CISO’s personal library on managing risk for their organization.
Sep 14 2018
Jun 19 2015
RESILIA™ Cyber Resilience Best Practices
RESILIA™ Cyber Resilience Best Practices is aimed at anyone that is responsible for staff or processes that contribute to the cyber resilience of the organization.
The methodology outlined in this manual has been designed to complement existing policies and frameworks, helping create a benchmark for cyber resilience knowledge and skills.
Nov 05 2013
 ISO27001: 2013 – order your copy today >>>
When can we become certified to ISO/IEC 27001:2013?
by Lewis Morgan @ ITG
At this moment in time, we can only provide an estimate which is based on the insight provided by Chair of the UK ISO/IEC 27001 User Group and Director of consultancy at IT Governance Ltd, Steve Watkins. Considering Steve’s position, we believe his estimates to be the best guidelines an organization can follow.
The following is directly taken from the ISO27001:2013 Transition Webinar by Steve Watkins
“It’s likely that as of 1st January 2014, certification bodies will be able to start the transition to the 2013 version of ISO27001 standard. If that is indeed the case, it’s likely to be that as of 30th September, no new ISO27001:2005 certificates can be issued. This means that by the end of September 2016 all ISO27001:2005 certificates should have transitioned to the 2013 version of the standard”
The image below further illustrates what Steve discussed on the webinar, including his suggestions in terms of what organizations should do next.
May 20 2013
IT Governance 5: An International Guide to Data Security and ISO27001/ISO27002
This manual provides clear, unique guidance for both technical and non-technical managers. It details how to design, implement and deliver an ISMS that complies with ISO 27001.
Now in its fifth edition, this title has been fully updated to take account of the latest regulatory and technological developments, and the International Board for IT Governance Qualifications
Jan 31 2013
Industry Update
It has been announced that new Drafts of the two international information security standards ISO27001 (ISMS Requirements) and ISO27002 (Code of Practice) have been published.
These Drafts have been published for the purpose of public consultation. As these are international standards, the consultation process operates internationally, via national standards bodies.
Anyone can comment on the proposed standard and all the comments will then be assembled and reviewed by the committee. The public consultation period closes on 23 March 2013.
To help you understand the proposed changes and implications of these new draft standards we have created an information page.
Click here to read in full about the ISO27001/ISO27002: 2013 Draft Standards
You can also purchase your own copies of the draft standards here:
We will keep you updated with the progress of these standards. Once the new standards are officially published, the existing standards will be withdrawn, however there will be a transition timetable that enables organisations to move from the existing standard to the new one.
Click here to read in full about the ISO27001/ISO27002: 2013 Draft Standards
Jan 11 2010
Security Metrics: Replacing Fear, Uncertainty, and Doubt
The long awaited international standard on Information Security Measurement, ISO/IEC27004:2009, is now available.
It’s a must have –
To Download a copy of ISO27004 – Information Security Metrics
Key Features and Benefits:
• Provides guidance on the development, implementation use of metrics to measure the effectiveness of an ISO 27001-compliant ISMS, controls or groups of controls. Helping you to quantify the payback to your organisation of implementing an ISMS.
• Covers not just the development, implementation and use of metrics, but also the communication of the results. Helping you to ensure management buy-in for future projects.
• The use of this standard provides opportunities to identify areas in need of improvement, facilitating continual improvement. Thus leading more secure information, cost savings and increases in efficiency.
If you have not claibrated the model with measurement, only one thing is certain: You will either overspend or under-protect.
Get your copy today >>
To Download a copy of ISO27004 – Information Security Metrics