide you with a valuable list of up-to-date, authoritative sources of information, so you can stay abreast of new developments and safeguard your business.

An Introduction to Hacking & Crimeware: A Pocket Guide (eBook)

Know your enemy: An Introduction to Hacking & Crimeware is a comprehensive guide to the most recent and the more serious threats. Knowing about these threats will help you understand how to ensure that your computer systems are protected and that your business is safe, enabling you to focus on your core activities.

Fighting back
In this pocket guide, the author:

• defines exactly what crimeware is – both intentional and unintentional – and gives specific, up-to-date examples to help you identify the risks and protect your business
• explores the increasing use of COTS tools as hacking tools, exposing the enemy’s tactics gives practical suggestions as to how you can fight back
• provides a valuable list of up-to-date, authoritative sources of information, so you can stay abreast of new developments and safeguard your business.




May 27 2012

Social Engineering: An essential book and must have competency

Category: social engineeringDISC @ 11:11 pm

Chris Hadnagy has a website on the topic of Social Engineering and assisted in developing Social Engineering Toolkit (SET). This topic and knowledge apply to every person who keep sensitive information and organization who want to protect private information leakage into public domain via people. If you are interested in knowing the art of social engineering, this is an outstanding book.

Hadnagy recommends tools to store information you obtain during target investigation. He covers Google hacks in this book and mentioned Johnny Long as a source. He covers pretexting (disguise) or “creating an invented scenario to persuade a target victim to release information or perform some action.” He provides preparation tools for social engineer for the situation at hand and also warns you about legality if you are crossing the line. There is an important section on “Building Instant Rapport” which is an essential read. Hadnagy describe the powers of persuasion to take over the target and provides eight tactics for influencing people.

Social Engineering: The Art of Human Hacking“, by Chris Hadnagy is a must have book.”

Discover the secrets of expert con men and human hackers

No matter how sophisticated your security equipment and procedures may be, their most easily exploitable aspect is, and has always been, the human infrastructure. The skilled, malicious social engineer is a weapon, nearly impossible to defend against.

This book covers, in detail, the world’s first framework for social engineering. It defines, explains, and dissects each principle, then illustrates it with true stories and case studies from masters such as Kevin Mitnick, renowned author of The Art of Deception. You will discover just what it takes to excel as a social engineer. Then you will know your enemy.

  • Tour the Dark World of Social Engineering

    Learn the psychological principles employed by social engineers and how they’re used

    Discover persuasion secrets that social engineers know well

    See how the crafty crook takes advantage of cameras, GPS devices, and caller ID

    Find out what information is, unbelievably, available online

    Study real-world social engineering exploits step by step

    • Get your copy today Social Engineering: The Art of Human Hacking




    May 25 2012

    10 essential books for IT Professionals

    Category: Information SecurityDISC @ 11:54 am

    All books are available in softcover, eBook and Kindle-compatible formats at a better price than Amazon! *

    Below are 10 latest publications from IT Governance:

      1)      30 Key Questions that Unlock Management
    by Brian Sutton and Robina Chatham
         

     

      2)      The Concise PRINCE2
    by Colin Bentley
         

     

      3)      50 Top IT Project Management Challenges
    by Premanand Doraiswamy and Premi Shiv
         

     

      4)      Everything you wanted to know about Business Continuity
    by Tony Drewitt
         

     

      5)      Everything you wanted to know about Agile
    by Jamie Lynn Cooke
         

     

      6)      Cloud Computing: Assessing the Risks
    by Jared Carstensen, Bernard Golden and JP Morgenthal
         

     

      7)      The ITSM Iron Triangle: Incidents, Changes and Problems
    by Daniel McLean
         

     

      8)      Managing Business Transformation: A Practical Guide
    by Melanie Franklin
         

     

      9)      Running IT like a Business: Accenture’s Step-by-Step Guide
    by Robert E. Kress
         

     

      10)  21st Century Chinese Cyberwarfare (Pre-order)
    by Lieutenant Colonel Hagestad

     
     
     




    May 21 2012

    Organisations can achieve ISO9001 QMS certification quicker with a bespoke toolkit

    Category: Information SecurityDISC @ 1:40 pm

    Check out the ITG site for details

    Ely, England, 21 May 2011 – IT Governance Ltd, the global leader in management system standards, information, books and tools, is advising organisations that the quicker they implement the Quality Management System standard ISO9001, the bigger their chances are to attract new customers in the current economic conditions.

    Vendors who have been asked by their clients to implement the ISO9001 standard can now achieve this quickly and effectively by using the ISO9001 QMS Quality Management System Documentation Toolkit. It contains over 60 separate documents that will help organisations accelerate the development and implementation of an ISO9001 quality management system. The toolkit can be downloaded immediately here: QMS-ISO9001 Toolkit

    ISO9001 is the best practice specification that helps businesses and organisations throughout the world to develop a best-in-class Quality Management System (QMS). According to BusinessLink UK Government more than 1 million organisations are currently certified against ISO9001. The advantages to businesses from implementing ISO9001 include:

    •greater efficiency and less waste
    •consistent control of major business processes, through key processes lists
    •regulation of successful working practices
    •risk management
    •increased customer satisfaction
    •greater consistency in the quality of products and services through better control of processes
    •differentiation of your business from its competitors
    •increased profits

    The ISO9001 QMS Toolkit, developed by IT Governance, contains a quality management manual, and a full set of policies and procedures, in addition to the necessary forms, records and work instructions to underpin those policies and procedures. It is the complete toolkit for implementing an ISO9001 quality management system.

    ISO9001 in Plain English




    Tags: iso 9001, QMS

    « Previous PageNext Page »